2003-04: Business Associate Agreements

2003-13: Consent to Treatment

• HCH901: Consent for Treatment, Use and Disclosure of PHI, Acknowledgments and Financial Agreement Form

2012-06: Designated Record Set

2008-01: Disposal of Protected Health Information (PHI) and Disposal and Re-use of Hardware and Electronic Media Containing Electronic Protected Health Information (ePHI)

• Procedure for Disposal of Documents/Materials Containing Protected Health Information (PHI) and Receipt, Tracking, Re-use, and Disposal of Hardware and Electronic Media Containing Electronic Protected Health Information (ePHI)

2003-02: Documentation and Retention of HIPAA Compliance Records

2012-01: Email Communication with Patients/Research Participants – Policy deleted and replaced by 2011-04 Electronic Communication of Confidential Data

2003-23: Faxing Protected Health Information (PHI) – 6/19/23 Retired and Replaced by 2023-03: Identification and Protection of Protected Health Information (PHI)

2023-09: Healthcare Compliance & Privacy Program – Corrective Actions and Sanctions

2023-11: Healthcare Compliance & Privacy Program – Communication and Reporting Mechanisms

2023-10: Healthcare Compliance & Privacy Program – Oversight and Enforcement

2023-06: HIPAA Patient Rights

Replaces the following policies retired on 6/19/23

• 2003-14: Patient Right to Request Restrictions on Uses and Disclosures of PHI
• 2003-15: Patient Right to Request Alternative Methods of Communication
• 2003-18: Accounting of Disclosures of PHI
• 2020-11: Patients’ Right to Access Their PHI in a Designated Record Set
• 2020-12: Patients’ Right to Request Amendment to Health Information

2023-03: Identification and Protection of Protected Health Information (PHI)

• UConn Health Procedures for Verifying the Identity and Authority of Individuals Requesting PHI

2023-04: Information Blocking

2016-01: Medical/Dental Patient Records: Transportation of Paper and Other Media Records

2003-21: Minimum Necessary Protected Health Information

2008-03: Mobile Computing Device (MCD) Security

2003-12 Notice of Privacy Practices

• HCH901: Consent for Treatment, Use and Disclosure of PHI, Acknowledgments and Financial Agreement Form

2003-19: Patient Privacy Complaints

2003-17A: Patient Right to View His/Her Medical/Dental/Research and/or Billing Record – 11/2/20 deleted and combined with Patients’ Right to Access Their PHI in a Designated Record Set policy

2018-02: Prevention and Detection of Fraud, Waste, and Abuse

Privacy Definitions

2003-09: Responding to Breaches of Privacy or Security of Protected Health Information (PHI) and/or Personal Information

• Procedures for Responding to Breaches of Privacy or Security of Protected Health Information (PHI) and/or Personal Information

2014-04: Sanctions for Privacy and Security Violations

2016-02: Stark and Anti-Kickback Compliance

2023-05: Use and Disclosure of Protected Health Information

Replaces the following policies retired on 6/19/23

• 2003-05: HIPAA Marketing Compliance
• 2003-06: HIPAA Fundraising Compliance
• 2003-08: Use and Disclosure of PHI by Whistleblowers and Workforce Member Crime Victims
• 2003-25: Use and Disclosure of PHI Involving Family, Friends and Others
• 2003-29: Creation, Use and Disclosure of De-Identified PHI
• 2003-30: Limited Data-Set Creation, Use and Disclosure
• 2021-04: Disclosures of PHI to the Media
• 2021-05: Uses and Disclosures of Directory Information under HIPAA

2003-28: Use and Disclosure of PHI for Research Purposes (Privacy and Security of PHI) – DELETED

2014-07: Use of Protected Health Information (PHI) in Education

• HCH551: Authorization to Obtain and/or Disclose Health Information
• HCH375: Consent for Photographing and/or Recording of Patients (Non-Clinical Care Purposes)

2014-03: Visual, Audio or Recording of Patient Data Obtained Through Any Medium

• HCH375: Consent for Photographing and/or Recording of Patients (Non-Clinical Care Purposes)