About IU's research cyberinfrastructure and HIPAA alignment
At Indiana University, many of the systems and services provided by the Research Technologies division of UITS are managed using standards-based data security practices that make it possible (with proper precautions) for researchers to handle and store electronic protected health information (ePHI) and other sensitive data regulated by the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. These systems and services are designated "HIPAA-aligned" and not "HIPAA-compliant", because the latter term is an official designation applicable only to certified US federal agencies.
IU's HIPAA alignment is based on IT management processes compatible with security best practices standards, specifically National Institute of Standards and Technology (NIST) Special Publication 800-53, as recommended by US Department of Health and Human Services, which oversees HIPAA regulation. IU's HIPAA alignment process involved an eighteen-month effort in 2007 and 2008, overseen by a committee representing the IU Office of Research Administration (Compliance) and the IU School of Medicine (IUSM). The Office of Research Administration provided a formal memorandum expressing its confidence in IU's ability to protect data for research projects involving ePHI.
Last modified on November 12, 2013.