COVID-19 |
- Disclosures for TPO & Imminent Threat
- HIPAA COW Telemedicine Policy
|
Access to Protected Health Information (PHI) 164.524 |
- Patient Right to Access, Inspect and Copy Protected Health Information
- Minors Privacy Right Access
- Provider Model Privacy Notice
- Provider Notice of Privacy Practice
- Charging for copies of PHI
|
Accounting of Disclosures 164.528 |
- Accounting of Disclosures
|
Alternative Communications 164.522 (b) |
- Individual Right to Request Alternative Communications
|
Amendment 164.526 |
- Amendment Policy
- Amendment Form
- Sample Letters for Amendment Policy
|
Auditing/Activity Review
- Audit Controls 164.312(b)
- Information System Activity Review 164.308(a)(1)(ii)(D)
- Log-in Monitoring 164.308(a)(5)(ii)(C)
- Protection from Malicious Software 164.308(a)(5)(ii)(B)
|
- Information System Activity Review Policy (formerly named Auditing Policy)
|
Authorization 164.508 |
- Consent for Disclosure of Patient PHI
- Validity of Patient Authorization
- Authorization Elements Grid
- WI Authorization Form
- Audio, Video and Photo Consent 10.1.17
- Issue of Requiring Authorization Forms to include Copy or Fax – Position Statement
-
-
-
-
|
Breach Notification Part 164 Subpart D
- Sanction Policy 164.308(a)(1)(ii)(C)
|
- 2013 Omnibus Rule Version Breach Notification Policy – Compliance Date 9/23/13
- Privacy Officer Breach Notification Checklist
|
Business Associate
- 164.308(b)
- 164.314
- 164.504(e)
- HITECH Sections 13401(a), 13404, 13408
|
- BA Agreement Omnibus Rule
- Business Associate Agreement Policy/Procedure
- BA Training PPT
|
Complaint 164.530(d)(1) |
- Privacy Complaint Policy & Form
|
Contingency Plan 164.308(a)(7)
- Contingency Operations 164.310(a)(2)(i)
- Emergency Access Procedure 164.312(a)(2)(ii)
|
- Contingency Planning Whitepaper
|
Consumer Guide |
- Wisconsin Consumer HIPAA Guide PDF
|
Data Management
- Accountability 164.310(d)(2)(iii)
- Data Backup and Storage 164.310(d)(2)(iv)
- Data Backup Plan 164.308(a)(7)(ii)(A)
- Device and Media Controls 164.310(d)
|
- Data Management & Backup
|
De-Identification 164.514 |
- De-ID vs LDS
|
Designated Record Set 164.501 |
- Designated Record Sets
|
Device & Media Controls 164.310(d)
- Disposal 164.310(d)(2)(i)
- Media Re-use 164.310(d)(2)(ii)
- Portable Handheld Devices
- Removable Media
|
- Media Sanitization for Disposal or Reuse
- Portable Handheld Device Policy
- Removable Media Policy
|
Employee Health |
- Management of Employee Health Records Whitepaper
|
Facility Access Controls 164.310(a)(1)
- Access Control & Validation Procedures 164.310(a)(2)(iii)
- Facility Security Plan 164.310(a)(2)(ii)
|
- Facility Access Policy
|
Facility Maintenance Records 164.310(a)(2)(iv) |
- Facility Repairs and Maintenance
|
Fundraising 164.514(f)(1) |
- Fundraising Policy Doc
|
Group Health Plan Requirements
|
- Plan Documents Policy
|
Information Access Management 164.308(a)(4)(i)
- Access Control 164.312(a)(1)
- Access Establishment and Modification 164.308(a)(4)(ii)(C)
- Authorization and/or Supervision 164.308(a)(3)(ii)(A)
- Automatic Logoff 164.312(a)(2)(iii)
- Isolating Healthcare Clearinghouse Function 164.308(a)(4)(ii)(A)
- Password Management 164.308(a)(5)(ii)(D)
- Person or Entity Authentication 164.312(d)
- Termination Procedures 164.308(a)(3)(ii)(C)
- Unique User Identification 164.312(a)(2)(i)
- Workforce Clearance Procedure 164.308(a)(3)(ii)(B)
- Workforce Security 164.308(a)(3)(i)
- Workstation Use 164.310(b)
|
- System Access Policy
- Remote Access Policy
- Information Blocking Roadmap/Decision Tracker Template
|
Judicial Proceeding 164.512(e) |
- Policy & Procedure for Use and Disclosure of PHI for Judicial and Administrative Proceedings
|
Law Enforcement 164.512(f) |
- HIPAA & Wisconsin Law Enforcement
- Drug Seeking Behavior Whitepaper
- 2016 Privacy Rule Modification—Firearms Safety
- Use of Body Cameras by Law Enforcement
|
Limited Data Set 164.514 |
- De-ID vs LDS
|
Marketing 164.501 |
- Marketing Policy Doc
|
Media |
- Disclosure of PHI to the Media
|
Minimum Necessary 164.514 |
- Minimum Necessary Training PPT
- Minimum Necessary Doc
|
Notice of Privacy Practice 164.520 |
- Privacy Notice Policy – Provider
- Model Privacy Notice – Provider
- Notice of Privacy Acknowledgement
- Privacy Notice Policy – Payer
- Model Privacy Notice – Payer
- Patient Privacy Rights – Policy
- Patient Privacy Rights – PowerPoint
|
Occupational Health |
- Occupational Health Whitepaper 4-15-13
|
Policies & Procedures
- Privacy 164.530(i)
- Security 164.316
|
- Example Policy & Procedure Template
- HIPAA Security Policy and Procedure Checklist
- Security Standards and Associated P&Ps
|
Preemption with Wisconsin Law
|
- Preemption Analysis Supplement Definitions
- Preemption – WI 146 Pdf
- Preemption – WI 51.30 Pdf
- Preemption – WI 252 Pdf
- Preemption – 256.15(12): Ambulance Records Preemption Analysis
- Preemption Matrix (Payer) Doc
- HIPAA Harmonization Guidance WHIMA
|
Privacy Officer 164.530(a) |
- HIPAA Implementation & Oversight
|
Psychotherapy Notes 164.508(a)(2) |
- Psychotherapy Notes
|
Remote Access Policy |
- Remote Access Policy Document
|
Restriction Request 164.522 (a) |
- Individual Right to Request Restrictions on How PHI is Used/Disclosed for TPO
|
Risk Analysis & Management
- 164.308 (a)(1)(ii)(A) and (B)
- Evaluation 164.308(a)(8)
- Meaningful Use – CMS EHR Incentive program
- Protect Electronic Health Information Requirements
- Safeguards – Administrative 164.306
- Safeguards – Physical 164.310
|
- Risk Management Policy Doc
- Risk Toolkit Guide
- Risk Assessment Template
- Privacy, Security, & Meaningful Use Questions to Ask Vendors Doc
|
Safeguards 164.530 (c) |
- Communication of PHI Policy Doc
|
Security Incident Procedures 164.308(a)(6)
- Security Management Process 164.308(a)(1)(i)
|
- Security Incident Response
Also Refer to Breach Notification Section
|
Security Oversight:
- General Rules 164.306
- Policies & Procedures & Documentation Requirements 164.316
- Security Awareness and Training 164.308(a)(5)(i)
- Security Reminders 164.308(a)5)(ii)(A)
- Sanction Policy 164.308(a)(1)(ii)(C)
|
- HIPAA Security Oversight Policy
- Security Benchmarking Whitepaper
- Cyber Hygiene Guidelines
Also Refer to Training Section
|
Social Media |
- Social Media Guidelines
|
Technical Access Control:
- Encryption 164.312(e)(2)(ii)
- Encryption and Decryption 164.312(a)(2)(iv)
- Integrity 164.312(c)
- Integrity Controls 164.312(e)(2)(i)
- Transmission Security 164.312(e)(1)
|
- Encryption Whitepaper
|
Training
- 164.530(b)(1)
- 164.308(a)(5)
|
- Privacy & Security Training Session PowerPoint
Also Refer to Security Oversight Section
|
Treatment Uses and Disclosures 164.506 |
- Position Statement: Disclosing of PHI for Treatment Purposes
|
Verification of Identity 164.514(h) |
- Identity Verification
|
Workers Compensation 164.512(l) |
- Workers Compensation
|