Welcome to BU’s HIPAA and Health Information Privacy Resources Site

This site contains information for BU’s HIPAA Covered Components and HIPAA Covered Health Plans on how to comply with HIPAA. It is also a helpful resource for members of the BU community who provide services to or otherwise support the Covered Components.

Please visit Policies for BU Health Care Providers to find BU’s University-wide HIPAA policies. Other pages on this site contain forms for each Covered Component, training materials, and other helpful information.

Understand Your Privacy Rights

PATIENTS: If you are a patient of a BU health care provider and wish to understand your privacy rights, please talk to your provider, or visit the provider’s website. Not all of BU health care providers are subject to HIPAA, but all respect the privacy of your individually identifiable health information as a matter of state law, professional ethics, and BU policy.

STUDENTS: Please contact the BU Student Health Center with any questions about the privacy of your medical records. Student Health records are subject to FERPA. They are not subject to HIPAA’s Privacy and Security rules or to the policies found on this website.

BU Operational Units Subject to HIPAA

  • The BU Health Plans (health insurance, dental insurance and flexible benefit plans for BU employees and their dependents)
  • The following BU Health Care Providers:
    1. The Albert & Jessie Danielsen Institute at Boston University,
    2. Boston University Rehabilitation Services (including the BU Physical Therapy Center and BU Center for Neurorehabilitation),
    3. Sargent Choice Nutrition Center,
    4. Henry M. Goldman School of Dental Medicine Patient Treatment Centers,
    5. BU Dental Health Center.
  • BU’s Designation of Covered Components is found here

BU HIPAA Privacy and Security Officers

BU HIPAA Privacy Officer: Jessica Captain Novick, jcaptain@bu.edu
Security Officer: David Corbett, corbettd@bu.edu

Questions about HIPAA?

Explore this site, and if you don’t find the information you need, email HIPAA@bu.edu for quick answers.


HIPAA Contacts

BU HIPAA Sharepoint Site


Report a Possible Breach

The Incident Response Team receives reports of potential HIPAA breaches and you can email them directly at irt@bu.edu.
Report a potential breach

If you have reason to believe that violations of BU policy or improper conduct has occurred, please visit the Compliance site for information on the various ways to report your concern.