Patient Information Privacy Policies - UW Medicine Compliance

UW Medicine has established a comprehensive Patient Information Privacy Compliance Program related to the HIPAA Privacy Rule, the Washington State Uniform Health Care Act, and various other federal and state privacy laws. The foundation of this program are the UW Medicine Patient Information Privacy Policies.

COMP. 101 Patient Information Privacy and Security Compliance Program and Administrative Requirements

This policy addresses:

UW Medicine’s Designation of Healthcare Components at the University of Washington (UW);
Administrative requirements addressing safeguards for protected health information (PHI), disclosures of PHI by whistleblowers, mitigation strategies, prohibition of retaliatory acts, patients’ non-waiver of rights, personnel designations and revisions and documentation of privacy policies and procedures;
The maintenance of the designated record set.

Policy Resources

Guidance 101.G1 University of Washington HIPAA Designation
Guidance 101.G2 Privacy Policies Summary

COMP.102 Safeguarding the Privacy and Security of Protected Health Information

This policy establishes UW Medicine safeguards for protecting the confidentiality, integrity and availability of protected health information (PHI).

Policy Resources

Form 102.F1 Agreement for Electronic Access to Protected Health Information
Form 102.F2 Workforce Member Documentation of IT System Access
Form 102.F3 Non-UW Medicine Workforce Privacy, Confidentiality and Information Security Agreement
Guidance 102.G2 Faxing PHI
Guidance 102.G4 Protected Health Information (PHI)

COMP.103 Use and Disclosure of Protected Health Information

This policy outlines the requirements for appropriate use and disclosure of protected health information (PHI), addresses the concept of minimum necessary as it applies to PHI uses and disclosures, describes the special restrictions on PHI requiring heightened standards of confidentiality, and references the requirement to document certain PHI disclosures made without patient authorization.

Policy Resources

Form 103.F1 Mandatory Violent Injury Report (UH2883) (VMC, see here)
Form 103.F2 Release of Patient Property Form
Form 103.F4 Patient Information for Inclusion in the UW Medicine Patient Directory (UH1868) (VMC, see here)
Form 103.F7 Patient Authorization to Disclose, Release and/or Obtain Protected Health Information Form (UH0626) (VMC, see here)
Form 103.F8 Release of Information Coordination and Action Form
Form 103.F9 Verbal Redisclosure (Record of verbal Redisclosure of PHI) (UH1866)
(VMC, see here)
Form 103.F10 Patient Authorization to Use & Disclose Protected Health Information for Publication (UH3031) (VMC, see here)
Form 103.F11 Patient Authorization to Use or Disclose Photography/Video Tape Form (UH0324) (VMC, see here)
Form 103.F12 Patient Authorization for UW Medicine to Use or Disclose Protected Health Information for Publicity Form (UH1874) (VMC, see here)
Guidance 103.G1 Treatment, Payment and Healthcare Operations
Guidance 103.G2 Minimum Necessary Disclosure Decision Tree
Guidance 103.G3 Law Enforcement Requests Disclosure of Patient Information
Guidance 103.G4 Minor (Parent/Guardian) eCare Account Request Process
Guidance 103.G7 Prohibition on Redisclosure
Guidance 103.G8 Release of PHI for Judicial and Administrative proceedings
Guidance 103.G9 Marketing Activities Guidance
Guidance 103.G10 Use & Disclosure of PHI for Involvement in Patient’s Care and Notification Decision Tree
Template 103.T1 Sample Letter: Subpoena Unenforceable
Template 103.T2 Sample Letter: Subpoena Rejection
Template 103.T3 Sample Letter: Rejection Out of State Subpoena
Template 103.T4 Sample Letter: PHI – Incomplete Request
Template 103.T5 Sample Letter: UW Medicine Authorization to Disclose PHI Status Update Letter to Patient
Template 103.T6 Data Use Agreement for Limited Data Set (for individuals or entities NOT part of UW Medicine workforce)
Template 103.T7 Data Use Agreement for Limited Data Set for UW Medicine workforce

COMP.104 Patient Rights Related to Protected Health Information

This policy establishes the obligations of UW Medicine with respect to patients’ rights regarding their protected health information (PHI).

Policy Resources

Form 104.F1 UW Medicine Joint Notice of Privacy Practices (Brochure) (UH1858)
(http://www.uwmedicine.org/nopp).
Form 104.F2 UW Medicine Joint Notice of Privacy Practices (Text Version)
Form 104.F3 Translation NoPP: Arabic
Form 104.F4 Translation NoPP: Chinese
Form 104.F5 Translation NoPP: Russian
Form 104.F6 Translation NoPP: Somali
Form 104.F7 Translation NoPP: Spanish
Form 104.F8 Translation NoPP: Vietnamese
Form 104.F9 Notice of Privacy Practices Acknowledgment Form (UH2045)
(VMC, see here)
Form 104.F10 Request to Consider Additional Privacy Protection for Protected Health Information (UH1869) (VMC, see here)
Form 104.F11 Request to Restrict Disclosure of Health Care Items or Services to Health Plans When Patients Self Pay Out-of-Pocket (UH2923) (VMC, see here)
Form 104.F12 Additional Privacy Protections, Restrictions and Alternative Communications Coordination and Action Form
Form 104.F13 Amendment Request (UH2078) (VMC, see here)
Form 104.F14 Accounting For Disclosure (UH3162) (VMC, contact VMC HIM.)

COMP.105 Breach Notification

The purpose of this policy is to establish the following:

The process UW Medicine follows to investigate potential breaches of protected health information (PHI);
UW Medicine’s obligation to notify patients and other parties of a breach of PHI;
The parties that must be notified and timelines that must be observed;
Required elements of notifications made to patients; and
Parties responsible for implementing the policy.

COMP.106 Use and Disclosure of Protected Health Information by Business Associates

This policy outlines the criteria for a business associate (BA) and establishes the requirements for disclosing PHI to a BA, including the required content of a Business Associate Agreement (BAA).

Policy Resource

- Template 106.T1 UW Medicine Business Associate Agreement

COMP.107 Information Security

This policy establishes UW Medicine requirements for protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI).