Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

About IU's research systems and services and HIPAA alignment

Many of the systems and services offered at Indiana University by UITS Research Technologies (RT) are designated HIPAA-aligned, because the underlying cyberinfrastructure follows standards-based data security practices, as required by the HIPAA Security Rule. IU research systems are described as "HIPAA-aligned" and not "HIPAA-compliant", because the latter term is an official designation applicable only to certified US federal agencies.

Note: At IU, any software (including operating systems) or services you deploy and administer using RT cyberinfrastructure are not automatically HIPAA-aligned. See What are my responsibilities when using the Advanced Biomedical IT Core's HIPAA-aligned services?

IU's HIPAA alignment is based on IT management processes compatible with security best practices standards, specifically National Institute of Standards and Technology (NIST) Special Publication 800-53, as recommended by US Department of Health and Human Services, which oversees HIPAA regulation.

IU's HIPAA-aligned RT services include:

Data Storage
Scholarly Data Archive (SDA)
Research File System (RFS)

Supercomputers
Big Red
Quarry

Research Databases
Research Database Complex (RDC)
Research Oracle/MySQL Database Service

Data Visualization
Advanced Visualization Lab

IU's original HIPAA alignment process involved an eighteen-month effort in 2007 and 2008, overseen by a committee representing the Office of Research Administration (Compliance), and IU School of Medicine (IUSM) faculty and administration, and the IUSM chief information officer (CIO). The process included:

  • Formal security gap and risk analyses by a qualified, external third party

  • Filling security gaps

  • Documentation of policies and procedures

  • Creation and implementation of an ongoing risk management plan, including semi-annual security reviews

The Office of Research Administration provided a formal memorandum expressing its confidence in IU's ability to protect data for research projects involving ePHI (electronic protected health information).

This is document ayzg in domain all.
Last modified on July 02, 2012.

I need help with a computing problem

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.



Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

I have a comment for the Knowledge Base

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.