Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

About IU's research cyberinfrastructure and HIPAA alignment

At Indiana University, many of the systems and services provided by the Research Technologies division of UITS are managed using standards-based data security practices that make it possible (with proper precautions) for researchers to handle and store electronic protected health information (ePHI) and other sensitive data regulated by the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. These systems and services are designated "HIPAA-aligned" and not "HIPAA-compliant", because the latter term is an official designation applicable only to certified US federal agencies.

IU's HIPAA alignment is based on IT management processes compatible with security best practices standards, specifically National Institute of Standards and Technology (NIST) Special Publication 800-53, as recommended by US Department of Health and Human Services, which oversees HIPAA regulation. IU's HIPAA alignment process involved an eighteen-month effort in 2007 and 2008, overseen by a committee representing the IU Office of Research Administration (Compliance) and the IU School of Medicine (IUSM). The Office of Research Administration provided a formal memorandum expressing its confidence in IU's ability to protect data for research projects involving ePHI.

Important: Although UITS HIPAA-aligned resources are managed using standards meeting or exceeding those established for managing institutional data at IU, and are approved by the IU Office of the Vice President and General Counsel (OVPGC) for storing research-related ePHI, they are not recognized by the IU Committee of Data Stewards as appropriate for storing other types of institutional data classified as "Critical" that are not ePHI research data. To determine which services are appropriate for storing sensitive institutional data, including ePHI research data, see Comparing supported data classifications, features, costs, and other specifications of file storage solutions and services with storage components available at IU.

The UITS Advanced Biomedical IT Core (ABITC) provides consulting and online help for Indiana University researchers who need help securely processing, storing, and sharing ePHI research data. If you need help or have questions about managing HIPAA-regulated data at IU, contact the ABITC. For additional details about HIPAA compliance at IU, see HIPAA & ABITC and the Office of Vice President and General Counsel (OVPGC) HIPAA Privacy & Security page.

For more, see:

This is document ayzg in domain all.
Last modified on April 09, 2014.

I need help with a computing problem

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.



Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

I have a comment for the Knowledge Base

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.