{"id":6,"date":"2026-03-25T08:12:46","date_gmt":"2026-03-25T08:12:46","guid":{"rendered":"https:\/\/vendor.hub.wp.nau.edu\/hipaa\/hipaa-privacy-program\/"},"modified":"2026-03-27T15:28:06","modified_gmt":"2026-03-27T15:28:06","slug":"hipaa-privacy-program","status":"publish","type":"page","link":"https:\/\/in.nau.edu\/hipaa\/","title":{"rendered":"Northern Arizona University HIPAA Privacy Program"},"content":{"rendered":"

\n

\n
<\/p>\n

\n

\n
\n

Contact the HIPAA Privacy Program<\/h3>\n <\/div>\n
\n \n
\n <\/i>\n Email:<\/span>\n <\/div>\n
hipaa​@nau.edu<\/div>\n <\/a>\n \n
\n <\/i>\n Call:<\/span>\n <\/div>\n
928-523-7906<\/div>\n <\/a>\n <\/div>\n<\/div>\n\n<\/span><\/p>\n

<\/div>\n<\/div>\n<\/span><\/p>\n

Health Insurance Portability and Accountability Act (HIPAA)<\/h1>\n

What Is HIPAA?<\/strong><\/h2>\n

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)<\/strong> is a federal law that establishes national standards for protecting sensitive health information. The U.S. Department of Health and Human Services (HHS) created the HIPAA Privacy Rule to set these standards, ensuring that individuals\u2019 Protected Health Information (PHI) is used and disclosed appropriately while still allowing necessary information flow for high\u2011quality care and public health purposes.<\/p>\n

HIPAA applies to “Covered Entities” and their “Business Associates” and governs how PHI may be used, how it must be safeguarded, and what rights individuals have regarding their own health information.<\/p>\n

\"\"
Photos from Phoenix Biomedical Campus<\/figcaption><\/figure>\n\n
\n \n
\n

Protects Individuals\u2019 Health Information Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n

HIPAA’s Privacy Rule exists to make sure health information is properly protected while allowing the information needed for care, operations, and public health. A formal privacy program helps an institution consistently enforce these protections.<\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n

\n \n
\n

Supports Responsible Information Sharing Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n

HIPAA is designed to protect PHI and still enable appropriate information flow—such as for treatment, billing, and operations—while preventing unauthorized access or disclosure. A privacy program helps maintain this balance.<\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n

\n \n
\n

Strengthens Institutional Compliance\u00a0 Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n

HIPAA includes administrative requirements, such as workforce training and safeguards for handling PHI. An effective HIPAA privacy program ensures that staff are trained, processes are documented, and risks are managed.<\/p>\n

 <\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n

\n \n
\n

Promotes Trust Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n

By preventing improper disclosures and guiding proper practices, a strong HIPAA Privacy Program helps foster trust among students, patients, employees, and the community.<\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n

Hybrid Entity Status<\/h2>\n

NAU designates itself a \u201cHybrid Entity\u201d under the Health Insurance Portability and Accountability Act (\u201cHIPAA\u201d). A hybrid entity is an organization that performs both HIPAA covered and non-covered functions, and only the specific components within NAU are subject to the HIPAA compliance.<\/p>\n

In accordance with the HIPAA regulations, NAU has identified its HIPAA covered functions as Health Care Components (HCCs), responsible for ensuring the privacy and security of PHI. NAU\u2019s designated HCCs meet the definition of \u201cCovered Entities\u201d subject to HIPAA requirements. NAU’s HCC s must safeguard the privacy and confidentiality of PHI in accordance with HIPAA.<\/p>\n

\n

\n
\n
\n \nOur Commitment\n<\/span>\n <\/div>\n<\/div>\n<\/strong><\/h3>\n

NAU is committed to maintaining the privacy and security of all PHI entrusted to us. We support our campus partners by providing guidance and oversight rooted in lawful standards, ethical practice, and continuous compliance improvement.<\/p>\n

NAU has obligations to abide by certain laws and regulations that govern the privacy and the security of health records subject to the HIPAA. While HIPAA primarily focuses on healthcare providers and health plans, its relevance in higher education extends to situations where institutions like NAU provide healthcare services and operate employee health plans.<\/p>\n

NAU is also subject to the Family Educational Rights and Privacy Act (“FERPA”), which protects the privacy of a student\u2019s education records, including health records. Therefore student health information maintained at NAU generally falls under the FERPA, not HIPAA.<\/p>\n<\/div>\n

Reporting<\/h4>\n

NAU recognizes that the protection of PHI as not only a legal requirement but an ethical duty to the patient\u2019s served at our health care components. As such, all Workforce Members are expected and encouraged to report any behavior(s), incident(s), or concern(s) that may compromise the privacy and\/or security of PHI. This includes, but is not limited to, suspected privacy breaches, unauthorized access, improper disclosures, or privacy and security vulnerabilities.<\/p>\n

Workforce Members are provided with access to PHI, if it is essential to do their jobs, for which they are expected to safeguard the information and act with prudence to prevent, to the extent possible, unauthorized disclosures.<\/p>\n","protected":false},"excerpt":{"rendered":"

Health Insurance Portability and Accountability Act (HIPAA) What Is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that establishes national standards for protecting sensitive health information. The U.S. Department of Health and Human Services (HHS) created the HIPAA Privacy Rule to set these standards, ensuring that individuals\u2019 Protected […]<\/p>\n","protected":false},"author":1,"featured_media":314,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"my-templates\/home-page.php","meta":{"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","ring_central_script_selection":"","footnotes":""},"class_list":["post-6","page","type-page","status-publish","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/in.nau.edu\/hipaa\/wp-json\/wp\/v2\/pages\/6","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/in.nau.edu\/hipaa\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/in.nau.edu\/hipaa\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/in.nau.edu\/hipaa\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/in.nau.edu\/hipaa\/wp-json\/wp\/v2\/comments?post=6"}],"version-history":[{"count":42,"href":"https:\/\/in.nau.edu\/hipaa\/wp-json\/wp\/v2\/pages\/6\/revisions"}],"predecessor-version":[{"id":381,"href":"https:\/\/in.nau.edu\/hipaa\/wp-json\/wp\/v2\/pages\/6\/revisions\/381"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/in.nau.edu\/hipaa\/wp-json\/wp\/v2\/media\/314"}],"wp:attachment":[{"href":"https:\/\/in.nau.edu\/hipaa\/wp-json\/wp\/v2\/media?parent=6"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}