University Policy

HIPAA Policies

General HIPAA policy:   3364-15-01 HIPAA administrative simplification

Confidentiality of Patient Information:  3364-15-10 Confidentiality of Patient Information

UTMC Administration HIPAA Policies:

3364-100-90-01 Release of Health Information
3364-100-90-02 Minimum Necessary Guidelines for Use Disclosure of Protected Health Information
3364-100-90-03 Request for Restriction on Health Information
3364-100-90-05 De-Identifiable and Re-Identifiable Health Information, Limited Data Set and Data Use Agreements
3364-100-90-07 Medical Record Availability, Access and Amendment
3364-100-90-08 Patient Directory
3364-100-90-09 Joint Notice of Privacy Practices
3364-100-90-11 Accounting and Documentation of Disclosures of Protected Health Information other than Treatment, Payment or Healthcare Operations
3364-100-90-12 Security and Protection of Patient Information - Both Paper and Electronic
3364-100-90-13 Business Associate
3364-100-90-14 Photographing-videotaping, filming, video recording
3364-100-90-15 Reporting of Security Breach of Protected Health Information including Personal Health Information
3364-100-90-16 Medical Record Retention and Description; Disposal of Protected Health Information
3364-100-90-17 Medical Record Amendment
3364-100-90-18 Patient Request for Confidential Communications

Information Technology HIPAA policies:

3364-65-01 Electronic mail services policy
3364-65-02 Access control policy
3364-65-03 Transmission control policy
3364-65-04 Information technology disaster recovery and back-up policy
3364-65-05 Responsible use policy
3364-65-06 Disposal servicing and transfer of IT equipment
3364-65-07 Password security policy
3364-65-09 Network and telecommunications
3364-65-10 Data center data closet access
3364-65-11 Remote access security
3364-65-12 Workstation policy
3364-65-13 Information security framework
3364-65-14 Boundary security policy
3364-65-15 Malicious code security3364-65-16 Computer incident response
3364-65-17 Computer Purchases
3364-65-18 Server Policy
3364-65-19 HIPAA IT Policy

Last Updated: 3/23/15