Popular Searches

Dated: October 10, 2025
Supersedes:  None
Last Review: October 10, 2025

I. PURPOSE

The purpose of this policy is to ensure that all students abide by the Health Insurance Portability and Accountability Act (HIPAA).  HIPAA compliance includes maintaining the confidentiality of paper and electronic health records.

Patient confidentiality is critical for physicians and medical students to maintain, as it is essential for maintaining the patient-doctor relationship and for preserving the trust that society has placed in physicians. 

II. POLICY

It is the policy of New York Medical College (“NYMC”) School of Medicine (“SOM”) that all students must follow HIPAA rules when participating in clinical activities at affiliated hospitals and outpatient practices.  HIPAA compliance includes maintaining the confidentiality of paper and electronic health records. When violations of HIPAA by a student are identified by a hospital, clinic, physician’s office, etc., the violation will be reviewed by the SAPRC, which may result in remediation and/or sanctions, up to and including dismissal.

There are no restrictions on the use or disclosure of de-identified health information.

III. SCOPE

This policy applies to all NYMC SOM students.

IV. DEFINITIONS          

A. HIPAA: Health Insurance Portability and Accountability Act

B. SAPRC: Student Advancement, Promotions, and Review Committee

C. PHI: Protected Health Information, which includes:

  • Personal identifiers, like name, address, birth date, and Social Security Number
  • Past, present, or future physical or mental health condition 
  • Health care provided to the patient 
  • The past, present, or future payment for health care provided to the patient

D. De-Identified Health Information: neither identifies nor provides a reasonable basis to identify an individual. This can be done either: 1) formally by a statistician; or 2) the removal of specified identifiers of the individual and of the individual’s relatives, household members, and employers

V. PROCEDURE

A. Students will attest to this policy annually.

B. When there is a question regarding patient confidentiality, students should consult with the course director, clerkship directors, clinical faculty, or medical ethics faculty.

C.  When a concern that a student has violated the confidentiality of a patient arises, the relevant course or clerkship director will determine the validity of the concern. The faculty member will first determine if patient confidentiality has been violated. 

1. If it is determined that there has been no violation of patient confidentiality, no further action may be taken. 
2. If it is determined that patient confidentiality has been violated, the faculty member will then determine the circumstances of the violation, including, for example, whether or not the student believed he or she was acting in good faith. In making this determination, the faculty member will take into account that the student's understanding of patient confidentiality may be limited by his or her level of training on the topic. 

a. If the faculty member concludes that the student acted in good faith, the faculty member will discuss the matter with the student, help the student learn from the experience, and find an appropriate resolution with the goal of creating an educational, rather than a disciplinary, experience. 
b. If the faculty member concludes that the student acted in bad faith, then the faculty member will refer the student to the SAPRC for further evaluation, which may result in remediation and/or sanctions, up to and including dismissal.

VI. EFFECTIVE DATE

This policy is effective immediately.

VII. POLICY MANAGEMENT  

Responsible Executive  Dean, School of Medicine           
Responsible Office: Office of Undergraduate Medical Education