University HIPAA Policy

1.1 General Rule: Uses and Disclosures of Information

1.2 De-identification of Information

1.3 Minimum Necessary

1.4 Data Gathered Prior to April 14, 2003

1.5 Sanctions Applicable to Workforce for Violation of Policies

1.6 Verification of Individuals

1.7 Retention of Records

2.1 Notice of Privacy Practices Policy

2.2 Notice of Privacy Practices Document (English)

2.2 Notice of Privacy Practices Document (Spanish)

2.3 Notice of Privacy Practices Acknowledgment Form

3.1 Valid Authorization

3.2 When No Authorization is Required to Use or Disclose PHI

3.3 Authorization Required to Use or Disclose PHI contained in Psychotherapy Notes

3.4 Conditioning Receipt of Services on Providing Authorization

3.5 Revoking Authorization

3.6 Authorization Forms provided by Colorado Multiple Institutional Review Board

3.7 Authorization for Public Relations Purposes

4.1 Research Purposes (under construction)

4.2 Required by Law (under construction)

4.3 Permitted Disclosures: Opportunity to Agree or Object

4.4 Deceased Research Certification Form

4.5 Limited Data Sets

4.6 Pre-Research Certification Form

5.1 Marketing

5.2 Fundraising

6.1 Right to Request Restrictions

6.2 Right to Request Confidential Communications

6.3 [DELETED]

6.4 Right to Access and Copy

6.5 [DELETED]

6.6 No Waiver of Rights

6.7 Process for Complaints

7.1 Safeguards

7.2 Training

8.1 Business Associates Privacy Practices

8.2 [DELETED]

8.3 Business Associates Contract Templates

8.4 Data Use Agreement Summary Sheet Template

8.5 Data Use Agreement Template - Switched Role of University

9.1 Security management (Policy)

9.1 Security Management (Procedure)

9.2 Security Incidents and Breach Notification

9.3 Auditing

9.4 Workforce Security

9.5 Facility and Device Security

9.6 Transmission Security

9.7 Contingency Planning

9.8 Data Integrity

9.9 Person or Entity Authentication

9.10 Device and Media Controls

9.11 Portable Media Security

9.12 Secure E-Mail Transmission

9.13 Security of E-PHI on Home computers

10.1 HIPAA Privacy Incident Notice