HIPAA stands for Health Insurance Portability and Accountability Act. It provides federal protections for personal health information held by covered entities (in this case UNC). HIPAA gives patients rights in respect to this information. The HIPAA Security Rule specifies a series of administrative, physical, and technical safeguards to ensure confidentiality, integrity, and availability of electronic protected health infromation or e-PHI. The security rule is designed to be flexible and scalable so a covered entity can implement policies, procedures and technologies that are appropriate for the entity's particular size, organizational structure, and risks to consumers.
As a covered entity UNC has a responsibility to protect e-PHIs. This includes the following: