Skip to Main Content


Compliance & Safety Training

Yale has a number of training programs to ensure dissemination of needed information and related compliance. Educational material about safety, health, environmental protection, and compliance is based on current government regulations, guidelines, and best practices. Please note that information about the Yale Institutional Review Board (IRB) and Instuitional Animal Care and Use Committee (IACUC) are separately listed under the OAPD Research Resource Section.

Training and Certification System

Yale Training and Certification System (TMS) has a variety of learning and training courses and workshops, including registration for classes at the Learning Center and other offerings. Additionally, all faculty and staff members can take their annual Compliance Assessment to learn about what's currently required of them in their role at the University.

Please note that State of Connecticut requires state-mandated Sexual Harassment Prevention Training. The Harassment-Free Workplace web training is mandatory for all faculty and staff members within their first six months of hire and required no less than every ten years. This training is currently offered by the Office of Institutional Equity and Accessibility online, and can be accessed by visiting the TMS website, responses to frequently asked questions are posted. This requirement is in addition to the Preventing and Responding to Sexual Misconduct course, which is a 20-minute online course that all employees, trainees and students must complete as a requirement related to Title IX once per year.

HIPAA Considerations

Yale Health Insurance Portability and Accountability Act (HIPAA) website defines the rules and considerations of how to deal with Protected Health Information (PHI).

Several topics that often lead to questions include:

Email guidelines

Guidance for the use of email containing protected health information (PHI) has been found to be a particularly useful link.

The following statement should be added to all emails:

Please be aware that e-mail communication can be intercepted in transmission or misdirected. Please consider communicating any sensitive information by telephone, fax, or mail. The information contained in this message may be privileged and confidential. If you are NOT the intended recipient, please notify the sender immediately with a copy to and destroy this message.

PHI can be shared in a compliant manner between platforms without the need to encrypt. Do not put patient identifiers in the subject line.

It is allowable to email with a patient. However, we have a responsibility to notify the patient ahead of time that their email platform carries a risk during transmission (it will not be encrypted and therefore could be intercepted). Once the patient agrees to the communication by email, it is fine to proceed. We should not tell a patient that we cannot communicate with them via email.

When sending PHI in an email outside of the covered entity and other than to the patient, we should encrypt the email by typing [encrypt] as the first word on the subject line. Please be careful not to use () but rather [].

Texting of HIPAA related information

This must only be through Mobile Heartbeat (MHB). Note that texting from a MHB phone to a non-MHB phone is not compliant.

EPIC record access

Access to EPIC records of family or friends by faculty may be requested, as Yale clinicians have a unique clinical expertise that on occasion leads to requests for guidance from individuals who do not have a clinical relationship with the Yale clinician. Yale clinicians who are licensed to practice in Connecticut (MD, DO, PA, APRN) may access PHI upon request to conduct an informal review when the following conditions are met:

  • The requesting individual provides a signed authorization documenting the request. A copy of the signed authorization must be entered into the patient’s chart within 24 hours of the initial access to the chart.
  • The authorization is time limited to less than 6 months from the date of signature. The authorization may be renewed or revoked by the patient.
  • The patient is not the minor child of the clinician.

Note that information may not be altered as the clinician is not acting in the capacity of a treating provider.

Access to EPIC records of a faculty’s minor child is not permitted unless they are a treating provider to that child. MyChart Proxy access, which constrains access to sensitive treatment records while allowing access to other visit information, is strongly recommended if there is to be ongoing involvement.

PHI discussions with a patient’s spokesperson or other personal representatives

This can be done if permission is granted. It is advised that a Spokesperson Form or Personal Representative Form be completed and signed by the patient in these instances, and the document uploaded to EPIC media.

De-identification guidance related to presentations and publications

Deidentification of information in presentations and publications needs to follow this guidance for documents/presentations and case reports/publications.

Medical Billing Compliance

Medical billing compliance is important for all YM faculty who provide clinical care. The Medical Billing Compliance Office is responsible for the oversight, development, implementation, and ongoing maintenance of medical billing compliance education & training, tools & policies, questions & responses, and much more.

Conflict of Interest Office

Yale Conflict of Interest (COI) Office is committed to ensuring that the research, consultation, and other activities of faculty and non–faculty employees are conducted in accordance with the principles of openness, trust, and free inquiry that are fundamental to the autonomy and well–being of a university and with the responsible management of the University’s business. In pursuit of this important goal, the University requires annual disclosure of external interests related to University responsibilities in order to assist members of the Yale community to avoid the potential for these related interests to bias research, teaching, clinical care, or other University activities.

Environmental Health & Safety (EHS)

Environmental Health & Safety (EHS) works to ensure that the campus and your work environment are as safe as possible, protect the Yale community from harm, and prevent accidents and injuries. The Yale EHS Integrator is a web portal designed for use by EHS's partners to promote safety across the institution. Most recently, this platform has been used for delineating campus access during the COVID-19 pandemic to facilitate safe practices.