Resources & Reporting
We are committed to respecting patients’ and clinical research subjects’ rights to maintain the privacy of their health information and ensuring appropriate security of all protected health information. There are many resources to help with questions related to privacy. Contact the Privacy Office at [email protected] with any questions or concerns.
Important Forms and Resources
| Resource/Form | Purpose |
| Business Associate Decision Tree | Helps determine if an entity is a Business Associate, as defined under HIPAA 45 CFR 160.103. |
| Case Report HIPAA Authorization Form | For use when documenting patient authorization to allow PHI for purposes of a case report. |
| Classifying HIPAA Data Tip Sheet | Quick reference for determining data classification and appropriate document for data sharing. |
| Data Sharing Flow Chart | Visually indicates appropriate uses of PHI. |
| Data Sharing and Limited Data Sets | Explains the differences between deidentified, Limited Data Sets, and identifiable PHI. |
| GDPR (General Data Protection Regulation) | Link to the Office of Information Security's GDPR webpage. The EU GDPR (effective May 25, 2018) sets a broad definition for personal information and establishes a variety of requirements regarding privacy and the handling of EU residents' personal information. |
| Health Information of Decedents FAQ (form) | How to appropriately handle health information of decedents Frequently Asked Questions |
| HIPAA 101 Tip Sheet | Provides the basics of HIPAA - in a nutshell. |
| HIPAA Authorization and Model Release Form | Obtains permission to use PHI or images of individuals who are photographed or videotaped for educational, promotional, advertising, or other purposes. |
| HIPAA Training FAQ | Frequently Asked Questions for Annual HIPAA Training |
| HIPAA Incident Notification Form | For use when communicating a HIPAA privacy concern to the Privacy team. |
| HIPAA Walkthrough Checklist | For use when evaluating physical space for HIPAA privacy and security compliance. |
| Notice of Privacy Practices Notice of Privacy Practices (Spanish) | Explains how a Covered Entity may use and disclose health information kept in your medical record. |
| PHI Sharing Decision Tree | Helps determine when it is appropriate to share PHI with family/friends of patient. |
| Privacy Team Introduction: How We Support You | A brief page introducing the Privacy Team and how we can support you. |
| Protecting Patient Privacy and Consequences of Unauthorized Record Access | A tip sheet on what unauthorized record access is ("snooping"), what the consequences are, and how to avoid them. |
| Student Data Privacy (K12) | Provides useful information regarding students' Personally Identifiable Information. |