To report an incident, complete the HIPAA Incident Reporting Form or contact the HIPAA Privacy Officer.
Privacy Office
51ÉçÇø is dedicated to protecting the privacy of personal information to foster trust and support excellence in teaching, research, outreach and an innovative workplace. The Privacy Office plays a crucial role in guiding responsible data practices, empowering students, faculty and staff to pursue bold goals in alignment with the OHIO Mission, Vision, Values and Dynamic Strategy.
Our privacy practices are guided by these principles:
- Respect and Dignity
- Transparency
- Purpose Specification and Use Limitation
- Data Minimization and Anonymization
- Data Quality
- Disclosure Limitation
- Security
- Retention Limitation
- Accountability
These privacy principles reinforce 51ÉçÇø’s culture of trust and integrity, providing a foundation for innovation and collaboration across our community. Explore our Privacy Protection Policy, Website Privacy Statement and other privacy standards on this site.
For questions or to discuss privacy, contact privacy@ohio.edu.
Incident Reporting
In the event you feel there has been an incident involving the unauthorized use or disclosure of Protected Health Information, there are two options for reporting the incident:
-
1) Complete Incident Form or Contact HIPAA Privacy Officer
-
2) Contact Alternate Support Offices
If you cannot reach the HIPAA Privacy Officer, you may also contact the Information Security Office or the Office of Legal Affairs. You will be expected to provide a description of events so that the suspected incident can then be appropriately investigated.
HIPAA
Per University Policy 03.001, 51ÉçÇø strives to protect the confidentiality, integrity, and availability of protected health information (PHI) by taking reasonable and appropriate steps to address the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
What is HIPAA?
HIPAA regulates covered entities — health plans, health care clearinghouses and health care providers who transmit any health information in electronic form in connection with a covered transaction.
HIPAA also requires that each covered entity maintains reasonable and appropriate administrative, technical and physical safeguards for privacy and security. Entities or individuals who contract to perform services for a covered entity with access to PHI (referred to as "business associates") must also comply with HIPAA privacy and security standards.
For information on HIPAA Security at 51ÉçÇø, visit the Office of Information Security website.
HIPAA Privacy Officer Responsibilities and Duties
Responsibilities
The responsibilities of the University HIPAA Privacy Officer are to:
- Oversee all HIPAA-related compliance activities, including the development, implementation and maintenance of appropriate privacy and security related policies and procedures:
- Conduct various risk analyses, as needed or required;
- Manage breach notification investigations, determinations, and responses, including breach notifications;
- Develop or obtain appropriate privacy and security training for all workforce members, as appropriate; and
- Appoint a Privacy Officer designee for each covered department/unit as appropriate.
Duties
Other potential duties of the HIPAA Privacy Officer include:
- Ensuring compliance with privacy practices
- Maintaining an accurate inventory of individuals accessing confidential information
- Administering patient requests under HIPAA’s Patient Rights
- Facilitating the privacy complaint process
- Cooperating with entities performing investigations
- Collaborate with technical personal to protect confidential information
- Develop policies and procedures mandated by HIPAA
- Develop additional relevant policies governing confidential data
- Draft and disseminate the Notice of Privacy Practices
- Develop consent and authorization forms
- Contract review to ensure HIPAA compliance by third parties
- Ensure university initiatives are structured to ensure patient privacy
- Conduct periodic privacy audits
- Remain up-to-date on laws, rules and regulations regarding data privacy
- Anticipate patient or consumer concerns about OHIO’s use of confidential information and develop process and procedures around responses to such concerns
- Evaluate privacy implications of online, web-based applications
- Monitor data collected by or posted on OHIO’s website(s) for privacy concerns
- Serve as a liaison to groups and agencies on all matters relating to OHIO’s privacy practices.
-
HIPAA Standards
To meet HIPAA compliance, 51ÉçÇø maintains multiple HIPAA Privacy Standards & Procedures specific to the University as well as general HIPAA standards. To learn more and review specific standards and procedures, visit the HIPAA Standards webpage.
-
Privacy Resources and Training Requests
51ÉçÇø offers various resources and training to ensure faculty, staff and students have the tools they need to comply with HIPAA Privacy Standards and Procedures.