Policies Recently Updated:

  • Breach Notification:  Unauthorized Access, Use and/or Disclosure of Individually Identifiable Patient or Other Personal information.  IM 10-30.02


These policies are intended to provide guidance about reasonable and appropriate safeguards for the confidentiality, accuracy, and integrity of patient and other individually identifiable information. 
If you have questions or need assistance in interpretation or application of any of these policies, please contact the Privacy Office at 936-3594 or email the Privacy Office.

Access to Confidential Information IM 10-30.03
Access to Protected Patient Information by Job Role IM 10-30.24
Audit Logs and Activity Review for Electronic Systems and Applications Containing Protected Health Information IM 10-40.24
Authentication to Electronic Systems and Applications IM 10-30.28
Authorization and Access to Electronic System And Applications IM 10-30.19
Authorization to Access Medical Records: Self & Others IM 10-20.01
Breach Notification: Unauthorized Access, Use or Disclosure of Individually Identifiable Patient or Other Personal Information IM 10-30.02
Business Associate Agreements IM 10-10.01
Cloud-Based Computing and Data Storage IM 10-30.27
Computer Workstation and Lockout and Automatic Log-off Standards IM 10-30.16
Definition of the Legal Medical Record and the Designated Record Set IM 10-20.05
De-Identification of Protected Health Information IM 10-30.07
Disposal of Confidential Information IM 10-30.18
Electronic Messaging of Individually Identifiable Patient and Other Sensitive Information IM 10-30.15
Faxing Confidential Information IM 10-10.03
Identity Theft Prevention and Response IM 10-30.04
Internet Monitoring and Filtering for Clinical Workstations IM 10-30.04
MHAV: Eligibility of Levels of Access IM 10-30.20
Patient Photography and Video Imaging
Instructions to upload an image to your computer
IM 10-30.17
Patient Request for Confidential Communications IM 10-30.09
Patient Request to Amend Protected Health Information
Procedural Process Amendment Request Form
Patient Acknowledgement Ltr.
Amend Accepted Ltr. Amend Denied Ltr.
Statement of Disagreement form
IM 10-40.17
Patient Request to Restrict the Use of Information
Service Estimate Method
IM 10-40.20
Patient Safety and Confidentiality: No Information, Security Risk, STAT and Alias Designations IM 10-20.12
Personal Health Information Provided through MHAV IM 10-30.21
Privacy and Information Security Training IM 10-30.05
Protection and Security of Protected Health Information IM 10-30.13
Protection and Security of Research Health Information IM 10-30.14
Release of Patient Information IM 10-30.29
Records Retention and Destruction IM 10-10.02
Releasing Patient Information and Coordinating Access to Patients by External Law Enforcement Official and Investigators
HHS: HIPAA guide for Law Enforcement (Hand-out)
IM 10-30.11
Sanctions for Privacy and Information Security Violations IM 10-30.12
Use and Disclosure of Protected Health Information IM 10-30.06