HIPAA Forms and Resources

Business Associate Agreement (BAA)

A contract to ensure that the BAs will appropriately safeguard PHI.

Business Associate Decision Tree

Helps determine if an entity is a BA, as defined under HIPAA 45 CFR 160.103.

Case Report HIPAA Authorization Form

You are being asked to allow information about your hospital stay and related treatment of your illness to be used to write what is called a case report.

Data Sharing Flow Chart

Visually indicates appropriate uses of PHI.

Data Sharing Info Page

Explains the differences between unidentified, LDS, and identifiable PHI.

Data Use Agreement (DUA)

An agreement when a limited data set is shared, use and protection outlined.

GDPR (General Data Protection Regulation)

Link to the Office of Information Security's GDPR webpage. The EU GDPR (effective May 25, 2018) sets a broad definition for personal information and establishes a variety of requirements regarding privacy and the handling of EU residents' personal information.

HIPAA 101 Tip Sheet

Provides useful into to the UCD community - in a nutshell.

HIPAA Authorization and Model Release Form

Obtains permission to use PHI or images of individuals who are photographed or videotaped for educational, promotional, advertising, or other purposes.

HIPAA Incident Notification Form

Form to use when communicating a HIPAA privacy incident to the Privacy Officer.

HIPAA Walkthrough Checklist

For departments to use when walking through their physical space.

Notice of Privacy Practices

Notice of Privacy Practices (Spanish)

Explains how a Covered Entity may use and disclose health information kept in your medical record.

Student Data Privacy (K12)

Provides useful information regarding students Personally Identifiable Information.