Frequently Asked Questions

What if I am having trouble determining what ePHI is?

You should contact the University or Healthcare Privacy Officers by emailing or and ask for help

I have a new system or application that needs to be HIPAA Compliant, what next?

You should first contact the HIPAA Working Group Member designated to your organization which can be found by going to HIPAA Contacts or you can email and we will take care of you

How can I prevent myself from having to do HIPAA Risk Assessments?

There are two main ways:

  1. De-identify the data. This means that you have gone through procedures to remove all identifiers from the protected health information.
  2. Stop storing unnecessary ePHI on your workstation or server. Many times this information is really not needed. Why not try storing this data on a secure remote location.