Indiana University
Find People   |  IUSM IU
UITS
Advanced IT Core
Campus Maps

HOME HOME
ABOUT US ABOUT US
People News
Overview Overview
History History
Rates & Policies Rates & Policies
People People
HIPAA & AITC HIPAA & AITC
WHAT WE OFFER WHAT WE OFFER
Cyberinfrastructure Cyberinfrastructure
HIPAA Services HIPAA Aligned Services
ADVANTAGES ADVANTAGES
WAYS WE CAN HELP WAYS WE CAN HELP
PROJECTS PROJECTS
CONTACT US CONTACT US
On January 29, 2009, the UITS Advanced IT Core, Research Technologies, and Enterprise Infrastructure divisions reached a new milestone: many of our technology services became formally aligned1 with the federal Health Information Portability and Accountability Act (HIPAA). We are one of very few research computing organizations in the nation to achieve this feat. This means that our supercomputers, storage, visualization systems, and virtual machine environments can now better support medical research at the IU School of Medicine (IUSM) and beyond. We have for many years provided confidential, high integrity and availability information in support of research across IU campuses. We have now confirmed the alignment of our security management with security best practices (eg., NIST 800-53) as recommended by HIPAA.

You can now use our services to analyze, store, serve, or visualize electronic personal health information (ePHI) and other sensitive data (including clinical research data) with confidence, knowing that we have gone through a rigorous, and ongoing, risk management and security enhancement process, overseen by a committee representing the Office of Research Administration, IUSM faculty and administration, and the IUSM CIO. The Office of Research Administration has provided a formal memorandum of their confidence in our ability to protect data for research projects that involve electronic protected health Information (ePHI).

Your Responsibilities when Using our Services with ePHI

  1. You, as the data owner, are responsible for keeping your data and practices secure as required by HIPAA.
  2. You cannot use our services with clinical data that are part of current, active patient treatment. (Our systems are not "medical devices" regulated by the FDA and we are NOT compliant with FDA rules controlling medical devices.)

    To learn more about our HIPAA services for your research, or to see relevant documentation, please contact: Anurag Shankar (ashankar@iu.edu), (812) 325-8629.

1 The Advanced IT Core underwent exhaustive gap and risk analyses by an external third party and used the results to fill existing gaps and to develop a comprehensive, ongoing risk management plan as part of this process.
Indiana University
Indiana University  |  IUPUI  |  Disclaimer  |  Privacy Policy  |  Email Us
Copyright 2009, The Trustees of Indiana University | Copyright Complaints
Last Updated On: March 20, 2009
University Information Technology Services | 535 West Michigan Street | Indianapolis, IN 46202 | (317) 274-8157
Direct link to this page -- http://aitc.iu.edu/aitchipaa.shtml