HIPAA Privacy

2003-04: Business Associate Agreements

2003-13: Consent to Treatment

2012-06: Designated Record Set

2008-01: Disposal of Protected Health Information (PHI) and Disposal and Re-use of Hardware and Electronic Media Containing Electronic Protected Health Information (ePHI)

2003-02: Documentation and Retention of HIPAA Compliance Records

2012-01: Email Communication with Patients/Research Participants – Policy deleted and replaced by 2011-04 Electronic Communication of Confidential Data

2003-23: Faxing Protected Health Information (PHI) – 6/19/23 Retired and Replaced by 2023-03: Identification and Protection of Protected Health Information (PHI)

2023-09: Healthcare Compliance & Privacy Program – Corrective Actions and Sanctions

2023-11: Healthcare Compliance & Privacy Program – Communication and Reporting Mechanisms

2023-10: Healthcare Compliance & Privacy Program – Oversight and Enforcement

2023-06: HIPAA Patient Rights

Replaces the following policies retired on 6/19/23

  • 2003-14: Patient Right to Request Restrictions on Uses and Disclosures of PHI
  • 2003-15: Patient Right to Request Alternative Methods of Communication
  • 2003-18: Accounting of Disclosures of PHI
  • 2020-11: Patients’ Right to Access Their PHI in a Designated Record Set
  • 2020-12: Patients’ Right to Request Amendment to Health Information

2023-03: Identification and Protection of Protected Health Information (PHI)

2023-04: Information Blocking

2016-01: Medical/Dental Patient Records: Transportation of Paper and Other Media Records

    2003-21: Minimum Necessary Protected Health Information

    2008-03: Mobile Computing Device (MCD) Security

    2003-12 Notice of Privacy Practices

    2003-19: Patient Privacy Complaints

    2003-17A: Patient Right to View His/Her Medical/Dental/Research and/or Billing Record – 11/2/20 deleted and combined with Patients’ Right to Access Their PHI in a Designated Record Set policy

    2018-02: Prevention and Detection of Fraud, Waste, and Abuse

    Privacy Definitions

    2003-09: Responding to Breaches of Privacy or Security of Protected Health Information (PHI) and/or Personal Information

    2014-04: Sanctions for Privacy and Security Violations

    2016-02: Stark and Anti-Kickback Compliance

    2023-05: Use and Disclosure of Protected Health Information

    Replaces the following policies retired on 6/19/23

    • 2003-05: HIPAA Marketing Compliance
    • 2003-06: HIPAA Fundraising Compliance
    • 2003-08: Use and Disclosure of PHI by Whistleblowers and Workforce Member Crime Victims
    • 2003-25: Use and Disclosure of PHI Involving Family, Friends and Others
    • 2003-29: Creation, Use and Disclosure of De-Identified PHI
    • 2003-30: Limited Data-Set Creation, Use and Disclosure
    • 2021-04: Disclosures of PHI to the Media
    • 2021-05: Uses and Disclosures of Directory Information under HIPAA

    2003-28: Use and Disclosure of PHI for Research Purposes (Privacy and Security of PHI) – DELETED

    2014-07: Use of Protected Health Information (PHI) in Education

    2014-03: Visual, Audio or Recording of Patient Data Obtained Through Any Medium