Phoenix Health Systems
HIPAA Privacy Policies Template Suite

For Healthcare Providers

The HIPAA Privacy Policies Templates Suite
includes a total of 40 policies:

I. GENERAL POLICIES REGARDING USE AND DISCLOSURE OF PHI

• HIPAA Privacy Practices - General Privacy/Confidentiality Policy
• Authorization to Use or Disclose PHI
• Requirements for a Valid HIPAA Authorization Form
• Verification of the Identity and Authority of a Person Requesting Disclosure of PHI

II. MINIMUM NECESSARY RULE FOR USE AND DISCLOSURE OF PHI

• Minimum Necessary Access to and Use of PHI
• Process for Reviewing Routine and Non-Routine Uses and Disclosures of PHI
• Requirements and Uses for De-identification of PHI
• Use of Limited Data Sets for Research, Public Health, and Health Care Operations

III. PATIENT RIGHTS REGARDING THEIR OWN PHI

• Notice of Privacy Practices and Acknowledging Receipt of the Notice
• Requests for Disclosure of Individual's Own PHI
• Requests to Amend Individual's Own PHI
• Requests for Restriction of Disclosures of an Individual's PHI
• Alternate Method of Contact - Right to Request Confidential Communications
• Accounting of Disclosures of an Individual's PHI
• Complaints About Privacy Practices

IV. USES AND DISCLOSURES NOT REQUIRING PATIENT AUTHORIZATION

• Disclosures of PHI and Optional Participation in Patient Directories
• Providing Medical Information to Family, Friends, or Others Directly Involved in a Patient's Care
• Providing PHI to Personal Representatives
• Disclosures of PHI as Required by Law, for Law Enforcement, Judicial and Administrative Proceedings, Public Health, Health Oversight, and Cooperating with a Federal Complaint Investigation
• Disclosures of PHI About Victims of Child Abuse, Other Abuse, Neglect, or Domestic Violence
• Allowable Disclosures to Avert a Serious Threat
• Requests for Uses and Disclosures of PHI During Emergencies
• Disclosures of PHI Pertaining to Patients Who are Inmates
• Uses and Disclosures Related to Deceased Individuals

V. SPECIAL CASES FOR RESTRICTION OF USES AND DISCLOSURES OF PHI

• Restrictions on the Use and Disclosure of Separately Maintained Psychotherapy Notes
• Uses and Disclosures of PHI in Research
• Using PHI for Marketing and Fundraising Outreaches

VI. ORGANIZATIONAL ISSUES AND SAFEGUARDS

• Non-Retaliation for Exercise of Privacy Rights (Including "Whistleblowers")
• Designated Record Sets Used for Patient Access
• Safeguards for Privacy Protection and Access to Protected Information
• Document Retention Period - Documents Relating to Privacy or Security of PHI
• Structure of Organizational Affiliation for Purposes of HIPAA Privacy Regulations (Single Affiliated Entity, Hybrid Entity, or Organized Health Care Arrangement)
• Use and Disclosure of Health Information Acquired Prior to Compliance Date for HIPAA Privacy Regulations: April 14, 2003 (Transition Period)
• Role of Privacy Officer
• Training Requirements for Federal HIPAA Privacy Practices
• Employee Sanctions for Compromising HIPAA Privacy or Security Regulations
• Employer Policies Affected by HIPAA Privacy Regulations (OSHA and Workers' Compensation)
• Employee Health Benefits Plans: HIPAA Privacy Requirements
• Business Associates and Required Elements for a Business Associate Contract
• Trading Partner Agreements

• Overview

• Using the Templates to Aid in Compliance

• Download a Sample Policy or Get More Information on Ordering

Overview

Using the Templates to
Aid in Compliance

List of Privacy Policies
Templates in the Suite

Download Sample Policy or
Get More Info on Ordering

HIPAAstore

About Our Audio Conferences

Package Deals
on Our
Compliance Tools

Guide to Medical Privacy and HIPAA

Privacy Policies Templates Suite

Security Policies Templates Suite

Small Provider Toolset

Toolset for Privacy Training

Phoenix Health Systems