WVU Institutional Information Security and HIPAA Policies | Office of Human Research Protections

Information Privacy and Protection Policies

WVU HIPAA Hybrid Entity Designation 7/1/19
WVU HIPAA Safeguards
WVU Information Privacy Policy
WVU Sensitive Data Policy
WVU Sensitive Data Protection Standard
WVU FERPA Policy
WVU Social Security Number Protection Policy

HIPAA & Protected Health Information (PHI)

Review the WVU Health Care Components and Business Associates in the WVU HIPAA Hybrid Entity Designation Exhibit A to determine if your department meets the definition of a Covered Entity or if your department performs Covered Functions. Departments on the list must fully comply with federal HIPAA privacy and security rules and applicable institutional HIPAA policies. Departments not on the list must comply with applicable institutional information security and privacy policies according to the type of data used for the research project.

The HIPAA Privacy Rule Definitions and Requirements

Personally Identifiable Information (PII)

Research projects using student data, should review the WVU FERPA policy to determine applicability.

Research projects using PII should review the WVU Information Privacy Policy, the Sensitive Data Policy and the Sensitive Data Protection Standard to determine applicability.