UDOH HIPAA and HITECH Policies


General Policy

11.01 HIPAA Privacy and Security Governing Policy

Privacy Policies? (Combined Policies)

12.01 HIPAA Privacy and Security Implementation & Oversight
12.02 HIPAA Privacy Definitions
12.03 Identifying PHI
12.04 Safeguarding PHI 
12.05 Confidentiality Agreement for Workforce Member
12.06 Use and Disclosure of PHI Requiring Individual Authorization
12.07 Verification of the Identity and Authority of Member Requesting Disclosure of PHI
12.08 Confidentiality of Health Information Related to Minors
12.09 Communication of PHI
12.10 Safeguarding Transmission of PHI to External Vendor or Entities
12.11 Intranet
12.12 Facsimile Transmission of PHI
12.13 Designation of Record Sets
12.14 Reporting PHI Privacy Breach 
12.16 Management of Individual Privacy Complaints
12.17 Mitigation of Harm Resulting from Unauthorized Use or Disclosure
12.18 Notice of Privacy Practices
12.19 Notice of Privacy Practices Document
12.20 Patient-Recipient Privacy Rights
12.21 Personal Representative
12.22 Patient-Recipient Rights to Access Inspect and Copy PHI
12.23 Individuals' Access to PHI
12.24 Individual Requests for Restriction of Uses and Disclosures for TPO
12.25 Accounting of Disclosures
12.26 Individual Requests for Confidential Communications
12.27 Requests to Amend Records
12.28 Revocation of an Authorization 
12.29 Prohibition of Intimidating or Retaliatory Act
12.30 Patient-Recipient Privacy-Related Complaints
12.31 Minimum Necessary
12.32 Routine and Recurring Disclosures
12.33 Use and Disclosure of PHI for TPO
12.34 Use and Disclosure of Mental Health Information
12.35 Disclosures of PHI Relating to Communicable Diseases
12.36 Uses and Disclosures of PHI for Health Oversight
12.37 Disclosures of PHI to Officials
12.38 Disclosures of PHI Relating to Judicial and Admin Proceedings
12.39 Use or Disclosure of PHI for Marketing Purposes
12.41 Access Use Disclosure and Safeguarding PHI for Research

Table of Contents

Security Policies (Combined Policies)

13.01 Information Security Strategy
13.02 Security Management Process
13.03 Risk Analysis and Risk Management
13.04 HIPAA Security Oversight
13.05 Information System Activity Review
13.06 Workforce Security
13.07 System Access
13.08 Information Access Management
13.09 Security Reminders
13.10 Protection from Malicious Software
13.11 Login Monitoring
13.12 Security Incident Procedures
13.13 Response and Reporting
13.14 Contingency Plan
13.15 Data Backup Plan
13.16 Disaster Recovery Plan
13.17 Emergency Mode Operation Plan
13.18 Testing and Revision Procedures
13.19 Applications and Data Criticality Analysis
13.20 Evaluation
13.21 Business Associate Agreements
13.22 Facility Access
13.23 Contingency Operations
13.24 Facility Security Plan
13.25 Access Control and Validation Procedures
13.26 Maintenance Records
13.27 Device and Media Controls
13.28 Destruction Disposal, and Reuse of PHI Media
13.29 Accountability
13.30 Data Backup and Storage
13.31 Access Control
13.32 Emergency Access Procedure
13.33 Encryption and Decryption
13.34 Audit Controls
13.35 Integrity
13.36 Mechanism to Authenticate Sensitive Information
13.37 Transmission Security
13.38 Integrity Controls
13.39 Encryption
13.40 Policies and Procedures Standard
13.41 Documentation Standard
13.42 Information Classification
13.43 Network Security
13.44 Email Security
13.45 Remote Access
13.46 Portable Devices
13.47 VPN
13.48 Wireless Security
13.49 Wireless IP Phones
13.50 Social Media
13.51 Cell Phone and Smart Phone

Table of Contents

Data Breach Policies (Combined Policies)

14.00 Data Breach - Protected Health Information
14.01 Data Breach Discovery
14.02 Data Breach Management
14.03 Data Breach Notification
14.04 Data Breach Notification to HHS
14.05 Data Breach Notification to Individual
14.06 Data Breach Notification to Media

Table of Contents