The University of Arizona

HIPAA Privacy Program

Hotline Graphic

HIPAA Privacy Links

Report a Privacy Incident

Submit a Business Associate Agreement Request

HIPAA Data Reference Guide


Department Email

John Howard, JD
Director, HIPAA Privacy Program
HIPAA Privacy Officer

Bill Murphy, CISSP
HIPAA Security Specialist

Suzie Williams
HIPAA Privacy Analyst

Fax: 520.621.3355

Street Address:
1618 E. Helen Street
Tucson, AZ 85719

Mailing Address:
Attn: Privacy Officer
The University of Arizona
PO Box 210409
Tucson, AZ 85721

*Subscribe to the HIPAA Program listserv

HIPAA in the News
Enforcement Activities
Office for Civil Rights YouTube Channel

Welcome to the University of Arizona HIPAA Privacy Program

The University of Arizona (UA) HIPAA Privacy Program (HPP), led by the Director of the HIPAA Privacy Program, oversees all ongoing activities related to UA’s implementation of HIPAA policies and procedures and is the office primarily responsible for ensuring UA’s HIPAA compliance. The UA Director of the HIPAA Privacy Program is the Privacy Officer for designated UA departments and clinics and is responsible for developing and implementing relevant procedures, training and educational materials, and responding to privacy breaches.

HIPAA: The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the American Recovery and Reinvestment Act of 2009 (ARRA), and all regulations promulgated thereunder, regulate the protection of private health information for individuals. These rules and regulations set standards for the uses and disclosures of all protected health information (PHI) obtained from a covered entity or a business associate of a covered entity. 

Hybrid Entity Status: UA is a Hybrid Entity and has designated Health Care Components in accordance with 45 CFR § 164.105. These Health Care Components must comply with HIPAA (45 CFR Parts 160, 162 and 164) and all regulations promulgated thereunder, as may be amended from time to time. If you have questions about whether you, your department, or your program is a HIPAA covered entity, please contact the HIPAA Privacy Office to discuss.

Researchers: please note that all research studies involving PHI must obtain either an individual’s authorization to access their information, granted by the entity that maintains the PHI, or without individual authorization under limited circumstances set forth in the Privacy Rule (e.g. an IRB-approved waiver of authorization).