Health Insurance Portability and Accountability Act (HIPAA) Security Rule

The Texas Advanced Computing Center (TACC) implements measures to protect privacy consistent with the university mission and environment, applicable legal requirements and professional standards, generally accepted privacy norms and available resources. These measures apply to all personnel, regardless of affiliation, who create, access or store Protected Health Information ("PHI") at TACC designated for purposes of complying with the final provisions of the security and privacy rules regulated by the Health Insurance Portability and Accountability Act (HIPAA).

TACC complies with the University of Texas at Austin (UTA) Minimum Security Standard for Systems with HIPAA Data.

Safeguards Administrative/Physical

• TACC maintains administrative and physical safeguards for protected data information from any intentional or unintentional use or disclosure that is in violation of the standards, implementation specifications or other requirements of HIPAA.
• TACC reasonably safeguard protected health information to limit incidental uses or disclosures.
• TACC limits the protected health information access, used or disclosed to the minimum necessary to accomplish their goal.

Technical

• TACC periodically completes a Risk Analysis as required under the HIPAA Security Rule.
• TACC uses the risk analysis to determine a Risk Management plan.
• TACC implements written policies and procedures to ensure these safeguards are in place.

Training

• TACC trains each new member of TACC Staff within a reasonable period of time (based on their role) after the person joins the workforce, but no longer than 90 days from the initial employment date.
• TACC requires all TACC staff members to complete HIPAA Privacy and Security Training on an annual basis.
• TACC trains each member of TACC staff whose functions are affected by a material change in the policies or procedures, within a reasonable period of time after the material change becomes effective.

Limited Data Set

TACC only accepts data in the form of a limited data set when possible for the purposes of research.

Sanctions

TACC follows the University of Texas at Austin (UTA) disciplinary policies.

Related Information

• University of Texas Austin Minimum Security Standards for HIPAA Data.
• The Security Rule of the Health Insurance Portability and Accountability Act
• The Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA)
• Health Information Technology Act (HITECH)
• Title 45 of the Code of Federal Regulations (CFR)