Loyola University Chicago

HIPAA @ Loyola

Policies and Guidelines




Definition of Breach

A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.  An impermissible use or disclosure of protected health information is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of at least the following factors:

  1. The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification;
  2. The unauthorized person who used the protected health information or to whom the disclosure was made;
  3. Whether the protected health information was actually acquired or viewed; and
  4. The extent to which the risk to the protected health information has been mitigated.

Breach Decision Tree

Use the Breach Decision Tree to determine if a breach has occurred.  Notify datasecurity@luc.edu immediately if a breach is suspected.

COVID-19 HIPAA Privacy Statement

Wellness Center


How We Collect Information About You:

Loyola University Chicago (LUC) and its employees and volunteers collect data through a variety of means including but not necessarily limited to letters, phone calls, emails, and voicemails that are either required by law or necessary to maintain compliance with Federal, State, and City of Chicago guidelines for COVID-19.

What We Do Not Do with Your Information:

COVID-19 information that you provide to us in writing, via email, on the phone (including information left on voicemails), contained in, or attached to applications, or directly or indirectly given to us, is held in strictest confidence.

How We Do Use Your Information:

Information is only used as is reasonably necessary to maintain compliance with Federal, State, and City of Chicago guidelines for COVID-19.  Loyola University Chicago collects and maintains Protected Health Information (PHI) related to COVID-19 in the following manner.

  • Point-n-Click is a medical records system used by the Wellness Center and contains PHI for diagnostic testing and other health services. 
  • data is a contact tracing application used by the Contact Tracers to research positive COVID diagnosis cases and potential exposures for quarantine and contains limited PHI for those purposes.
  • Loyola Health App Admin Functions – Contains COVID-19 testing results/diagnosis related information & vaccine information. Used by the Wellness Center, Contact Tracers, COVID Care Coordinators, COVID Compliance Team
  • Testing Results & Compliance Dashboards - Contains limited PHI, including testing results/diagnosis related information that is also used by the Wellness Center, Contact Tracers, COVID Compliance Team


Information We Do Not Collect:

We do not use cookies on our COVID-19 website or Loyola Health App to collect data from site visitors.  We respect your right to privacy and assure you no identifying information you send to us will ever be publicly used without your direct or indirect consent.


Joan Holden, DNP, APRN, ANP-BC   
Health and Safety Officer, Management, Policy, and Command   
Director, Wellness Center   


Jim Pardonek, CISSP   
Chief Information Security Officer   
Associate Director, Information Technology Services