​​

Health Insurance Portability and Accountability Act (HIPAA)

This site is designed for HIPAA Privacy and Security Representatives at CSU campuses, including Information Security Officers (ISO).

The California State University is mandated by federal law to comply with the federal Standards for Privacy and Security of physical and electronic Individually Identifiable Health Information under Title II of the Health Insurance Portability and Accountability Act of 1996 (known as HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act (Title XIII, Subtitle D of the American Recovery and Reinvestment Act of 2009).

The HIPAA Privacy Rule requires appropriate safeguards to protect the privacy of personal health information (PHI), including individual medical records and sets limits and conditions on the uses and disclosures that may be made of such information. At the CSU, the HIPAA Privacy Rule is enforced by the CSU HIPAA Privacy Official within Human Resources Management (HRM), in the Chancellor's Office:

CSU HIPAA Privacy Official

Beth R​yan

CSU Office of the Chancellor, Human Resources Management
401 Golden Shore, Long Beach, CA 90802
Phone: (562) 951-4414 or (562) ​951-4411
Facsimile: (562) 951-4695

The HIPAA Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic PHI (e-PHI). At the CSU, the HIPAA Security Rule is enforced by the Chief Information Security Officer at the Chancellor's Office, who also serves a dual role as the CSU HIPAA Security Official:

CSU HIPAA Security Official
Josh Callahan
CSU Office of the Chancellor, Information Security Office 
401 Golden Shore, Long Beach, CA 90802
(562) 951-4193

If a breach of physical PHI or ePHI occurs, it must be reported immediately upon discovery to the CSU HIPAA Privacy and CSU HIPAA Security Officials listed above, in addition to the campus Information Security Officer (ISO).

For additional information regarding HIPAA, as amended by HITECH, please refer to the links listed under HIPAA Resources.