HIPAA Security

2003-04: Business Associate Agreements

2018-01: Compliance with eHealth Exchange Requirements

2011-01: Data Encryption, Authentication and Physical Safeguards

2008-01: Disposal of Documents/Materials Containing PHI and Receipt, Tracking and Disposal of Equipment and Electronic Media Containing Electronic Protected Health Information (Privacy & Security of Protected Health Information (PHI))

2003-02: Documentation and Retention of HIPAA Compliance Records

2011-04: Electronic Communication of Confidential Data

2012-01: Email Communication with Patients/Research Participants – Policy deleted and replaced by 2011-04 Electronic Communication of Confidential Data

2003-07: HIPAA Privacy and Security Training of Workforce, UConn Health Policy on – Deleted and replaced by University-wide Compliance Training Policy

2005-04: HIPAA Security Facility Access Control, UConn Health Policy on – Deleted 3/1/21 and replaced by IT Physical Security

2005-03: Information Security Administration

2005-10: Information Security Endpoint Protection and Software Update

2005-08: Information Security Risk Assessment

2014-08: Information Security – Wireless Network

2005-07: Information System Activity Review

2005-06: Information Systems Business Continuity and Disaster Recovery

2021-01: Information Technology Physical Security

2008-03: Mobile Computing Device (MCD) Security

2018-02: Prevention and Detection of Fraud, Waste

2003-09: Responding to Breaches of Privacy or Security of Protected Health Information (PHI) and/or Personal Information

2014-04: Sanctions for Privacy and Security Violations

2011-03: Systems Access Control

2023-05: Use and Disclosure of Protected Health Information

Replaces the following policies retired on 6/19/23

  • 2003-30: Limited Data-Set Creation, Use and Disclosure
  • 2021-04: Disclosures of PHI to the Media