The HIPAA/HITECH Act now requires any entity that handles protected health information (PHI) to report breaches, whether in paper or electronic form. For colleges and universities with employee health plans or student health centers, this means complying with various aspects of the HIPAA privacy, security, and HITECH rules. But what is PHI? How do institutions address PHI in both paper and electronic form? What are the breach-notification requirements? Where do you start? This session will provide a practical overview of how to comply with the game-changing HIPAA legislation.