HIPAA Forms and Resources
Helps determine if an entity is a Business Associate, as defined under HIPAA 45 CFR 160.103. | |
For use when documenting patient authorization to allow PHI for purposes of a case report. | |
| Classifying HIPAA Data Tip Sheet | Quick reference for determining data classification and appropriate document for data sharing. |
Visually indicates appropriate uses of PHI. | |
Explains the differences between deidentified, LDS, and identifiable PHI. | |
Link to the Office of Information Security's GDPR webpage. The EU GDPR (effective May 25, 2018) sets a broad definition for personal information and establishes a variety of requirements regarding privacy and the handling of EU residents' personal information. | |
Provides the basics of HIPAA - in a nutshell. | |
Obtains permission to use PHI or images of individuals who are photographed or videotaped for educational, promotional, advertising, or other purposes. | |
| HIPAA Training Compliance FAQ | CU HIPAA Regulations’ Skillsoft Course Frequently Asked Questions |
For use when communicating a HIPAA privacy concern to the Privacy team. | |
For use when evaluating physical space for HIPAA privacy and security compliance. | |
Explains how a Covered Entity may use and disclose health information kept in your medical record. | |
| PHI Sharing Decision Tree | Helps determine when it is appropriate to share PHI with family/friends of patient. |
Provides useful information regarding students' Personally Identifiable Information. |
HIPAA Contacts
Lori Hopper
HIPAA Privacy Official
- Regulatory Compliance