Welcome to BU’s HIPAA and Health Information Privacy Resources Site
This site contains information for BU’s HIPAA Covered Components and HIPAA Covered Health Plans on how to comply with HIPAA. It is also a helpful resource for members of the BU community who provide services to or otherwise support the Covered Components.
Please visit Policies for BU Health Care Providers to find BU’s University-wide HIPAA policies. Other pages on this site contain forms for each Covered Component, training materials, and other helpful information.
Understand Your Privacy Rights
PATIENTS: If you are a patient of a BU health care provider and wish to understand your privacy rights, please talk to your provider, or visit the provider’s website. Not all of BU health care providers are subject to HIPAA, but all respect the privacy of your individually identifiable health information as a matter of state law, professional ethics, and BU policy.
STUDENTS: Please contact the BU Student Health Center with any questions about the privacy of your medical records. Student Health records are subject to FERPA. They are not subject to HIPAA’s Privacy and Security rules or to the policies found on this website.
BU Operational Units Subject to HIPAA
- The BU Health Plans (health insurance, dental insurance and flexible benefit plans for BU employees and their dependents)
- The following BU Health Care Providers:
- The Albert & Jessie Danielsen Institute at Boston University,
- Boston University Rehabilitation Services (including the BU Physical Therapy Center and BU Center for Neurorehabilitation),
- Sargent Choice Nutrition Center,
- Henry M. Goldman School of Dental Medicine Patient Treatment Centers,
- BU Dental Health Center.
- BU’s Designation of Covered Components is found here
BU HIPAA Privacy and Security Officers
BU HIPAA Privacy Officer: Jessica Captain Novick, jcaptain@bu.edu
Security Officer: David Corbett, corbettd@bu.edu
Questions about HIPAA?
Explore this site, and if you don’t find the information you need, email HIPAA@bu.edu for quick answers.
HIPAA Contacts
Report a Possible Breach
HIPAA workforce members should notify their supervisor and/or HIPAA Component Contact. The HIPAA Contact then reports to IT Help Center (ithelp@bu.edu) or the HIPAA Officers (hipaa@bu.edu).
If you have reason to believe that violations of BU policy or improper conduct has occurred, please visit the Compliance site for information on the various ways to report your concern.