HIPAA Forms and Resources

 Health Insurance Portability and Accountability Act
Business Associate Agreement (BAA) and BAA Summary Sheeta contract to ensure that the BAs will appropriately safeguard PHI.
Business Associate Decision Treewill help determine if an entity is a BA, as defined under HIPAA 45 CFR 160.103.
Case Report HIPAA Authorization FormYou are being asked to allow information about your hospital stay and related treatment of your illness to be used to write what is called a case report.
Data Sharing Flow Chartvisually indicates appropriate uses of PHI.
Data Sharing Info Pageexplains the differences between unidentified, LDS, and identifiable PHI.
Data Use Agreement (DUA)an agreement when a limited data set is shared, use and protection outlined.
GDPR (General Data Protection Regulation)Link to the Office of Information Security's GDPR webpage. The EU GDPR (effective May 25, 2018) sets a broad definition for personal information and establishes a variety of requirements regarding privacy and the handling of EU residents' personal information.
HIPAA 101 Tip Sheetprovides useful into to the UCD community - in a nutshell.
HIPAA Incident Notification Formform to use when communicating a HIPAA privacy incident to the Privacy Officer.
HIPAA Walkthrough Checklistfor departments to use when walking through their physical space.

Notice of Privacy Practices

Notice of Privacy Practices (Spanish)

document that explains how a Covered Entity may use and disclose health information kept in your medical record.
Student Data Privacy (K12)provides useful information regarding students Personally Identifiable Information.

HIPAA Contacts


Lori Hopper

HIPAA Privacy Official

Alison Lakin

Signatory Official, Empowered Official Research Integrity Officer

Laura Morris

Interim HIPAA Security Officer