Faculty, Staff & Students

Protecting our data, systems and patient health information

The Washington University Information Security Office and HIPAA Privacy Office work together to increase awareness of and maintain the highest standards of compliance with regulations related to the privacy and security of the confidential and protected health information (PHI) of our patients. Policies and procedures have been designed to help the WashU Community comply with the requirements and keep our data, systems and patient health information safe and secure.

Washington University’s Information Security Office is focused on understanding and minimizing the overall risk to the security, confidentiality and availability of WashU information systems and related data.  The HIPAA Privacy Office is responsible for ensuring University compliance with the Privacy Regulations.

Working in cooperation with faculty, staff and students, information security staff employ industry-accepted frameworks and practices to minimize potential harm, embarrassment, inconvenience or unfairness to any individual on whom information is maintained, including its employees, partners, patients and visitors.

Additionally, the Information Security Office protects, secures and maintains regulatory compliance of Washington University’s information assets.

Services provided by the Information Security Office and HIPAA Privacy Office include:

  • Privacy and Security risk assessments for schools, departments and business units of the university
  • Education and awareness programs for faculty, staff and students to help protect information resources on the WashU network and protected health information
  • Investigation and remediation of compliance concerns, including breach notification
  • Control inventories to determine and ensure regulatory compliance with mandates, including:
    • HIPAA / patient privacy
    • PII – State data breach laws
    • PCI – Credit Card information
    • FISMA – Federal Government program data
    • FDA Part 11 – security controls
    • Chemical Facility Anti-Terrorism Standards