The Health Insurance Portability and Accountability Act of 1996 (HIPAA)


HIPAA regulations are applicable to anyone at Rowan University depending upon their job responsibilities, which includes having direct or indirect access to patients or their health information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) contains provisions to protect the confidentiality and security of personally-identifiable information that arises in the course of providing health care. Faculty, staff, students and residents must complete the HIPAA basic training and HIPAA and Medical Research training if their study involves access to patients and health information with or without the use of identifiers.

HIPAA and Medical Research

Health Insurance Portability and Accountability Act (HIPAA) Data / Protected Health Information (PHI)

If your research will access and/or use patient HIPAA/PHI data, whether it is from a RowanMedicine clinical practice or external, non-Rowan entity, in a prospective or retrospective chart review IRB study, then HIPAA training must be completed and certficates attached for each researcher in the IRB submission.

Rowan University Office of Compliance & Corporate Integrity (OCCI) is the office responsible for oversight related to the access and use of RowanMedicine HIPAA/PHI data and information. Any HIPAA/PHI data that will be used for research purposes and coming from a non-Rowan, external institution may require a Data Use Agreement. Access, use, storage and disposal of HIPAA/PHI data governed by a Data Use Agreement between Rowan and the non-Rowan, external institution must be incorporated into the IRB protocol and submission.

Faculty and Staff Training

Faculty and staff complete HIPAA training (113 & 109) via Rowan University Office of Compliance & Corporate Integrity Training Portal and more information can be found about how to gain access to and complete HIPAA training via the link below. HIPAA training should cover the following topics: 1) HIPAA Research, 2) Law Enforcement Uses and Disclosures, 3) Patient Rights, 4) Privacy Rule, 5) Security Rule, and 6) Violations and Penalties. Note: HIPAA 113 training is composed of five (5) separate modules, titled as in Rowan OCCI's online learning platform, HealthStream: HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Patient Rights, HIPAA Violations and Penalties, and HIPAA Law Enforcement Uses and Disclosures.

Student Training

Student HIPAA 101 and 109 training can be completed via KnowBe4. For student training, the Rowan faculty Principal Investigator (PI) or designee of PI must submit a list of students that will be identified as research personnel in an IRB submission and submit a request to Rowan IRT Support. HIPAA training (101 & 109) will be assigned to student(s).

To open a ticket with the Information Security Office you can email support@rowan.edu

If 1-5 students need to be added, write the following in the ticket:

Please assign <Name> <Email> (<BannerID>) (Enrollement Year i.e 2022) to KnowBe4 HIPAA OCCI109 training

If there are more than 5 students that need to be added please attach an Excel sheet with the student's information and write the following in the ticket:

Please assign students to KnowBe4 HIPAA OCCI109 training. Attached is an Excel sheet with the student's information.

Links for information and access to training applications are listed below.