2003-09: Breaches of Privacy and Security of Protected Health Information (PHI) and Confidential Data

2003-04: Business Associate Agreements

2018-01: Compliance with eHealth Exchange Requirements

• Guidelines/Procedures for Compliance with eHealth Exchange Requirements

2011-01: Data Encryption, Authentication and Physical Safeguards

2008-01: Disposal of Documents/Materials Containing PHI and Receipt, Tracking and Disposal of Equipment and Electronic Media Containing Electronic Protected Health Information (Privacy & Security of Protected Health Information (PHI))

2003-02:  Documentation and Retention of HIPAA Compliance Records

2011-04: Electronic Communication of Confidential Data

• Guidelines for Outlook Email Encryption

2012-01: Email Communication with Patients/Research Participants – Policy deleted and replaced by 2011-04 Electronic Communication of Confidential Data

2003-07: HIPAA Privacy and Security Training of Workforce, UConn Health Policy on – Deleted and replaced by University Wide Compliance Training Policy

2005-04: HIPAA Security Facility Access Control, UConn Health Policy on – Deleted 3/1/21 and replaced by IT Physical Security

2005-03: Information Security Administration

• Information Security Administration Procedures

2005-10: Information Security Endpoint Protection and Software Update

2005-08: Information Security Risk Assessment

2014-08: Information Security – Wireless Network

2005-07: Information System Activity Review

2005-06: Information Systems Business Continuity and Disaster Recovery

2021-01: Information Technology Physical Security

2003-30: Limited Data-Set Creation, Use and Disclosure (Privacy and Security of (PHI))

• Certification of Limited Data Set for Research

2008-03: Mobile Computing Device (MCD) Security

2014-04: Sanctions for Privacy and Security Violations 

2011-03: Systems Access Control