Skip to content

HIPAA Information

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 necessitated updating and standardizing our privacy and security practices to comply with the federal regulations. The HIPAA Privacy Rule came into effect in 2003 and the Security Rule came into effect in 2005. The Combined Rule came into effect in 2013 and implemented a number of provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act to strengthen the privacy and security protections for health information established under HIPAA. 

The Privacy Rule regulates the use and disclosure of certain information held by "Covered Entities" and establishes regulations for the use and disclosure of Protected Health Information (PHI). While the Privacy Rule pertains to all PHI including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI). The general Security Rule is defined by three types of security safeguards required for compliance: administrative, physical, and technical.

The University of Tennessee Health Science Center campuses and clinics comprise the health care component (Covered Entity) of the University of Tennessee under HIPAA. To comply with the Act we have a Privacy Officer and a Security Officer to be responsible for our compliance efforts regarding the Privacy Rule and Security Rule, respectively.

Last Published: Mar 12, 2021