Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act is a set of standards and requirements which ensure the protection of individuals' personal health information and grant them rights over said health information. There are six main rights granted: the right to know how the data will be used, the right to obtain a copy of your health data, the right to correct errors in your records, the right to know who has received your data, the right to restriction of your data, and the right to file a complaint for a privacy violation.

The University of Alaska is committed to ensuring appropriate security of all individually identifiable health information and providing quality health care which includes respecting patients' and research participants' rights to maintain the privacy of their health information. 

The University is considered a "hybrid entity" under HIPAA, which means that some parts of the University are subject to HIPAA and others are not.  The University's health plans, its health care provider services, and those that may access PHI to support the plans or health care provider services are subject to HIPAA.  The areas that make us the University's hybrid entity are sometimes referred to as the University's "health care components."  Areas outside of the University's health care components may also be subject to HIPAA if they act as a "business associate" of an organization that is subject to HIPAA.