HIPAA Security Rule Overview
The HIPAA Security Rule, which went into effect as of April 21, 2005, requires covered entities like USC to have in place administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of all identifiable health information maintained in electronic form.
This includes any information relating to: (1) an individual’s past, present or future physical or mental health or condition; (2) the provision of health care to an individual; or (3) payment for the provision of health care to an individual.
Policies and Procedures
USC has a variety of policies and procedures that require university employees to protect electronic information, including protected health information maintained in electronic form.
USC Information Security Policy
USC Network Infrastructure Use policy
ePHI Minimum Security Standards Policy
HIPAA Self Assessment
Request for Access to USC Health Information
USC Business Associate Agreement
External Resources
These links provide additional resources to assist in meeting the HIPAA security regulation requirements: