As part of the University of Minnesota’s commitment to providing quality health care, respecting patients' and research participants' rights to maintain the privacy of their health information is not only important, but required by law. The regulations governing the requirements for patient health information are described in the federal law known as the Health Insurance Portability and Accountability Act (HIPAA).
The University is considered a "hybrid entity" under HIPAA, which means that some parts of the University are subject to HIPAA and others are not. The University's health plans, its health care provider services, and those who may access protected health information to support the plans or health care provider services are subject to HIPAA.
The Health Information Privacy & Compliance Office (HIPCO) is here to help you navigate through the HIPAA policies and procedures. Through oversight, training and support, HIPCO promotes the confidentiality and integrity of health information.
The HIPCO team also continually works to improve the framework that supports HIPAA compliance in the University's unique environment by:
- developing standard processes and form agreements that you can use to support HIPAA compliance
- working with other University units to identify HIPAA compliant tools that you can use to perform your work
- providing training and education to units to increase awareness about HIPAA and the importance of HIPAA compliance
- reviewing activities of units on a periodic basis to identify any issues
- conducting investigations and mitigating risks after discovery of a breach
When should I contact HIPCO?
You should contact HIPCO when you:
- would like more training for your unit on HIPAA issues
- have questions about getting authorization to use individual health information or the right way to handle that information
- believe there has been a violation of HIPAA
- have questions about HIPAA generally
While the HIPCO team can generally help find the right resources to address your questions, they may direct you to other units as appropriate, such as when you have questions about specific tools and technologies.
New HIPCO leadership
After more than seven years as HIPCO’s chief health information compliance officer and director, Lori Ketola retired from the University in January 2021.
“I have been fortunate to have a strong team to support me at HIPCO, including compliance officers Amanda Clark and Zane Wagner, our part-time business analyst and project manager Beth Rosby, and our current part-time law clerk and full-time law student Allegra Lukac,” said Ketola. “What I really enjoyed about working in HIPCO was learning about all the unique and interesting ways the University is helping other people, and helping to build a program that is tailored to that unique environment and also supports HIPAA compliance.”
The search is currently underway for the new HIPCO leader.