University Policy

HIPAA Policies

General HIPAA policy:   3364-15-01 HIPAA administrative simplification

Confidentiality of Patient Information:  3364-15-10 Confidentiality of Patient Information

UTMC Administration HIPAA Policies:

3364-100-90-01 Release of Health Information
3364-100-90-02 Minimum Necessary Guidelines for Use Disclosure of Protected Health Information
3364-100-90-03 Request for Restriction on Health Information
3364-100-90-05 De-Identifiable and Re-Identifiable Health Information, Limited Data Set and Data Use Agreements
3364-100-90-07 Medical Record Availability, Access and Amendment
3364-100-90-08 Patient Directory
3364-100-90-09 Joint Notice of Privacy Practices
3364-100-90-11 Accounting and Documentation of Disclosures of Protected Health Information other than Treatment, Payment or Healthcare Operations
3364-100-90-12 Security and Protection of Patient Information - Both Paper and Electronic
3364-100-90-13 Business Associate
3364-100-90-14 Photographing-videotaping, filming, video recording
3364-100-90-15 Reporting of Security Breach of Protected Health Information including Personal Health Information
3364-100-90-16 Medical Record Retention and Description; Disposal of Protected Health Information
3364-100-90-17 Medical Record Amendment
3364-100-90-18 Patient Request for Confidential Communications

Information Technology HIPAA policies:

3364-65-01  Responsible technology use policy
3364-65-02 Access control policy
3364-65-03 Transmission control policy
3364-65-05  Technology asset management policy
3364-65-06  Device and workstation policy
3364-65-07  Electronic communication policy
3364-65-07.1 Password security policy
3364-65-08  Network and telecommunications
3364-65-09  Technology backup, disaster readiness, and recovery policy
3364-65-10  Technology incident response policy
3364-65-10.1 Data center data closet access
3364-65-11 Remote access security
3364-65-13 Information security framework
3364-65-14 Boundary security policy
3364-65-19 HIPAA IT Policy

Last Updated: 1/18/17