Our Care Sites
Serving Southeast Michigan
Serving West Michigan
Physical therapy services
Athletic development services

HIPAA Privacy and IT Security Requirements Review


A lab employee conducts research using test tubes

Research proposals (including patient registries) which involve access to, use of, disclosure of or transmission of patient information (PHI or de-identified), colleague information or business confidential/financial data must be properly reviewed and vetted prior to implementation.

Privacy Assessment

The Privacy Assessment is conducted by the Privacy Officer and will focus on what patient data is used, why the data is required and who will require access. This assessment will determine if the use of the information is allowable under state/federal laws, if patient authorization is required and if there is the need for a Business Associate Agreement (BAA) or Data Use Agreement (DUA). BAAs must be reviewed and signed by the Privacy Officer.

Information Security Assessments

Information Security Assessments are required for projects that involve IT systems/devices that reside or are connected to the Trinity Health Network or if data is used, disclosed, transmitted or managed electronically including via a web based portal. The Information Security Assessment is conducted by the Information Security Officer. This review is to verify the proposed methods used to encrypt transmitted data and to understand the manner and locations in which data will be stored and accessed.

These reviews help ensure compliance with state and federal laws and regulations including the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the safety of our organizational data and network systems.

For review of your proposal (or project) regarding privacy and IT security assessments, please submit a consultation request.