Compliance with the Health Insurance Portability and Accountability Act (HIPAA)


The policy is promulgated to assure compliance with the Health Insurance Portability and Accountability Act of 1996 and implementing regulations (“HIPAA”) to the extent applicable to George Mason University.  This policy is in addition to the requirements of the Family Educational Rights and Privacy Act (“FERPA”) and the Virginia Government Data Collection and Dissemination Practices Act (“Privacy Act”).


The University has elected to be a “Hybrid Entity” under HIPAA, and has designated Student Health Services (“SHS”), the College of Health and Human Services MAP Clinics (“MAP Clinics”) and Population Health Center, the Center for Psychological Services, Occupational Health and Well-Being, and the Frank Pettrone Center for Sports Performance as those portions of its operation that perform covered functions and are designated as its “Health Care Components” for HIPAA purposes.  The Health Care Components shall comply with HIPAA and the associated federal regulations to the extent required by law and the federal Joint Guidance on the Application of FERPA and HIPAA to Student Health Records.  The Health Care Components shall maintain all health records of students as required by FERPA and all health records of non-students as required by the HIPAA.

All other components and department of the University are not Health Care Components and, therefore, are not required to comply with HIPAA.  Regardless of the applicability of HIPAA, all University departments and components shall comply with all applicable University policies when collecting, storing, or transmitting health information.


Each Health Care Component shall designate a Privacy Official who shall be responsible for that unit’s compliance with this policy.


     A. Effective Date:

This policy will become effective upon the date of approval by the Senior Vice President and Provost

     B. Date of Most Recent Review


This policy, and any related procedures, shall be reviewed every three years or earlier if required due to a change in related law or guidance.



Senior Vice President


Date approved: January 23, 2007

Revision Approved May 24, 2011

Revised February 16, 2017

Revised May 22, 2022