HIPAA Policies
General HIPAA policy:
3364-15-01 HIPAA administrative simplification
Confidentiality of Patient Information:
3364-15-10 Confidentiality of Patient Information
UT HIPAA Policies:
|
Policy Number |
Policy Name |
Description |
|
Release of Health Information |
Process for providing patients their medical record. |
|
|
Minimum Necessary Guidelines for Use/Disclosure of Protected Health Information |
PHI can be used for treatment, payment and healthcare operations but only PHI that workforce members has a business purpose to review the information. |
|
|
Request for Restriction on Health Information |
Patients may pay cash for services and restrict the disclosure of the documentation. |
|
|
De-Identifiable and Re-Identifiable Health Information, Limited Data Set and Data Use agreement |
PHI may need to be de-identified for such purposes as research. Re-identification maybe necessary by using a code that would remain with the covered entity. |
|
|
Medical Record Availability and Access |
Health Information Management maintains a medical record on every patient. Patients may request a copy of their record in various formats, electronics, e-mail, flash drive and/or paper. |
|
|
Patient Directory |
Patient directory and what information may be disclosed as requested by the patient. |
|
|
Joint Notice of Privacy Practices |
A notice provides the patient with their rights and obligations. |
|
|
Accounting and Documentation of Disclosures of Protected Health Information other than Treatment, Payment and Healthcare Operations. |
HIM must keep a tracking log of all disclosures of PHI. |
|
|
Security and protection of Patient Information Both Papers and Electronic |
PHI must be protected from natural or environmental disasters. Workforce members must ensure highest security of their computer and passwords. |
|
|
Business Associate Agreement |
A Business Associated Agreement must accompany any contract where the vendor will create, receive, maintain or transmit PHI on behalf of UT. |
|
|
Photographing- videotaping, filming, video recording |
Consent required for filming, photographing, or recording for the purpose of education, staff development and/or documentation. |
|
|
Reporting of Security Breach of Protected Health Information including Personal Health Information |
Process for determining and reporting a breach. |
|
|
Medical Record Retention and Destruction Disposal of Protected Health information |
Maintenance, retention, destruction and disposal of electronic and paper documentation. |
|
|
Medical Record Amendment |
Patients may request a change to their medical record that may either be approved or denied by the provider |
|
|
Patient Request for Confidential Communication |
Patients complete a Confidential Communication form, directing UT what phone number to call and leave messages and whom workforce members may speak to regarding PHI. |