Aerial view of campus at sunset

HIPAA and Healthcare Compliance

Montclair State University adopted a HIPAA Privacy Policy and a HIPAA Security Policy to establish its obligations concerning the retention, use and non-disclosure of protected health information (“PHI”) in conformance with the Health Insurance Portability and Accountability Act of 1996, its implementing regulations as amended in 2013, and the Health Information Technology for Economic and Clinical Health Act of 2009.

This policy does not apply to health information contained within education records covered under the Federal Education Right and Privacy Act (“FERPA”).

The Compliance Plan of Montclair State University’s Healthcare Components (the “Compliance Plan” or “Plan”) is intended to demonstrate the Healthcare Components Committee’s commitment to the highest standards of ethics and legal and regulatory compliance. The elements of the Plan generally include establishing compliance and practice standards to prevent erroneous or fraudulent conduct, communicating the standards to employees, responding to detected violations, enforcing disciplinary standards, developing open lines of communication, monitoring and auditing, and maintaining an environment that supports the Plan.

Who is subject to this policy?
Montclair State University is designated as a hybrid entity under HIPAA. Certain programs of the University are healthcare components because they provide treatment in a University created clinic or program and submit claims to federal or state reimbursement programs or private health insurance carriers for payment. Below is a list of the programs within the University that have been designated as healthcare components and that are subjected to HIPAA and obligated to comply with the HIPAA Privacy Policy and Healthcare Compliance Plan.

  • Center for Audiology and Speech-Language Pathology
  • Center for Autism and Early Childhood Mental Health
  • Jeffrey Dworkin Early Intervention Program
  • University Health Center (UHC)
Privacy Notice
The University’s Privacy Notice describes how medical information about patients can be used and disclosed and how to gain access to this information. All healthcare components of the University are required to provide a copy of the Privacy Notice to individuals using their services, and obtain their signature to an Acknowledgment of Receipt of the Privacy Notice. The Privacy Notice and Acknowledgment can be found as an exhibit to the HIPAA Privacy Policy and as a separate Privacy Notice and Acknowledgment Form
All faculty and staff (including student clinical trainees and paid student workers) who access PHI are required to complete training concerning the HIPAA Privacy Policy.

The University’s Privacy Officer is responsible for providing training and must ensure that all employees, agents and students within the healthcare components have completed the EVERFI Program or an alternative training. The initial training program will be assigned to faculty, staff and paid students upon hire via email. Unpaid student trainees will be assigned training by their Clinical Directors.

Training will roll out in May and be reassigned annually. Once assigned the course in EVERFI, assignees have two weeks to complete it. Noncompliance will be reported to the clinical supervisor.

The University’s HIPAA Privacy Policy requires an individual who wishes to obtain a copy of PHI to sign a written authorization. Download the University’s Authorization Form.

Any healthcare component of the University that enters into a contract with a third party that will be provided access to PHI must sign a business associate agreement (“BAA”). The University’s form of BAA can be emailed upon request to

If you have any questions regarding MSU’s HIPAA Privacy Policy, are concerned that a breach of PHI may have occurred, or wish to file a complaint concerning the University’s Notice of Privacy Practices, please do not hesitate to contact the University’s Privacy Officer at:

Privacy Officer
Montclair State University
Academic Affairs
1 Normal Avenue, Montclair, NJ 07043
Phone: 973-655-7781

If you have any questions regarding MSU’s HIPAA Security Policy, are concerned that a breach of electronic PHI may have occurred, or wish to file a complaint concerning the University’s Notice of Privacy Practices, please do not hesitate to contact the University’s Security Officer at:

Security Officer