HIPAA Forms and Resources
| Health Insurance Portability and Accountability Act | |
| Business Associate Agreement (BAA) | a contract to ensure that the BAs will appropriately safeguard PHI. |
| Business Associate Decision Tree | will help determine if an entity is a BA, as defined under HIPAA 45 CFR 160.103. |
| Case Report HIPAA Authorization Form | You are being asked to allow information about your hospital stay and related treatment of your illness to be used to write what is called a case report. |
| Data Sharing Flow Chart | visually indicates appropriate uses of PHI. |
| Data Sharing Info Page | explains the differences between unidentified, LDS, and identifiable PHI. |
| Data Use Agreement (DUA) | an agreement when a limited data set is shared, use and protection outlined. |
| GDPR (General Data Protection Regulation) | Link to the Office of Information Security's GDPR webpage. The EU GDPR (effective May 25, 2018) sets a broad definition for personal information and establishes a variety of requirements regarding privacy and the handling of EU residents' personal information. |
| HIPAA 101 Tip Sheet | provides useful into to the UCD community - in a nutshell. |
| HIPAA Incident Notification Form | form to use when communicating a HIPAA privacy incident to the Privacy Officer. |
| HIPAA Walkthrough Checklist | for departments to use when walking through their physical space. |
| document that explains how a Covered Entity may use and disclose health information kept in your medical record. | |
| Student Data Privacy (K12) | provides useful information regarding students Personally Identifiable Information. |
