The University of North Carolina at Chapel Hill

Campus E-mail and Onyen Assignment

HIPAA

[draft]

Faculty, staff and students who are subject to Health Insurance Portability & Accountability Act (HIPAA) regulations will require additional measures to ensure the University�s compliance with HIPAA. The ITS security officer will work with the relevant schools and departments to identify individuals who are subject to the HIPAA requirements. An attribute will be added to the directory that identifies an individual who is affiliated with a HIPAA subject entity. The following restrictions will apply to these individuals:

No forwarding from an Onyen e-mail account will be allowed, except to a trusted HIPAA domain within unc.edu. This includes the forwarding of e-mail to mobile devices through an outside mail server. (An alias will only be allowed to the Onyen e-mail, or a trusted HIPAA domain within unc.edu.)
All outgoing e-mail, from accounts subject to HIPAA regulations, will be routed through a tool that provides audibility and HIPAA compliance.
The e-mail address published in the directory will be onyen@email.unc.edu, or an alias. A visual indicator that this individual is subject to HIPAA regulations will be displayed in the search results on the UNC Enterprise Directory web page.
A searchable �HIPAA address book� will be maintained for these individuals. Other HIPAA entities will be able to configure their e-mail clients to retrieve contact information from this subset of the campus directory, knowing that the recipient will not be allowed to do automatic forwarding of e-mail.

last modified 4 August 2005