Skip to main content

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.

SOM and UNC Health Care System Policy:

It is the policy of the UNC School of Medicine and the UNC Health Care System to provide training on HIPAA Privacy/Security regulations to all employees, volunteers, and students employed by either entity with thirty days of initial employment. Further, the UNC School of Medicine requires all employees to update HIPAA training on an annual basis.

In addition, the University’s Department of Environment, Health, and Safety (EHS) has job specific annual training and immunization requirements. It is essential that SPA and EPA Non-Faculty employees complete such requirements as necessary. A matrix of EHS requirements for specific work environments can be accessed here; http://ehs.unc.edu/training/requirements.shtml.

SOM Policy:

  • The “Compliance, Communication, and Teamwork” principle function serves as a reminder of compliance requirements, communications, and teamwork. In an effort to assist management in ensuring these requirements are met, the following principle function(s) shall be included in the work plans for all employees.