UDOH HIPAA and HITECH Policies


General Policy

11.01 HIPAA Privacy and Security Governing Policy   
 
Privacy Policies  (Combined Policies)

12.01 HIPAA Privacy and Security Implementation & Oversight  
12.02 HIPAA Privacy Definitions 
12.03 Identifying PHI 
12.04 Safeguarding PHI 
12.05 Confidentiality Agreement for Workforce Member 
12.06 Use and Disclosure of PHI Requiring Individual Authorization 
12.07 Verification of the Identity and Authority of Member Requesting Disclosure of PHI 
12.08 Confidentiality of Health Information Related to Minors 
12.09 Communication of PHI 
12.10 Safeguarding Transmission of PHI to External Vendor or Entities 
12.11 Intranet 
12.12 Facsimile Transmission of PHI
12.13 Designation of Record Sets  
12.14 Reporting PHI Privacy Breach 
12.16 Management of Individual Privacy Complaints 
12.17 Mitigation of Harm Resulting from Unauthorized Use or Disclosure 
12.18 Notice of Privacy Practices 
12.19 Notice of Privacy Practices Document 
12.20 Patient-Recipient Privacy Rights 
12.21 Personal Representative 
12.22 Patient-Recipient Rights to Access Inspect and Copy PHI 
12.23 Individuals' Access to PHI 
12.24 Individual Requests for Restriction of Uses and Disclosures for TPO 
12.25 Accounting of Disclosures 
12.26 Individual Requests for Confidential Communications 
12.27 Requests to Amend Records 
12.28 Revocation of an Authorization 
12.29 Prohibition of Intimidating or Retaliatory Act 
12.30 Patient-Recipient Privacy-Related Complaints 
12.31 Minimum Necessary 
12.32 Routine and Recurring Disclosures
12.33 Use and Disclosure of PHI for TPO
12.34 Use and Disclosure of Mental Health Information
12.35 Disclosures of PHI Relating to Communicable Diseases
12.36 Uses and Disclosures of PHI for Health Oversight
12.37 Disclosures of PHI to Officials
12.38 Disclosures of PHI Relating to Judicial and Admin Proceedings
12.39 Use or Disclosure of PHI for Marketing Purposes
12.41 Access Use Disclosure and Safeguarding PHI for Research

Table of Contents 

Security Policies (Combined Policies)

13.01 Information Security Strategy
13.02 Security Management Process
13.03 Risk Analysis and Risk Management
13.04 HIPAA Security Oversight
13.05 Information System Activity Review
13.06 Workforce Security
13.07 System Access
13.08 Information Access Management
13.09 Security Reminders
13.10 Protection from Malicious Software
13.11 Login Monitoring
13.12 Security Incident Procedures
13.13 Response and Reporting
13.14 Contingency Plan
13.15 Data Backup Plan
13.16 Disaster Recovery Plan
13.17 Emergency Mode Operation Plan
13.18 Testing and Revision Procedures
13.19 Applications and Data Criticality Analysis
13.20 Evaluation
13.21 Business Associate Agreements
13.22 Facility Access
13.23 Contingency Operations       
13.24 Facility Security Plan
13.25 Access Control and Validation Procedures
13.26 Maintenance Records
13.27 Device and Media Controls
13.28 Destruction Disposal, and Reuse of PHI Media
13.29 Accountability
13.30 Data Backup and Storage  
13.31 Access Control
13.32 Emergency Access Procedure
13.33 Encryption and Decryption
13.34 Audit Controls
13.35 Integrity
13.36 Mechanism to Authenticate Sensitive Information
13.37 Transmission Security
13.38 Integrity Controls
13.39 Encryption
13.40 Policies and Procedures Standard
13.41 Documentation Standard
13.42 Information Classification
13.43 Network Security
13.44 Email Security
13.45 Remote Access
13.46 Portable Devices
13.47 VPN
13.48 Wireless Security
13.49 Wireless IP Phones
13.50 Social Media
13.51 Cell Phone and Smart Phone

Table of Contents
  
Data Breach Policies (Combined Policies)  

14.00 Data Breach - Protected Health Information
14.01 Data Breach Discovery
14.02 Data Breach Management  
14.03 Data Breach Notification
14.04 Data Breach Notification to HHS
14.05 Data Breach Notification to Individual
14.06 Data Breach Notification to Media    

Table of Contents