HIPAA Forms and Resources


Business Associate Decision Tree

Helps determine if an entity is a Business Associate, as defined under HIPAA 45 CFR 160.103.

Case Report HIPAA Authorization Form

For use when documenting patient authorization to allow PHI for purposes of a case report.

Classifying HIPAA Data Tip SheetQuick reference for determining data classification and appropriate document for data sharing.

Data Sharing Flow Chart

Visually indicates appropriate uses of PHI.

Data Sharing Info Page

Explains the differences between deidentified, LDS, and identifiable PHI.

GDPR (General Data Protection Regulation)

Link to the Office of Information Security's GDPR webpage. The EU GDPR (effective May 25, 2018) sets a broad definition for personal information and establishes a variety of requirements regarding privacy and the handling of EU residents' personal information.

HIPAA 101 Tip Sheet

Provides the basics of HIPAA - in a nutshell.

HIPAA Authorization and Model Release Form 

Obtains permission to use PHI or images of individuals who are photographed or videotaped for educational, promotional, advertising, or other purposes.

HIPAA Training Compliance FAQ CU HIPAA Regulations’ Skillsoft Course Frequently Asked Questions

HIPAA Incident Notification Form

For use when communicating a HIPAA privacy concern to the Privacy team.

HIPAA Walkthrough Checklist

For use when evaluating physical space for HIPAA privacy and security compliance.

Notice of Privacy Practices

Notice of Privacy Practices (Spanish)

Explains how a Covered Entity may use and disclose health information kept in your medical record.

PHI Sharing Decision TreeHelps determine when it is appropriate to share PHI with family/friends of patient.

Student Data Privacy (K12)

Provides useful information regarding students' Personally Identifiable Information.

HIPAA Contacts

Charlotte Russell

HIPAA Security Officer
  • Office of Information Technology

Email Address:charlotte.russell@cuanschutz.edu

Primary Phone:303-724-3056

CMS Login