2003-04: Business Associate Agreements
2012-06: Designated Record Set
2003-02: Documentation and Retention of HIPAA Compliance Records
2012-01: Email Communication with Patients/Research Participants – Policy deleted and replaced by 2011-04 Electronic Communication of Confidential Data
2003-23: Faxing Protected Health Information (PHI) – 6/19/23 Retired and Replaced by 2023-03: Identification and Protection of Protected Health Information (PHI)
2023-09: Healthcare Compliance & Privacy Program – Corrective Actions and Sanctions
2023-11: Healthcare Compliance & Privacy Program – Communication and Reporting Mechanisms
2023-10: Healthcare Compliance & Privacy Program – Oversight and Enforcement
Replaces the following policies retired on 6/19/23
- 2003-14: Patient Right to Request Restrictions on Uses and Disclosures of PHI
- 2003-15: Patient Right to Request Alternative Methods of Communication
- 2003-18: Accounting of Disclosures of PHI
- 2020-11: Patients’ Right to Access Their PHI in a Designated Record Set
- 2020-12: Patients’ Right to Request Amendment to Health Information
2023-03: Identification and Protection of Protected Health Information (PHI)
2023-04: Information Blocking
2016-01: Medical/Dental Patient Records: Transportation of Paper and Other Media Records
2003-21: Minimum Necessary Protected Health Information
2008-03: Mobile Computing Device (MCD) Security
2003-12 Notice of Privacy Practices
2003-19: Patient Privacy Complaints
2003-17A: Patient Right to View His/Her Medical/Dental/Research and/or Billing Record – 11/2/20 deleted and combined with Patients’ Right to Access Their PHI in a Designated Record Set policy
2018-02: Prevention and Detection of Fraud, Waste, and Abuse
2014-04: Sanctions for Privacy and Security Violations
2016-02: Stark and Anti-Kickback Compliance
2023-05: Use and Disclosure of Protected Health Information
Replaces the following policies retired on 6/19/23
- 2003-05: HIPAA Marketing Compliance
- 2003-06: HIPAA Fundraising Compliance
- 2003-08: Use and Disclosure of PHI by Whistleblowers and Workforce Member Crime Victims
- 2003-25: Use and Disclosure of PHI Involving Family, Friends and Others
- 2003-29: Creation, Use and Disclosure of De-Identified PHI
- 2003-30: Limited Data-Set Creation, Use and Disclosure
- 2021-04: Disclosures of PHI to the Media
- 2021-05: Uses and Disclosures of Directory Information under HIPAA
2003-28: Use and Disclosure of PHI for Research Purposes (Privacy and Security of PHI) – DELETED
2014-07: Use of Protected Health Information (PHI) in Education
- HCH551: Authorization to Obtain and/or Disclose Health Information
- HCH375: Consent for Photographing and/or Recording of Patients (Non-Clinical Care Purposes)
2014-03: Visual, Audio or Recording of Patient Data Obtained Through Any Medium