Information Technology Services - nav image

1.3 Personally Identifiable Medical Information

Harvard Enterprise Security Policy:

Policy Excerpt

Personally identifiable Medical Information at Harvard is subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) when used or kept by units of Harvard that are considered "covered entities" under HIPAA. Personally identifiable medical information used or kept elsewhere at Harvard is still highly sensitive and confidential, and must be protected in compliance with the policies for protecting High-Risk Confidential Information.

HLS Policy:

The HLS policy is not to have personally identifiable medical information unless it is absolutely necessary and can not be stored in a central Harvard system.

Approved Solution:

It is understood that from time to time medical are kept by groups such as HR, Registrars Office, Dean of Students Office or Office of Academic Affairs. Such records must be treated and protected as high-risk confidential information. The CIO of the Law School must be notified of the existence of this data or physical copies in order to provide guidance on HIPPA compliance.

Last modified: November 06, 2008

© 2015 The President and Fellows of Harvard College. All rights reserved.