UW Medicine Compliance

Information Security – COMP.107


This policy establishes UW Medicine requirements for protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI).

This policy applies to UW Medicine workforce members (including faculty, employees, trainees, volunteers and other persons who perform work for UW Medicine), devices, and information systems that access, use, maintain and transmit ePHI. ePHI is classified as confidential in accordance with University of Washington (UW) Administrative Policy Statement (APS) 2.6 Information Security Controls and Operational Practices.

Policy PDF

Administrative Information
Policy Statement
I. Administrative Processes
II. Integrity and Availability of ePHI
III. Information Access Control and Management / Identity and Access Management
IV. Workstation, Device and Media Security and Controls
V. Transmission Security
VI. Information System Activity Review
Roles and Responsibilities