The Office of Student Affairs reminds all students and staff of the policy regarding the application of HIPAA to the accessing of medical records, quoted below.


HIPAA provisions apply to access of electronic medical records.  Memorial Hermann Hospital's information security system records the identity of each individual who accesses records.  Inappropriate access is an infraction of Medical School and University policies and will be dealt with as a breach of professionalism.


If you have accessed the record of a patient not in your care, please contact the Office of Student Affairs and provide in writing an account of the particulars. 


“Students at The University of Texas Health Science Center at Houston are given access to medical charts and records and computer systems that contain protected health information as defined by University Privacy Policies (; see UPP 6.03(5)(b)) and the Health Insurance Portability and Accountability Act’s Privacy Standards (45 CFR §§ 160, 164, et. seq., “HIPAA”).  Students may only access, review, utilize, or disclose protected health information directly related to their studies and consistent with University policies and procedures.  Students must complete HIPAA training prior to accessing, reviewing, utilizing, and/or disclosing protected health information. 


It is expressly prohibited for student to access, review, use, and/or disclose protected health information not directly related to their regular assigned academic work, including access and/or review of their own protected health information, and the protected health information of friends, acquaintances, relatives, persons of notoriety or public interest, etc. 


Failure to strictly follow University privacy policies may result in disciplinary action, including, but not limited to the limitation or denial of access to computer systems containing protected health information (including access for regular academic work), suspension, probation, or dismissal.”