The University of Arizona

HIPAA Privacy Program

Report Misconduct

University Ethics and Compliance Hotline:


HIPAA Privacy Links

Report a Privacy Incident

Submit a Business Associate Agreement Request
Submit a Data Use Agreement Request

HIPAA training questions?
Call: 520.626.4444

Contact the HIPAA Privacy Program
Katherine Georger, JD, CHC, CHRC, CIPP/US
HIPAA Privacy Officer
Phone: 520.621.1465
Fax: 520.621.3355

Street Address:
1618 E. Helen Street
Tucson, AZ 85719

Mailing Address:
Attn: Privacy Officer
The University of Arizona
PO Box 210409
Tucson, AZ 85721

*Subscribe to the HIPAA Program listserv

HIPAA Privacy Program Updates
HIPAA Training now in UAccess Learning
*NEW: HIPAA Data Reference Guide
*NEW: Report a Privacy Incident

HIPAA in the News
HIPAA Enforcement Activities
HHS Off for Civil Rights YouTube Channel

Welcome to the University of Arizona HIPAA Privacy Program

The University of Arizona (UA) HIPAA Privacy Program (HPP), led by the HIPAA Privacy Officer, oversees all ongoing activities related to UA’s implementation of HIPAA policies and procedures and is the office primarily responsible for ensuring UA’s HIPAA compliance. The UA HIPAA Privacy Officer is the Privacy Officer for designated UA departments and clinics and is responsible for developing and implementing relevant procedures, training and educational materials, and responding to privacy breaches.

HIPAA: The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the American Recovery and Reinvestment Act of 2009 (ARRA), and all regulations promulgated thereunder, regulate the protection of private health information for individuals. These rules and regulations set standards for the uses and disclosures of all protected health information (PHI) obtained from a covered entity or a business associate of a covered entity. 

Hybrid Entity Status: UA is a Hybrid Entity and has designated Health Care Components in accordance with 45 CFR § 164.105. These Health Care Components must comply with HIPAA (45 CFR Parts 160, 162 and 164) and all regulations promulgated thereunder, as may be amended from time to time. If you have questions about whether you, your department, or your program is a HIPAA covered entity, please read our guidance about standard transactions (Link).

Researchers: please note that all research studies involving PHI must obtain either an individual’s authorization to access their information, granted by the entity that maintains the PHI, or without individual authorization under limited circumstances set forth in the Privacy Rule (e.g. an IRB-approved waiver of authorization).