About IU's research systems and services and HIPAA compliance
Many of the systems and services offered by UITS Research Technologies (RT) are HIPAA-aligned. (The term "HIPAA-aligned" is used rather than "HIPAA-compliant", since only federal agencies can be formally certified as compliant.) HIPAA-aligned RT services include:
- Data Storage
- Scholarly Data Archive (SDA)
- Research File System (RFS)
- Supercomputers
- Big Red
- Quarry
- Research Databases
- Research Database Complex (RDC)
- Research Oracle/MySQL Database Service
- Data Visualization
- Advanced Visualization Lab
IU's HIPAA alignment process involved an eighteen-month effort in 2007 and 2008, wherein IT security management was made compatible with security best practices standards (specifically NIST 800-53) as recommended by US Department of Health and Human Services, which oversees the HIPAA regulation.
The HIPAA alignment process included:
- Formal security gap and risk analyses by a qualified, external third party
- Filling of security gaps
- Massive documentation of policies and procedures
- Creation and implementation of an ongoing risk management plan
- Semi-annual security reviews
The entire process was overseen by a committee representing the Office of Research Administration (Compliance), IUSM faculty and administration, and the IUSM CIO. The Office of Research Administration has provided a formal memorandum of their confidence in IU's ability to protect data for research projects that involve ePHI (electronic protected health information).
Last modified on January 10, 2011.
