HIPAA Guidelines Policy and Procedure Manual
|
||
|
||
|
Back to Policy Library
Download a sample
|
- Changes
- Table of Contents
- Copyright
- Disclaimer
-
SECTION 01 - PRIVACY
- 1001 - Uses and Disclosures of Protected Health Information - General Rules
- 1002 - Sale of Protected Health Information
- 1003 - Uses and Disclosures of Protected Health Information - Minimum Necessary and Incidental Disclosures
- 1004 - Uses and Disclosures of Protected Health Information Subject to an Agreed-Upon Restriction
- 1005 - Restriction Agreement - Release of Patient Protected Health Information Consent Form
- 1006 - Disclosures to Business Associates and Subcontractors
- 1007 - Sample Business Associate Agreement Provisions
- 1008 - Considerations for Business Associate Agreements with Cloud Services Providers
- 1009 - Deceased Individuals
- 1010 - Personal Representatives
- 1011 - Confidential Communications
- 1012 - Uses and Disclosures Consistent with Notice
- 1013 - Disclosures by Whistleblowers and Workforce Member Crime Victims
- 1014 - Uses and Disclosures - Organizational Requirements
- 1015 - Consent for Uses or Disclosures to Carry Out Treatment, Payment or Healthcare Operations
- 1016 - Uses and Disclosures of Protected Health Information - Communication with Family Members
- 1017 - Patient Consent for the Release of Protected Health Information Form
- 1018 - Disclosure of Protected Health Information During Disaster Relief Efforts
- 1018A - Disclosure of Protected Health Information During Infection Outbreaks
- 1019 - Uses and Disclosures of Protected Health Information for Marketing
- 1020 - Uses and Disclosures for Which an Authorization is Required
- 1021 - Patient Authorization Form - Use and Disclosure of Protected Health Information
- 1022 - Uses and Disclosures for Which an Authorization is Required - Defective Authorization
- 1023 - Waiver of Authorization Form - Example
- 1024 - Uses and Disclosures for Which an Authorization is Required - Compound Authorization
- 1025 - Uses and Disclosures Requiring an Opportunity for the Individual to Agree or to Object
- 1026 - Uses and Disclosures for Which an Authorization or Opportunity to Agree or Object is Not Required
- 1027 - Interpreter Services and Protected Health Information
- 1028 - Authorization for the Use and Disclosure of PHI for Research Purposes
- 1029 - Waiver of Authorization Form - Research Project
- 1030 - Uses and Disclosures of Protected Health Information - De?Identifying and Re-Identifying Protected Health Information
- 1031 - De-Identification of PHI with the Safe Harbor Method
- 1032 - De-Identification of PHI with the Expert Determination Method
- 1033 - Uses and Disclosures of Protected Health Information - Minimum Necessary Requirements
- 1034 - Limited Data Set
- 1035 - Data Use Agreement Form
- 1036 - Use and Disclosure of Protected Health Information for Fundraising
- 1037 - Verification of Identity and Authority of Persons Requesting Protected Health Information
- 1038 - Disclosure of Protected Health Information to Law Enforcement Without Individual Authorization
- 1039 - Notice of Privacy Practices for Protected Health Information
- 1040 - Patient Privacy Notice - Sample Handout
- 1041 - Individual's Right to Request Privacy Protection for Protected Health Information
- 1042 - Right to Request Privacy Protection for Protected Health Information - Confidential Communications Requirements
- 1043 - Individuals' Right to Access Their Protected Health Information
- 1044 - Employee Access to His/Her Own Protected Health Information
- 1045 - Fees Charged for Copies of Protected Health Information Fact Sheet
- 1046 - Amendment of Protected Health Information
- 1047 - Accounting of Disclosures of Protected Health Information
- 1048 - Administrative Requirements
- 1049 - Position Description/Performance Evaluation - (Chief) Privacy/Security Officer
- 1050 - Annual Competency Skills Assessment - (Chief) Privacy/Security Officer
- 1051 - Staff Training
- 1052 - Safeguards
- 1053 - Complaints
- 1054 - Sanctions
- 1055 - Mitigation
- 1056 - Refraining from Intimidating or Retaliatory Acts (HIPAA 164.530(g))
- 1057 - Development and Implementation of Protected Health Information Policies and Procedures
- 1058 - HIPAA Considerations and Disclosures to the National Instant Criminal Background Check System
- 1059 - Confidentiality of Information and Consent for Release of Information - Substance Use Disorder
- 1060 - Release of Substance Use Disorder Information or Medical Records
- 1061 - Notice of Prohibition of Redisclosure Substance Use Disorder Program
-
SECTION 02 - SECURITY
- 2001 - Definitions
- 2002 - Implementation Specifications
-
Administrative Safeguards
- 2101 - General Security
- 2102 - Employee Training Log for Computer/Fax Stations
- 2103 - List of Computer Stations That Can Create/Transmit Protected Health Information (PHI and ePHI)
- 2104 - List of Fax Machines That Can Create/Transmit Protected Health Information
- 2105 - Maintenance of Computer Software Programs
- 2106 - Text Messaging
- 2107 - Administrative Safeguards - Risk Analysis
- 2108 - Inventory of Electronic Protected Health Information and Information Systems List
- 2109 - Administrative Safeguards - Risk Management
- 2110 - Administrative Safeguards - Sanctions
- 2111 - Statement of Adherence - Security Policies and Procedures Signature Sheet
- 2112 - Administrative Safeguards - Information System Activity Review
- 2113 - Administrative Safeguards - Privacy/Security Officer
- 2114 - Administrative Safeguards - Workforce Authorization/Supervision
- 2115 - Administrative Safeguards - Workforce Clearance and Access Authorization
- 2116 - Administrative Safeguards - Workforce Termination
- 2117 - Administrative Safeguards - Isolating Healthcare Clearinghouse Functions
- 2118 - Confidentiality Statement Form
- 2119 - Receipt of Access Code Form
- 2120 - Security Code for Computer Access List
- 2121 - Administrative Safeguards - Security Awareness and Training
- 2122 - Administrative Safeguards - Access Establishment and Modification
- 2123 - Administrative Safeguards - Security Reminders
- 2124 - Administrative Safeguards - Protection from Malicious Software
- 2125 - Administrative Safeguards - Log-in Monitoring
- 2126 - Administrative Safeguards - Password Management
- 2127 - Administrative Safeguards - Security Incident Procedure - Response and Reporting
- 2128 - Security Incident: Confidential Information Form
- 2129 - Security Incident Log
- 2130 - Administrative Safeguards - Contingency Plan
- 2131 - Administrative Safeguards - Data Backup Plan
- 2132 - Administrative Safeguards - Disaster Recovery Plan
- 2133 - Administrative Safeguards - Emergency Operations Plan
- 2134 - Administrative Safeguards - Testing and Revision Procedures
- 2135 - Administrative Safeguards - Applications and Data Criticality Analysis
- 2136 - Administrative Safeguards - Evaluation
- 2137 - Administrative Safeguards - Business Associate/Written Contract or Other Arrangement
-
Physical Safeguards
- 2201 - Physical Safeguards - Facility Access Controls
- 2202 - Physical Safeguards - Contingency Operations
- 2203 - Physical Safeguards - Facility Security Plan
- 2204 - Physical Safeguards - Access Control and Validation Procedure
- 2205 - Physical Safeguards - Maintenance Records
- 2206 - Physical Safeguards - Workstation Use
- 2207 - Physical Safeguards - Workstation Security
- 2208 - Physical Safeguards - Device and Media Controls
- 2209 - Physical Safeguards - Device and Media Controls - Disposal
- 2210 - Disposal/Destruction of Protected Health Information
- 2211 - Physical Safeguards - Device and Media Controls - Media Re-use
- 2212 - Physical Safeguards - Device and Media Controls - Accountability
- 2213 - Physical Safeguards - Device and Media Controls - Data Backup and Storage
-
Technical Safeguards
- 2301 - Technical Safeguards - Unique User Identification
- 2302 - Technical Safeguards - Emergency Access
- 2303 - Technical Safeguards - Automatic Log-Off
- 2304 - Technical Safeguards - Encryption and Decryption
- 2305 - Technical Safeguards - Audit Controls
- 2306 - Technical Safeguards - Method to Authenticate Electronic Protected Health Information
- 2307 - Technical Safeguards - Authenticate Person/Entity
- 2308 - Technical Safeguards - Transmission Security
- 2309 - Technical Safeguards - Integrity Controls
- Organizational Requirements
- SECTION 03 - BREACH OF PROTECTED HEALTH INFORMATION
-
SECTION 04 - TRANSACTIONS AND CODE SETS
- 4001 - Transactions - Introduction
- 4002 - Healthcare Claims Control
- 4003 - Healthcare Payment and Remittance Advice
- 4004 - Coordination of Benefits
- 4005 - Healthcare Claim Status Request Response
- 4006 - Benefit Enrollment and Maintenance
- 4007 - Healthcare Eligibility/Benefit Inquiry Controls
- 4008 - Health Plan Premium Payments
- 4009 - Healthcare Services Review - Request for Review and Response
- SECTION 05 - IDENTIFIER STANDARDS
- SECTION 06 - REFERENCES