Health Insurance Portability and Accountability Act (HIPAA)

Health Information Privacy at GW refers to the processes and methodologies that are designed and implemented to protect print, electronic, or all forms of health information from unauthorized access, use, misuse, disclosure, destruction, modification or disruption.

We work closely with the GW community to reduce the risks to our health information by:

  • Classifying protected health information (PHI) per the Health Insurance Portability and Accountability Act (HIPAA) and applying the required HIPAA security and privacy safeguards
  • Classifying health information that is not defined as protected health information (PHI) and applying appropriate information security safeguards
  • Inventorying our PHI and health information
  • Providing a dedicated GW HIPAA Privacy Officer
  • Establishment of the GW HIPAA Oversight Committee
  • Establishment of the Joint HIPAA Advisory Committee

GW HIPAA Oversight Committee

The GW HIPAA Oversight Committee works toward HIPAA Compliance by providing oversight and leadership to GW schools and divisions in HIPAA matters.  In practice these responsibilities are carried out by performing the following functions:

  • Monitoring and reviewing of current and new HIPAA initiatives at GW
  • Advising on emergent issues
  • Providing direction and guidance on initiatives

We chair the committee, which is made up of representatives from the following schools and divisions:

  • School of Medicine and Health Sciences
  • School of Nursing
  • Milken Institute School of Public Health
  • Health Clinics and Counseling
  • Grateful Patient Funding Program
  • Benefits Administration
  • External Relations
  • Division of IT
  • Office of General Counsel
  • EMeRG
  • Research

Joint HIPAA Advisory Committee

The Joint HIPAA Advisory Committee serves as a mechanism for oversight, communication and response regarding HIPAA-related issues that cross GW, Medical Faculty Associates, Inc. (MFA) and GW Hospital (Hospital).   

In the areas where the three organizations have integrated operations and/or “touch points,” the committee coordinates, cooperates and monitors compliance requirements, breach responses/remediation and recommends resolution for any unresolved HIPAA issues.

We are dedicated to supporting each other’s HIPAA compliance efforts by sharing resources and information in the education and administration of health services.