Wheeling Jesuit University

Human Resources

Human Resources Home
Policies Home
  Campus Life
  Physical Plant
  Human Resources
  Mission & Ministry
  Campus Safety &   Security


  Title IX Site
   Grievance Procedure

Email: hr@wju.edu
Phone: 1-304-243-8152

Workplace Practices: Medical Files/Health Insurance Portability and Accountability Act (HIPAA)

Date approved:
August 2011
Approved by:
William Rickle, S.J.
Date to be reviewed:
Feb. 2016
Reviewed by:
Director of Human Resources
Date revised:
Jan. 2015
Revision number:
Compliance Committee:
As Scheduled

Image of a printer icon that allows you to click and print the page.


Wheeling Jesuit University will comply with the Health Insurance Portability and Accountability Act (HIPAA) to protect employee's medical records and other health information provided to health plans, doctors, hospitals, and other health care providers. This policy will serve as the University's Privacy Notice.


2.1 Definition

Definitions: "Individually Identifiable Health Information" - Any information that relates to a specifically identifiable individual and includes demographic data and information that relates to the individual's past, present or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual such as:

  • Health care claims or health care encounter information, such as documentation of doctor's visits and notes made by physicians and other provider staff;
  • Health care payment and remittance;
  • Coordination of health care benefits;
  • Health care claim status;
  • Enrollment and disenrollment in a health plan;
  • Eligibility for a health plan;
  • Health plan premium payments;
  • Referral certifications and authorization;
  • First report of injury;
  • Health claims attachments.
"Protected Health Information - The HIPAA Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information." "De-identified Health Information" - There are no restrictions on the use or disclosure of de-identified health information. De-identified health information neither identifies nor provides a reasonable basis to identify an individual. There are two ways to de-identify information; either: (1) a formal determination by a qualified statistician; or (2) the removal of specified identifiers of the individual and of the individual's relatives, household members, and employers is required, and is adequate only if the covered entity has no actual knowledge that the remaining information could be used to identify the individual. The University employs option two (2).

2.2 Wheeling Jesuit University will take appropriate actions to protect against unauthorized disclosure of any individually identifiable health information that pertains to an employee's health care services. Appropriate physical and technical safeguards will be implemented to protect against unauthorized disclosure of personally-identifiable health information.

2.3 As a covered entity (a company health plan), the University, as defined by the Health Insurance Portability and Accountability Act (HIPAA), is required by law to maintain the privacy of protected health information. The areas of the University that handle protected health information will require HIPAA Privacy Training for all employees who work with protected personally identifiable health information. Employees in those areas will be advised and trained and the individual identifiable health information will be treated as "private-confidential."

2.4 Employees must not use e-mail to send information or ask questions related to protected individually identifiable health information due to privacy issues addressed in HIPAA. All questions should be directed to the Human Resources Department in person or by confidential university mail.

2.5 Permitted Uses and Disclosures. A covered entity is permitted, but not required, to use and disclose protected health information, without an individual's authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures); (2) Treatment, Payment, and Health Care Operations; (3) Opportunity to Agree or Object; (4) Incident to an otherwise permitted use and disclosure; (5) Public Interest and Benefit Activities; and (6) Limited Data Set for the purposes of research, public health or health care operations. Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make. All information used for health care operations, such as a census to obtain health care quotes, will be de-identified health information only.

2.6 If an employee believes that his/her privacy has been violated under this policy, s/he should contact Human Resources immediately to resolve the complaint. If the issue is not resolved to his/her satisfaction, the employee should follow the University's Dispute Resolution Procedure to resolve his/her complaint.

2.7 No employee may intimidate, threaten, coerce, discriminate against, or take other retaliatory action against individuals for exercising their rights, filing a complaint, participating in an investigation, or opposing any improper practice under HIPAA. No individual shall be required to waive his or her privacy rights under HIPAA as a condition of treatment, payment, enrollment or eligibility.

2.9 Corrective Action Disclosure of any protected personally-identifiable health information outside the parameters of allowable uses may be grounds for corrective action up to and including immediate termination.


The Director of Human Resources has the authority to change, modify or approve exceptions to this policy at any time with or without notice, in compliance with DHHS guidelines, and with the approval of the Board of Directors through the University President or his designee.


U.S. Department of Health and Human Services - Health Information Privacy
U.S. Department of Health and Human Services Report - "Protecting Personal Health Information in Research: Understanding the HIPPA Privacy Rule"
U.S. Department of Health and Human Service "Summary of the HIPAA Privacy Rule".
Dispute Resolution Policy
Corrective Action Policy

Job Opportunities | Calendar | President's Welcome | Virtual Campus Tour | Services | Financial Aid | Campus Directory | Title IX | Apply Online

© 2015 Wheeling Jesuit University, Inc. • 316 Washington Avenue • Wheeling • West Virginia • 26003 • 304-243-2000 • Legal
Website Powered by ActiveCampus™ Software by Datatel