1.3 Personally Identifiable Medical Information
Personally identifiable Medical Information at Harvard is subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) when used or kept by units of Harvard that are considered "covered entities" under HIPAA. Personally identifiable medical information used or kept elsewhere at Harvard is still highly sensitive and confidential, and must be protected in compliance with the policies for protecting High-Risk Confidential Information.
Covered entities at Harvard include Harvard University Health Services, the Dental Clinic at the Harvard School of Dental Medicine and the Benefits Services Group in the Office of Human Resources.
HIPAA requires that each covered entity meet a number of requirements specified in the HIPAA regulations. See More information about HIPAA for additional information.
Medical records are sometimes kept by other groups at Harvard, for example, in conjunction with employee leave requests, student disciplinary records and handicapped assistance requests. Such records must be treated and protected as high-risk confidential information. (See the Requirements for Storing High Risk Confidential Information at Section 1.1)