Centered on your privacy

Washington University health care providers respect the confidentiality of our patient’s health information by observing the highest standards of ethics and integrity.


What is HIPAA?

“HIPAA” stands for the Health Insurance Portability and Accountablity Act of 1996.  The HIPAA Privacy Rule, Security Rule, and Breach Notification Rule were implemented to protect the privacy of an individual’s health information and govern the way certain health care providers and health plans, also known as “covered entities” collect, maintain, use and disclosure protected health information.

Our Notice of Privacy Practices describes your rights under HIPAA and how Washington University may use and disclose your protected health information.  If you have not reviewed our Notice of Privacy Practices, please download a copy to read.

The Washington University HIPAA Privacy Office works with all members of our workforce including faculty, staff, and students to help them understand their responsibilities to protect the confidentiality of our patient’s health information.  We do this through policy and procedure, training, and auditing and monitoring.  In addition, the Washington University HIPAA Privacy Office responds to and investigates concerns related to compliance with the HIPAA regulations.

Privacy and security policies

Washington University, Washington University Physicians, our affiliated clinical practices, and our employee benefit plan have adopted policies and procedures for the use and disclosure of PHI.


All members of the Washington University workforce, including our students and volunteers, who interact with patients or who use and disclose PHI are required to complete HIPAA training.  Classroom and online refresher courses are also available.  HIPAA Hints are posted throughout the medical school campus to reinforce our policies and procedures.


The HIPAA Privacy Office is responsible for monitoring compliance with HIPAA.  In addition, each department has identified an individual to act as the Privacy Liaison for the department to assist with ongoing compliance with HIPAA.