Skip to page content

FACULTY ADVISORY 1 (Dec. 2006)

As you are aware, the University of Chicago (U of C) and University of Chicago Medical Center (UCMC) are required to comply with the privacy and security provisions of the Health Insurance Portability and Accountability Act (HIPAA) that went into effect on April 14, 2003 and April 21, 2005, respectively.  We continually review our uses and disclosures of patient information as part of our compliance with Federal law.  Not only are UCMC and U of C subject to HIPAA regulations, but you, as a practicing physician, are personally subject to HIPAA.  We have undertaken a number of projects that help you to comply, but we need your assistance.

1. Databases  If you are creating a new database containing PHI, please contact the BSDIS Help Desk at 773-702-2056 so that arrangements can be made to discuss security requirements.  The BSD Information Security team provides information, resources, and assistance to the Division for computer security.

2. Teaching, seminars, research, and other uses of PHI  Generally, if you wish to use patient information for purposes other than treatment, payment, or healthcare operations outside of the University of Chicago Medical Center, specific written patient authorization is required.  For instance, you may wish to use a particular interesting radiology image during a national presentation.

• A specific Authorization form for educational use of a patient's PHI for case studies, presentations, article(s), textbooks, internet publications, or other publications is available here.
  

• A general patient authorization form is also available here.
  

If you have any questions about how to complete an authorization, please feel free to call Marilyn Hanzal, Associate General Counsel, at 2-1057 or the HIPAA Privacy Office at 4-9716.

3. Requests for PHI  We will use a "trusted requestor" process.  With this process, the requestor will bear the responsibility for requesting data for HIPAA compliant purposes.  This process does not apply to requests for PHI regarding a patient's treatment and payment for that treatment.

• An overview of the trusted requestor process can be found here.

• The trusted requestor process instructions can be found here.

• The trusted request form can be found here.

If you have any questions, please call Kerry Congdon DeMott - Chief Compliance and Privacy Officer - at 4-3150.

Back to Guidances

HIPAA Program Office
The University of Chicago Medical Center | 5841 South Maryland Avenue | Chicago, IL 60637
HPOwebmaster@bsd.uchicago.edu