Boston University has a number of units that offer healthcare to BU employees, BU students, others in the BU community, and/or to the public. All of our healthcare providers respect patient privacy, and all comply with Massachusetts privacy law and the highest of professional ethical standards. Under HIPAA, BU is a “hybrid entity”. BU’s Designation of HIPAA Covered Components is found here: www.bu.edu/hipaa. Healthcare privacy for HIPAA Covered Components and other BU healthcare units is managed through the Research Support Office by the Director of Health Privacy and Compliance.
Additionally, the Massachusetts Health Privacy Law protects the privacy and security of patient records in the University’s other licensed clinics. Those records are Restricted Use data under Boston University’s Data Protection Standards.
Related BU Websites
- HIPAA and Health Information Privacy Resources Website, www.bu.edu/hipaa
BU Resources
Health Information and Research
- HIPAA Information for Charles River Campus Researchers, Guide – includes information on HIPAA and PHI in the research context
- Guidance on Data Security for Boston University Medical Campus Researchers, February 2025 Guide – includes information on HIPAA and PHI in the research context