ITS HIPAA Policies

  • ITS staff must comply with these policies.
    This compliance is key to ITS alignment of selected current and future ITS services to meet the necessary administrative, physical and technical safeguards required by HIPAA, the Health Insurance Portability and Accountability Act (HIPAA). HIPAA compliance generally focuses on risk analysis; the use of reasonable security controls; well-documented policies, procedures, and practices; and staff education and awareness.
  • U-M units may use them as templates.
    U-M units are welcome to use and adapt these policies and standards as templates for unit-specific training and awareness related to HIPAA compliance.

Code of Conduct

The code of conduct spells out specific staff responsibilities and behaviors when working in an environment where Protected Health Information (PHI) is maintained. All ITS staff members are required to read and sign an acknowledgement that they will abide by the code as part of ITS HIPAA compliance procedures. A signed copy of the code of conduct is maintained in their personnel file by ITS HR.

Data Management Policies

Data management policies generally describe the administrative and behavioral requirements necessary for HIPAA compliance.

Data Security Policies

Data security policies generally describe the technical requirements necessary for HIPAA compliance.

Technical Requirements & Standards Supplement

For ITS Staff Only

These resources are for ITS staff only. They are stored on the ITS intranet (Backstage), which is accessible only by ITS staff. Login with uniqname and UMICH password is required.