Skip to page content



As you are aware, the University of Chicago (U of C) and University of Chicago Medical Center (UCMC) are required to comply with the privacy and security provisions of the Health Insurance Portability and Accountability Act (HIPAA) that went into effect on April 14, 2003 and April 21, 2005, respectively.  We continually review our uses and disclosures of patient information as part of our compliance with Federal law.  Not only are UCMC and U of C subject to HIPAA regulations, but you, as a practicing physician, are personally subject to HIPAA.  We have undertaken a number of projects that help you to comply, but we need your assistance.

1. Databases  If you are creating a new database containing PHI, please contact the CBIS Help Desk at 2-3456 so that arrangements can be made to discuss security requirements.  CBIS provides information, resources, and assistance to the Division for computer security.

2. Teaching, seminars, research, and other uses of PHI  Generally, if you wish to use patient information for purposes other than treatment, payment, or healthcare operations outside of the University of Chicago Medical Center, specific written patient authorization is required.  For instance, you may wish to use a particular interesting radiology image during a national presentation.
If you have any questions about how to complete an authorization, please feel free to call Marilyn Hanzal, Associate General Counsel, at 2-1057 or the HIPAA Privacy Office at 4-9716.

3. Requests for PHI  We will use a "trusted requestor" process.  With this process, the requestor will bear the responsibility for requesting data for HIPAA compliant purposes.  This process does not apply to requests for PHI regarding a patient's treatment and payment for that treatment.

If you have any questions, please contact the HIPAA Program Office at 4-9716.

Back to Guidances

Call 4-9716 for more details.

PDF version