About IU's research systems and services and HIPAA alignment
Many of the systems and services offered at Indiana University by UITS Research Technologies (RT) are designated HIPAA-aligned, because the underlying cyberinfrastructure follows standards-based data security practices, as required by the HIPAA Security Rule. IU research systems are described as "HIPAA-aligned" and not "HIPAA-compliant", because the latter term is an official designation applicable only to certified US federal agencies.
Note: At IU, any software (including operating systems) or services you deploy and administer using RT cyberinfrastructure are not automatically HIPAA-aligned. See What are my responsibilities when using the Advanced Biomedical IT Core's HIPAA-aligned services?
IU's HIPAA alignment is based on IT management processes compatible with security best practices standards, specifically National Institute of Standards and Technology (NIST) Special Publication 800-53, as recommended by US Department of Health and Human Services, which oversees HIPAA regulation.
IU's HIPAA-aligned RT services include:
- Data Storage
- Scholarly Data Archive (SDA)
- Research File System (RFS)
- Big Red
- Research Databases
- Research Database Complex (RDC)
- Research Oracle/MySQL Database Service
- Data Visualization
- Advanced Visualization Lab
IU's original HIPAA alignment process involved an eighteen-month effort in 2007 and 2008, overseen by a committee representing the Office of Research Administration (Compliance), and IU School of Medicine (IUSM) faculty and administration, and the IUSM chief information officer (CIO). The process included:
- Formal security gap and risk analyses by a qualified, external
- Filling security gaps
- Documentation of policies and procedures
- Creation and implementation of an ongoing risk management plan, including semi-annual security reviews
The Office of Research Administration provided a formal memorandum expressing its confidence in IU's ability to protect data for research projects involving ePHI (electronic protected health information).
Last modified on July 02, 2012.