General Information

The Health Insurance Portability and Accountability Act (HIPAA) covers a variety of issues including the Privacy Rule concerning patients' Protected Health Information (PHI) and the Security Rule governing patients’ electronic PHI (ePHI). The Office of Compliance provides consultation and training for compliance with HIPAA, and serves as a point of contact for the Emory research community.

Online and in-person HIPAA training courses are available.  Please contact the Office of Compliance at (404) 727-2398 or compliance@emory.edu for additional information regarding training.

For information and access to online training, click on the Training tab in the toolbar above or on the HIPAA Training tab on the left-side margin.

HIPAA Rules changes that became effective September 23, 2013 included:

  • Compound Authorizations
  • Authorization of Future Research Use or Disclosure
  • Decedents Information
  • Sale of Protected Health Information

More information

HIPAA policies:

HIPAA Procedures:

Data Transfer Agreements

Data Transfer Agreements (DTAs) are used to transfer human subject data from one institution to another for research purposes.  A DTA is a contract between the providing and recipient institutions that governs the legal obligations and restrictions, as well as compliance with applicable laws and regulations, related to the transfer of such data between parties.