SharkBytes Archives


Division of Public Relations and Marketing Communications
Nova Southeastern University
3301 College Avenue
Fort Lauderdale, Florida 33314-7796

(954) 262-5353
(800) 541-6682 x25353
Fax: (954) 262-3954

2013 Updated HIPAA Security Information

The Office of Information Technology Security is pleased to bring you this update regarding HIPAA Security. It is important that all NSU faculty, staff, students, and other computer users that come into contact with electronic patient data understand what the HIPAA Security rule requires and comply with the policies and procedures that have been put in place.

HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following:

  • Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
  • Reduces health care fraud and abuse;
  • Mandates industry-wide standards for health care information on electronic billing and other processes; and
  • Requires the protection and confidential handling of protected health information

The Final Rule on Security Standards was issued on February 20, 2003. It took effect on April 21, 2003 with a compliance date of April 21, 2005 for most covered entities and April 21, 2006 for “small plans.” The Security Rule complements the Privacy Rule.

These safeguards, when applied well, can help you avoid some of the common security gaps that lead to cyber-attack or data loss. They can protect the people, information, technology, and facilities that you may depend on to carry out your primary mission: helping your patients.

The HIPAA Security Rule requires covered providers to implement security measures, which help protect patients’ privacy by creating the conditions for patient health information to be available but not be improperly used or disclosed.

While the Privacy Rule pertains to all Protected Health Information (PHI) including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical. For each of these types, the Rule identifies various security standards, and for each standard, it names both required and addressable implementation specifications.

Required specifications must be adopted and administered as dictated by the Rule. Addressable specifications are more flexible. Individual covered entities can evaluate their own situation and determine the best way to implement addressable specifications.

The important thing to do if you suspect a breach has occurred is to notify the proper authorities immediately. Here at NSU, there are several ways to ensure that you have reported a suspected breach properly, they include:

  • Call the NSU HIPAA Security Officer at (954) 262-4643,
  • Call the HIPAA Security Team Hotline at (954) 262-0448,
  • Call the NSU Privacy Officer directly at (954)262-4302; or
  • Call the Anonymous Compliance Hotline at phone:  888-609-NOVA (6682) – Toll free, (Available 24 hours a day, 7 days a week)

Who do I call if I have questions about HIPAA Security?

The NSU Chief Information Security Officer/NSU HIPAA Security Officer (John Christly) is available if you have questions about HIPAA Security. This includes questions on existing processes or functions you perform as well as new processes, programs, or initiatives you are considering that involve patients and electronic protected health information (PHI). You can contact John at (954)262- 4643 or via email at

To view the complete version of the 2013 Updated HIPAA Security Information form. Click here