HIPAA Privacy Office - Policies & Procedures

Skip to Main Content.

| Home > Faculty & Administration > Administrative Departments > HIPAA >




	Welcome

	Frequently Asked Questions

	Forms

	Articles & Newsletters

	Current Events

	Training

	Contact Us

Section 1 – Introduction

1.1 Statement of Purpose & Scope

1.2 Definitions

Section 2 –Privacy Compliance Program

2.1 Privacy Staff & Responsibilities

2.2 Privacy Policies & Documentation

Section 3 – Patient Permission

3.1 Consent for Use & Disclosure of PHI

3.2 Authorizations for Non-Research Purposes

3.3 Persons Involved in the Individual's Care

3.4 Disaster Relief

3.5 Facility Directories

Section 4 – Patient Rights

4.1 Notice of Pivacy Practices

4.2 Right to Request Restrictions

4.3 Confidential Communications

4.4 Right to Access Records

4.5 Right to Request Amendment of Medical Records

4.6 Right to Receive Accountings of Disclosures

4.7 Designated Record Sets

Section 5 – De-identification, Re-identification, and Limited Data Sets

5.1 De-identification & Re-identification

5.2 Limited Data Sets

Section 6 – Uses, Disclosures and Requests of PHI

6.1 Minimum Necessary Rule

6.2 Access & Use of Protected Health Information

6.3 Disclosures of Protected Health Information

6.4 UT Southwestern Requests for PHI

6.5 Verification

Section 7 – Standard Protocols for Uses, Disclosures and Requests of PHI

7.1 Workforce and PHI Classifications

7.2 Treatment

7.3 Payment Activities

7.4 Health Care Operations

7.5 Legal Representatives of an Individual

7.6 Media Activities

7.7 Medical Examiners

7.8 Organ, Eye & Tissue Transplant Organizations

7.9 Uses & Disclosures Required by Law

7.10 Specialized Governmental Functions

7.11 Judicial and Administrative Proceedings

7.12 Legal Counseling Activities

7.13 Law Enforcement

7.14 Victims of Abuse, Neglect or Domestic Violence

7.15 Public Health Activities

7.16 Averting a Serious Threat to Health or Safety

7.17 Health Oversight

7.18 Workers' Compensation

7.19 Transcription Services

7.20 Electronic Transmissions

7.21 E-mail Communications

7.22 Mental Health Records and Psychotherapy Notes

7.23 Employers

7.24 Incidental Uses & Disclosures

7.25 Research

7.26 Research Authorizations

7.27 Waiver or Alteration of Research Authorizations

7.28 Reserved

7.29 Research on Decedents

7.30 Research Recruitment

7.31 Treatment, Payment & Operations Databases

7.32 Research Databases

7.33 Marketing & Outreach

7.34 Fundraising

Section 8 – Employee Assistance Program

Section 9 – Business Associates

Section 10 – Safeguards

10.1 Administrative

1. Off-site storage of medical records

10.2 Technical

1. Dial-in access
2. Computer or medical diagnostic equipment that is sold or discarded
3. Palm Pilots/Blackberries

10.3 Physical

1. Screen savers
2. Shutting off computer before leaving
3. Facing monitors away from the public
4. Locking room and file cabinets containing PHI
5. Shredding documents containing PHI before disposal
6. Recycling/disposal of paper records
7. Patient charts at the nursing station
8. Patient information on doors
9. Information at the patient’s bedside workstation
10. Intranet use
11. Copiers and printers
12. Fax machines
13. Outpatient surgery lockers

Section 11 – Workforce Training

Section 12 – Compliance Oversight

12.1 Privacy Compliance Monitoring

12.2 Office for Civil Rights Compliance reviews & Investigations

12.3 Complaints & Internal Investigations

12.4 Remediation

12.5 Enforcement & Disciplinary Sanctions s

Section 13 – Organizational Relationships

13.1     University of Texas System

13.2     UT Southwestern Health Systems

13.3     Affiliated Hospitals

13.4     Hybrid Entity