The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that establishes national standards for protecting the privacy and security of health information and defines specific rights for individuals regarding their health information. Individually identifiable health information created or received by a covered entity qualifies as protected health information (PHI) and is subject to the rules and regulations of HIPAA.

The University of Tennessee is a single legal entity that performs both covered and non-covered functions and has therefore elected to be a hybrid entity under HIPAA. HIPAA allows a covered entity to disclose PHI to external parties, e.g., business associates, if the parties enter into a Business Associate Agreement, which obligates the business associate to take appropriate steps to safeguard the information consistent with HIPAA guidelines.

In compliance with the Act, the UT System has assigned a privacy officer to be responsible for our compliance efforts. The contact information is given above. For other HIPAA resource information, please refer to HIPAA Links provided on this page.

HIPAA Privacy Officer

Shauna Jennings
William Snodgrass Tennessee Tower
Nashville, TN 37243
Phone: 615-667-6687

HIPAA Security Officer

Robert Ridenour
Kingston Pike Bldg.
Knoxville, TN 37996
Phone: 865-974-0637