UDOH HIPAA and HITECH Policies


General Policy

11.01 HIPAA Privacy and Security Governing Policy???
?
Privacy Policies? (Combined Policies)

12.01 HIPAA Privacy and Security Implementation & Oversight??
12.02 HIPAA Privacy Definitions?
12.03 Identifying PHI?
12.04 Safeguarding PHI?
12.05 Confidentiality Agreement for Workforce Member?
12.06 Use and Disclosure of PHI Requiring Individual Authorization?
12.07 Verification of the Identity and Authority of Member Requesting Disclosure of PHI?
12.08 Confidentiality of Health Information Related to Minors?
12.09 Communication of PHI?
12.10 Safeguarding Transmission of PHI to External Vendor or Entities?
12.11 Intranet?
12.12 Facsimile Transmission of PHI
12.13 Designation of Record Sets??
12.14 Reporting PHI Privacy Breach?
12.16 Management of Individual Privacy Complaints?
12.17 Mitigation of Harm Resulting from Unauthorized Use or Disclosure?
12.18 Notice of Privacy Practices?
12.19 Notice of Privacy Practices Document?
12.20 Patient-Recipient Privacy Rights?
12.21 Personal Representative?
12.22 Patient-Recipient Rights to Access Inspect and Copy PHI?
12.23 Individuals' Access to PHI?
12.24 Individual Requests for Restriction of Uses and Disclosures for TPO?
12.25 Accounting of Disclosures?
12.26 Individual Requests for Confidential Communications?
12.27 Requests to Amend Records?
12.28 Revocation of an Authorization?
12.29 Prohibition of Intimidating or Retaliatory Act?
12.30 Patient-Recipient Privacy-Related Complaints?
12.31 Minimum Necessary?
12.32 Routine and Recurring Disclosures
12.33 Use and Disclosure of PHI for TPO
12.34 Use and Disclosure of Mental Health Information
12.35 Disclosures of PHI Relating to Communicable Diseases
12.36 Uses and Disclosures of PHI for Health Oversight
12.37 Disclosures of PHI to Officials
12.38 Disclosures of PHI Relating to Judicial and Admin Proceedings
12.39 Use or Disclosure of PHI for Marketing Purposes
12.41 Access Use Disclosure and Safeguarding PHI for Research

Table of Contents?

Security Policies (Combined Policies)

13.01 Information Security Strategy
13.02 Security Management Process
13.03 Risk Analysis and Risk Management
13.04 HIPAA Security Oversight
13.05 Information System Activity Review
13.06 Workforce Security
13.07 System Access
13.08 Information Access Management
13.09 Security Reminders
13.10 Protection from Malicious Software
13.11 Login Monitoring
13.12 Security Incident Procedures
13.13 Response and Reporting
13.14 Contingency Plan
13.15 Data Backup Plan
13.16 Disaster Recovery Plan
13.17 Emergency Mode Operation Plan
13.18 Testing and Revision Procedures
13.19 Applications and Data Criticality Analysis
13.20 Evaluation
13.21 Business Associate Agreements
13.22 Facility Access
13.23 Contingency Operations???????
13.24 Facility Security Plan
13.25 Access Control and Validation Procedures
13.26 Maintenance Records
13.27 Device and Media Controls
13.28 Destruction Disposal, and Reuse of PHI Media
13.29 Accountability
13.30 Data Backup and Storage??
13.31 Access Control
13.32 Emergency Access Procedure
13.33 Encryption and Decryption
13.34 Audit Controls
13.35 Integrity
13.36 Mechanism to Authenticate Sensitive Information
13.37 Transmission Security
13.38 Integrity Controls
13.39 Encryption
13.40 Policies and Procedures Standard
13.41 Documentation Standard
13.42 Information Classification
13.43 Network Security
13.44 Email Security
13.45 Remote Access
13.46 Portable Devices
13.47 VPN
13.48 Wireless Security
13.49 Wireless IP Phones
13.50 Social Media
13.51 Cell Phone and Smart Phone

Table of Contents
??
Data Breach Policies (Combined Policies)??

14.00 Data Breach - Protected Health Information
14.01 Data Breach Discovery
14.02 Data Breach Management??
14.03 Data Breach Notification
14.04 Data Breach Notification to HHS
14.05 Data Breach Notification to Individual
14.06 Data Breach Notification to Media ???

Table of Contents? ??????????