Disaster Recovery: Health Information Portability and Accountability Act (HIPAA)

The Health Information Portability and Accountability Act of 1996 (HIPAA) requires organizations falling under its regulations to take "reasonable" measures in providing disaster recovery solutions. HIPAA does not define what measures must be completed, but it does note that failure to adequately recover from a disaster could lead to noncompliance. Failure to comply inevitably exposes the organization to possible fines. 

For general information on HIPAA or to view the HIPAA policies, please visit http://www.ecu.edu/hipaa/.

If you need to complete HIPAA Privacy and Security training, please login to Blackboard at http://blackboard.ecu.edu/ or if you have questions regarding the training, please contact:

HIPAA Privacy Training (Healthcare workforce members)

If you have specific questions, please contact Joan Kavuru (kavuruj@ecu.edu) or (252) 744-5200.

HIPAA Security Admin Training (Technical staff supporting systems with EPHI)

If you have specific questions, please contact Laverne Williams(williamsla@ecu.edu) or (252) 328-9000.

HIPAA Privacy Officer:

Joan Kavuru is the University Privacy Officer.

If you have specific questions regarding HIPAA Privacy, please contact Joan Kavuru at (252) 744-5200.

HIPAA Security Officer:

Margaret Streeter Umphrey is the University IT Security Officer.

If you have specific questions regarding HIPAA Security, please contact Margaret Streeter Umphrey or Laverne Williams at (252) 328-9000.