UW Medicine has established a comprehensive Patient Information Privacy Compliance Program related to the HIPAA Privacy Rule, the Washington State Uniform Health Care Act, and various other federal and state privacy laws. The foundation of this program are the UW Medicine Patient Information Privacy Policies.
This policy addresses:
- UW Medicine’s Designation of Healthcare Components at the University of Washington (UW);
- Administrative requirements addressing safeguards for protected health information (PHI), disclosures of PHI by whistleblowers, mitigation strategies, prohibition of retaliatory acts, patients’ non-waiver of rights, personnel designations and revisions and documentation of privacy policies and procedures;
- The maintenance of the designated record set.
This policy establishes UW Medicine safeguards for protecting the confidentiality, integrity and availability of protected health information (PHI).
This policy outlines the requirements for appropriate use and disclosure of protected health information (PHI), addresses the concept of minimum necessary as it applies to PHI uses and disclosures, describes the special restrictions on PHI requiring heightened standards of confidentiality, and references the requirement to document certain PHI disclosures made without patient authorization.
This policy establishes the obligations of UW Medicine with respect to patients’ rights regarding their protected health information (PHI).
COMP.105 Breach Notification
The purpose of this policy is to establish the following:
- The process UW Medicine follows to investigate potential breaches of protected health information (PHI);
- UW Medicine’s obligation to notify patients and other parties of a breach of PHI;
- The parties that must be notified and timelines that must be observed;
- Required elements of notifications made to patients; and
- Parties responsible for implementing the policy.
This policy outlines the criteria for a business associate (BA) and establishes the requirements for disclosing PHI to a BA, including the required content of a Business Associate Agreement (BAA).
COMP.107 Information Security
This policy establishes UW Medicine requirements for protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI).