Information Privacy and Protection Policies
WVU
- WVU HIPAA Hybrid Entity Designation 7/1/19
- WVU HIPAA Health Care Components and Business Associates (PDF)
- WVU HIPAA Safeguards
- WVU Information Privacy Policy
- WVU Sensitive Data Policy
- WVU Sensitive Data Protection Standard
- WVU FERPA Policy
- WVU Social Security Number Protection Policy
WVU HSC
WVU HSC Information Technology Services provides additional institutional information security and privacy policies for the departments and colleges that are considered a part of the WVU Health Sciences Center.
- WVU HSC Standards, Policies, Procedures and Interim HIPAA Policy 3/19/18
- WVU HSC HIPAA Policy and Procedure 10/8/2019
HIPAA & Protected Health Information (PHI)
Review the WVU Health Care Components and Business Associates list (PDF) to determine if your department meets the definition of a Covered Entity or if your department performs Covered Functions. Departments on the list must fully comply with federal HIPAA privacy and security rules and applicable institutional HIPAA policies. Departments not on the list must comply with applicable institutional information security and privacy policies according to the type of data used for the research project.
The HIPAA Privacy Rule Definitions and Requirements
Personally Identifiable Information (PII)
Research projects using student data, should review the WVU FERPA policy to determine applicability.
Research projects using PII should review the WVU Information Privacy Policy, the Sensitive Data Policy and the Sensitive Data Protection Standard to determine applicability.