I work with health-related information that must be kept secure and private. What options does IU offer?

UITS Research Technologies provide several systems and services that meet the requirements for the HIPAA Security Rules, which means that you are able to use them for research data that contain certain Protected Health Information (PHI). You can review the RCUITS Research Technologies systems and servicesSystems & services that meet requirements for the HIPAA Security Rule RC UITS Research Technologies systems and services and learn more about the options available and how to meet necessary requirements.

The RCData Storage FinderTool to guide to you the best data storage options RC Data Storage Finder tool can also help you to determine which storage and compute options are available that meet the requirements for the HIPAA Security Rules.

In particular, all personnel, including volunteers, in an IU HIPAA Affected Area or students in programs in certain health science schools, are required to obtain training related to the regulatory obligations under the HIPAA Privacy and Security Rules. This RCHIPAA TrainingRequired training for personnel in any IU HIPAA Affected Area RC HIPAA Training is also recommended for those managing student or employee administrative health data.

Please keep in mind that in order to use these resources, you will also need to institute additional administrative, physical, and technical safeguards that complement the ones UITS already has in place. Failure to comply with HIPAA requirements can result in civil and criminal penalties, as well as disciplinary action through Indiana University, so it is essential that you understand and take the appropriate steps to protect your research data.