HIPAA Privacy and Security
Rutgers is committed to protecting "protected health information" in accordance with all applicable New Jersey and federal laws. Rutgers policies governing the privacy of protected health information can be found in Section 100 of the Rutgers Policy Library under "Clinical, Compliance, Ethics & Corporate Integrity".
HIPAA Privacy and Security FAQs
Disclaimer Notice: These materials are presented here for informational purposes only and do not constitute legal advice on a particular matter. Legal advice must be tailored to the specific facts and circumstances relating to an issue. For legal advice on a particular Rutgers University matter within your official responsibilities, please consult with a member of the Office of General Counsel (OGC).
-
"Protected Health Information" means individually identifiable health information that relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual or the past, present or future payment for the provision of health care to an individual and identifies or could reasonably be used to identify the individual.
Protected Health Information excludes individually identifiable health information in: (a) Education records covered by the Family Educational Rights and Privacy Act and (b) Employment records held by a covered entity in its role as employer.
-
- Names
- Street address, city, county, precinct, zip code, and equivalent geocodes
- All elements of dates (except year) for dates directly related to the individual, including birth date, admission date, discharge date, date of death, and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of 90 or older
- Birth date
- Telephone numbers
- Fax numbers
- Electronic mail addresses
- Social security number
- Medical record number
- Health plan beneficiary number
- Account numbers
- Certificate/license number
- Any vehicle identifiers and serial numbers, including license plate numbers
- Web Universal Resource Locator (URL)
- Internet Protocol (IP) address number
- Finger or voice prints; biometric identifiers
- Full face photographic images; and any comparable images
Any other unique identifying number, characteristic, or code that a Rutgers provider has reason to believe may be identifiable to an anticipated recipient of the information.
-
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes rules and regulations regarding access and disclosure to protected health information. Under HIPAA, protected health information, or PHI, is individually identifiable health information. New Jersey law also protects patient information from disclosure and includes heightened protections for the disclosure of certain types of particularly sensitive medical information (i.e., mental health and substance abuse records). Another federal law commonly known as "Part 2" protects substance abuse records in some instances (depending on where and from whom services are delivered).
Rutgers patients all receive a Notice of Privacy Practices which outlines how our providers use and disclose PHI. The Rutgers Notice of Privacy Practices describes the rights of patients cared for by Rutgers providers.
-
HIPAA provides the following patient rights:
- To request that we communicate with the patient confidentially
- To see or receive a copy of health information
- For some disclosures, to receive a list of with whom Rutgers shared information
- To request an amendment change to the medical record
- To receive a copy of Rutgers’ Notice of Privacy Practices
- To make a complaint. Complaints may be made by:
- Contacting the Rutgers Privacy Officer at 973-972-8093
- Contacting the 24/7 anonymous compliance hotline
- Making a complaint with the Secretary of the Department of Health and Human Services
- For certain purposes, such as marketing, the right to provide permission before PHI may be used or shared
-
Under HIPAA regulations, if PHI is disclosed or accessed in an inappropriate manner, typically an investigation will take place to determine if a breach has occurred. A breach will result in notification to the affected individual(s).
The Rutgers Compliance Office is responsible for receiving complaints alleging violation(s) of HIPAA’s Privacy and Security Rules, and for investigating and resolving these allegations. You can reach the Compliance Office at:
Privacy Officer University Ethics and Compliance
Rutgers, The State University of New Jersey
Stanley S. Bergen, Jr.
Building 65 Bergen Street Suite 1346
Newark, New Jersey 07107
973-972-8093The role of the Rutgers Privacy Program is more fully described in the Rutgers policy governing Standards for Privacy of Individually Identifiable Health Information.
The University Ethics and Compliance Office works closely with the Office of the Senior Vice President and General Counsel in determining if a breach has occurred.
Need Help?
Rutgers takes the privacy of its patients seriously. Please contact the University Ethics and Compliance Office or submit an anonymous report through the Rutgers Compliance Hotline.
Alternatively, you can speak with a Rutgers lawyer with any questions by contacting the Office of the Senior Vice President and General Counsel.