Skip to content

Patient Information Privacy Policies

UW Medicine has established a comprehensive Patient Information Privacy Compliance Program related to the HIPAA Privacy Rule, the Washington State Uniform Health Care Act, and various other federal and state privacy laws. The foundation of this program are the UW Medicine Patient Information Privacy Policies.

COMP. 101 Patient Information Privacy and Security Compliance Program and Administrative Requirements

This policy addresses:

  • UW Medicine’s Designation of Healthcare Components at the University of Washington (UW);
  • Administrative requirements addressing safeguards for protected health information (PHI), disclosures of PHI by whistleblowers, mitigation strategies, prohibition of retaliatory acts, patients’ non-waiver of rights, personnel designations and revisions and documentation of privacy policies and procedures;
  • The maintenance of the designated record set.
Policy Resources

COMP.102 Safeguarding the Privacy and Security of Protected Health Information

This policy establishes UW Medicine safeguards for protecting the confidentiality, integrity and availability of protected health information (PHI).

COMP.103 Use and Disclosure of Protected Health Information

This policy outlines the requirements for appropriate use and disclosure of protected health information (PHI), addresses the concept of minimum necessary as it applies to PHI uses and disclosures, describes the special restrictions on PHI requiring heightened standards of confidentiality, and references the requirement to document certain PHI disclosures made without patient authorization.

Policy Resources

COMP.104 Patient Rights Related to Protected Health Information

This policy establishes the obligations of UW Medicine with respect to patients’ rights regarding their protected health information (PHI).

COMP.105 Breach Notification

The purpose of this policy is to establish the following:

  • The process UW Medicine follows to investigate potential breaches of protected health information (PHI);
  • UW Medicine’s obligation to notify patients and other parties of a breach of PHI;
  • The parties that must be notified and timelines that must be observed;
  • Required elements of notifications made to patients; and
  • Parties responsible for implementing the policy.

COMP.106 Use and Disclosure of Protected Health Information by Business Associates

This policy outlines the criteria for a business associate (BA) and establishes the requirements for disclosing PHI to a BA, including the required content of a Business Associate Agreement (BAA).

Policy Resource

COMP.107 Information Security

This policy establishes UW Medicine requirements for protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI).