Skip to main content

WVU Institutional Information Security and HIPAA Policies


Information Privacy and Protection Policies

WVU

WVU HSC

WVU HSC Information Technology Services provides additional institutional information security and privacy policies for the departments and colleges that are considered a part of the WVU Health Sciences Center.

HIPAA & Protected Health Information (PHI)

Review the WVU Health Care Components and Business Associates list (PDF) to determine if your department meets the definition of a Covered Entity or if your department performs Covered Functions. Departments on the list must fully comply with federal HIPAA privacy and security rules and applicable institutional HIPAA policies. Departments not on the list must comply with applicable institutional information security and privacy policies according to the type of data used for the research project. 

The HIPAA Privacy Rule Definitions and Requirements

Personally Identifiable Information (PII) 

Research projects using student data, should review the WVU FERPA policy to determine applicability. 

Research projects using PII should review the WVU Information Privacy Policy, the Sensitive Data Policy and the Sensitive Data Protection Standard to determine applicability.