User login


HIPAA Privacy Rule and Patient Rights

 Effective Date:  November 2018



Policy Statement

Columbia University’s Healthcare Component (CUHC) will comply with all regulatory requirements including Patient Rights as set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and amended by the Health Information Technology for Economic and Clinical Health Act (HITECH).


Reason(s) for the Policy

The HIPAA Privacy Rule affords patient rights related to their health information including rights to examine and obtain a copy of their health records and to request corrections to their health information.  This policy informs workforce members how Columbia administers the patient privacy rights as required by the HIPAA Privacy Rule.


Primary Guidance to Which This Policy Responds

HIPAA Rule 45 CFR Parts 160 and 164 subparts A and E


Responsible University Office & Officer

Office of HIPAA Compliance, Chief Privacy Officer

ColumbiaDoctors, Director, Health Information Management


Revision History

Issued: December 2003

Revised: September  2017, November 2018  


Who is governed by this Policy?

All CUHC workforce members


Who Should Know This Policy?

All CUHC workforce members


Exclusions & Special Situations



Policy Text

To see the full text of this policy, please use the link on the right.