Skip to Main Content
Personally identifiable Medical Information at Harvard is subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) when used or kept by units of Harvard that are considered "covered entities" under HIPAA. Personally identifiable medical information used or kept elsewhere at Harvard is still highly sensitive and confidential, and must be protected in compliance with the policies for protecting High-Risk Confidential Information.
The HLS policy is not to have personally identifiable medical information unless it is absolutely necessary and can not be stored in a central Harvard system.
It is understood that from time to time medical are kept by groups such as HR, Registrars Office, Dean of Students Office or Office of Academic Affairs. Such records must be treated and protected as high-risk confidential information. The CIO of the Law School must be notified of the existence of this data or physical copies in order to provide guidance on HIPPA compliance.
Back to Top