HIPAA Resources
- HR 2011-07
- HIPAA Policy & Addendum
- HIPAA Privacy Manual
- CSU Information Security Policies
- CSU Privacy Notice
- HIPAA Authorization Form
- CSU Business Associate Agreement
- HIPAA Training Materials
- HIPAA Webcast Training
- HIPAA Privacy and Security Regulations
- The HITECH Act
- "Top Ten List of Good Security Practices"
- Breach Notification & Plan
HIPAA Portal
Welcome to the Systemwide HIPAA Portal. This site is designed for HIPAA Privacy and Security Representatives at CSU campuses, including Information Security Officers (ISO).
The California State University is mandated by federal law to comply with the federal Standards for Privacy and Security of
physical and electronic Individually Identifiable Health Information under Title II of the Health Insurance Portability and
Accountability Act of 1996 (known as HIPAA), as amended by the
Health Information Technology for Economic and Clinical Health
(HITECH) Act (Title XIII, Subtitle D of the
American Recovery and Reinvestment Act of 2009).
The HIPAA Privacy Rule requires appropriate safeguards to protect the privacy of personal health information
(PHI), including individual medical records and sets limits and conditions on the uses and disclosures that may be
made of such information. At the CSU, the HIPAA
Privacy Rule is enforced by the CSU HIPAA Privacy Official within Human Resources Management (HRM), in the
Chancellor's Office:
CSU HIPAA Privacy Official:
Michelle Hamilton
CSU Office of the Chancellor,
Human Resources Management
401 Golden Shore,
Long Beach, CA 90802
Phone: (562) 951-4413 or (562) 951-4411
Facsimile: (562) 951-4954
E-mail: mhamilton@calstate.edu
The HIPAA Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic PHI (e-PHI). At the CSU, the HIPAA Security Rule is enforced by the Chief Information Security Officer at the Chancellor's Office, who also serves a dual role as the CSU HIPAA Security Official:
CSU HIPAA Security Official:
William Perry
CSU Office of the Chancellor, Information Security Office
401 Golden Shore,
Long Beach, CA 90802
(562) 951-4638
Facsimile: (562) 951-4391
E-mail: wperry@calstate.edu
If a breach of physical PHI or ePHI occurs, it must be reported immediately upon discovery to the CSU HIPAA Privacy and CSU HIPAA Security Officials listed above, in addition to the campus Information Security Officer (ISO).
For additional information regarding HIPAA, as amended by HITECH, please refer to the links listed under HIPAA Resources.
