Information Security maintains the HIPAA Security Rule, which needs to be signed by all individuals at the University who have access to Protected Health Information (PHI). The Security Rule consists of the HIPAA Security Awareness Training and the HIPAA Policy Compliance Agreement. Before access to any server containing electronic Protected Health Information (ePHI) is granted to an individual, Information Security will verify that person has signed the HIPAA Security Rule.