Log in
hipaa cow logo

Privacy & Security


 Privacy and Security Topic  Deliverable(s)
Access to Protected Health Information (PHI) 164.524
Accounting of Disclosures 164.528 Accounting of Disclosures
Alternative Communications 164.522 (b) Individual Right to Request Alternative Communications

Amendment 164.526

Auditing/Activity Review
  • Audit Controls 164.312(b)
  • Information System Activity Review 164.308(a)(1)(ii)(D)
  • Log-in Monitoring 164.308(a)(5)(ii)(C)
  • Protection from Malicious Software 164.308(a)(5)(ii)(B)
Information System Activity Review Policy (formerly named Auditing Policy)
Authorization 164.508
Breach Notification Part 164 Subpart D

    • Sanction Policy 164.308(a)(1)(ii)(C)
Business Associate
    • 164.308(b)
    • 164.314
    • 164.504(e)
    • HITECH Sections 13401(a), 13404, 13408
Complaint 164.530(d)(1) Privacy Complaint Policy & Form

Contingency Plan 164.308(a)(7)

    • Contingency Operations 164.310(a)(2)(i)
    • Emergency Access Procedure 164.312(a)(2)(ii)

Contingency Planning Whitepaper 

Consumer Guide Wisconsin Consumer HIPAA Guide PDF
Data Management

    • Accountability 164.310(d)(2)(iii)
    • Data Backup and Storage 164.310(d)(2)(iv)
    • Data Backup Plan 164.308(a)(7)(ii)(A)
    • Device and Media Controls 164.310(d)
    • Data Management
    • Accountability 164.310(d)(2)(iii)
    • Data Backup and Storage 164.310(d)(2)(iv)
    • Data Backup Plan 164.308(a)(7)(ii)(A)
    • Device and Media Controls 164.310(d)

Data Management & Backup

De-Identification 164.514 De-ID vs LDS
Designated Record Set 164.501  Designated Record Sets
Device & Media Controls 164.310(d)

    • Disposal 164.310(d)(2)(i)
    • Media Re-use 164.310(d)(2)(ii)
    • Portable Handheld Devices
    • Removable Media
Employee Health Management of Employee Health Records Whitepaper
Facility Access Controls 164.310(a)(1)
    • Access Control & Validation Procedures 164.310(a)(2)(iii)
    • Facility Security Plan 164.310(a)(2)(ii)

Facility Access Policy

Facility Maintenance Records 164.310(a)(2)(iv)

Facility Repairs and Maintenance

 Fundraising 164.514(f)(1)

Fundraising Policy Doc

 Group Health Plan Requirements

    • 164.314(b)
    • 164.504(f)

Plan Documents Policy

 Information Access Management 164.308(a)(4)(i)

    • Access Control 164.312(a)(1)
    • Access Establishment and Modification 164.308(a)(4)(ii)(C)
    • Authorization and/or Supervision 164.308(a)(3)(ii)(A)
    • Automatic Logoff 164.312(a)(2)(iii)
    • Isolating Healthcare Clearinghouse Function 164.308(a)(4)(ii)(A)
    • Password Management 164.308(a)(5)(ii)(D)
    • Person or Entity Authentication 164.312(d)
    • Termination Procedures 164.308(a)(3)(ii)(C)
    • Unique User Identification 164.312(a)(2)(i)
    • Workforce Clearance Procedure 164.308(a)(3)(ii)(B)
    • Workforce Security 164.308(a)(3)(i)
    • Workstation Use 164.310(b)
Judicial Proceeding 164.512(e) Policy & Procedure for Use and Disclosure of PHI for Judicial and Administrative Proceedings
Law Enforcement 164.512(f)
Marketing 164.501 Marketing Policy Doc
Media Disclosure of PHI to the Media
Minimum Necessary 164.514
Notice of Privacy Practice 164.520
Occupational Health

Occupational Health Whitepaper 4-15-13

Policies & Procedures

  • Privacy 164.530(i)
  • Security 164.316
Preemption with Wisconsin Law

    • Part 160 Subpart B
Privacy Officer 164.530(a)

HIPAA Implementation & Oversight

Psychotherapy Notes 164.508(a)(2) Psychotherapy Notes
Remote Access Policy

Remote Access Policy Document

Restriction Request 164.522 (a) Individual Right to Request Restrictions on How PHI is Used/Disclosed for TPO
 Risk Analysis & Management

    • 164.308 (a)(1)(ii)(A) and (B)
    • Evaluation 164.308(a)(8)
    • Meaningful Use – CMS EHR Incentive program
    • Protect Electronic Health Information Requirements
    • Safeguards – Administrative 164.306
    • Safeguards – Physical 164.310
 Safeguards 164.530 (c) Communication of PHI Policy Doc

Security Incident Procedures 164.308(a)(6)

    • Security Management Process 164.308(a)(1)(i)

Security Incident Response

Also Refer to Breach Notification Section

 Security Oversight
    • General Rules 164.306
    • Policies & Procedures & Documentation Requirements 164.316
    • Security Awareness and Training 164.308(a)(5)(i)
    • Security Reminders 164.308(a)5)(ii)(A)
    • Sanction Policy 164.308(a)(1)(ii)(C)
Also Refer to Training Section
Social Media Social Media Guidelines

Technical Access Control:

    • Encryption 164.312(e)(2)(ii)
    • Encryption and Decryption 164.312(a)(2)(iv)
    • Integrity 164.312(c)
    • Integrity Controls 164.312(e)(2)(i)
    • Transmission Security 164.312(e)(1)

Encryption Whitepaper


    • 164.530(b)(1)
    • 164.308(a)(5)
Privacy & Security Training Session PowerPoint
Also Refer to Security Oversight Section

Treatment Uses and Disclosures 164.506

Position Statement: Disclosing of PHI for Treatment Purposes

Verification of Identity 164.514(h)

Identity Verification

Workers Compensation 164.512(l)

Workers Compensation

hipaa cow logohipaa cow logo

Contact Us


563 Carter Court, Suite B, Kimberly, WI 54136

EMAIL | PHONE | 920-750-7728

© 2023 HIPAA COW | All Rights Reserved

Powered by Wild Apricot Membership Software