Job Description Updates for Current Employees – HIPAA/PHI Compliance

To: All Principal Investigators

The RCUH is relying on individual schools and projects to comply with all Health Insurance Portability and Accountability Act (HIPAA) and Protected Health information (PHI) privacy, security and breach notification rules pursuant to the requirements set forward by the U.S. Department of Health & Human Services.

The RCUH is currently reviewing job descriptions of all current employees to identify potential positions that handle HIPAA and/or PHI. All employees that handle or have access to HIPAA/PHI must have their job descriptions updated and signed with the following:

  • Policy and/or Regulatory Requirements:  As a condition of employment, incumbent will be subject to all applicable RCUH policies and procedures and as applicable subject to University of Hawaii's and/or business entity's policies and procedures.  Violation of RCUH's, UH's, or business entity's policies and/or procedures or applicable State or Federal laws and/or regulations may lead to disciplinary action (including, but not limited to possible termination of employment, personal fines, civil and/or criminal penalties, etc.).
  • Must complete University of Hawaii's and business entity's training relating to HIPAA/PHI privacy and security relating training as soon as possible but not later than the first six (6) months of the new hire probation period. Must maintain a current status on University and/or business entity's training requirements.
  • A post offer criminal background check.


The RCUH will also require the following from the employee’s Principal Investigator:

  • A copy of the project’s HIPAA/PHI policy and training requirements.

  • Contact information of the project’s Security Officer.

  • A copy of the certification of the employee’s completion of HIPAA/PHI training.

  • A signed memo from the Principal Investigator confirming that the project will be directly responsible to ensure the RCUH employee’s full compliance with all established HIPAA/PHI laws and the project’s HIPAA/PHI policies and procedures, and that in the event of a data breach, the project will take necessary and timely action to inform the appropriate parties, including the RCUH Human Resources Department.

If your project has employee(s) that handle and/or have access to HIPAA/PHI, please contact Stacie Kondo ([email protected], (808) 956-8953) to process your employee(s)’ job description updates.