The Health Insurance Portability and Accountability Act (HIPAA), signed into law on August 21, 1996, includes complex regulations especially regarding the privacy and security of health information. NYU's Board of Trustees designated the University as a "hybrid entity" under HIPAA with three health care delivery units (covered components): the School of Medicine, College of Dentistry, and University Health Center (since renamed the Student Health Center). NYU's 12 non-health care delivery units consist of other designated University administrative units to the extent that each performs activities that may involve access to individually identifiable health information in supporting the three covered components. In order to comply with the standards and implementation specifications that comprise the administrative, physical, and technical safeguards and the organizational, procedural, and documentation requirements of the HIPAA Security Regulations, NYU has developed a set of 19 policies and accompanying definitions. The NYU School of Medicine follows HIPAA-related policies and procedures created specifically for its environment; School of Medicine compliance with HIPAA is coordinated through Langone Medical Center.

In addition, NYU has developed the IT Security Information Breach Notification Policy and Plan to comply with the HIPAA Security Regulations and with Title XIII, the Health Information Technology for Economic and Clinical Health (HITECH) Act, of the American Recovery and Reinvestment Act (ARRA) of 2009, as amended or superseded from time to time.

If you are downloading one or more policies, please also download "Policy 1. Overview: Policies, Procedures, and Documentation" (which includes information applicable to all the policies) and the definitions (which clarify the meanings of various terms in the policies). Click the links below to download a PDF version of each policy and the accompanying definitions file (Adobe Acrobat Reader required).

See also the Policy Against Information Blocking of Electronic Health information. This policy is related to NYU's HIPAA Policies and supports provision of informed care for patients by removing obstacles they encounter when trying to access, exchange, or use their own electronic health information (EHI).

  1. Dates of official enactment and amendments: Not Available
  2. History: Reviewed: Mar 21, 2024; Feb 23, 2024. Revised: Mar 21, 2024 (updated policy title only); Apr 10, 2020.
  3. Cross References: N/A