Welcome to the Northern Arizona University HIPAA Privacy Program

The Northern Arizona University HIPAA Privacy Program oversees all ongoing activities related to NAU's implementation of HIPAA policies and procedures and is the office primarily responsible for ensuring NAU's HIPAA compliance. The NAU Privacy Officer is responsible for developing and implementing relevant procedures, training, and educational materials, and responding to privacy breaches for designated departments and clinics.


The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the American Recovery and Reinvestment Act of 2009 (ARRA), and all regulations promulgated there under regulate the protection of private health information for individuals. These rules and regulations set standards for the uses and disclosures of all protected health information (PHI) obtained from a covered entity or a business associate of a covered entity.

Hybrid Entity Status: 

NAU is a Hybrid Entity and has designated Health Care Components in accordance with 45 CFR § 164.105. These Health Care Components must comply with HIPAA (45 CFR Aprts 160, 162, and 164) and all regulations promulgated thereunder, as may be amended from time to time.