Patient Information Privacy Policies

UW Medicine has established a comprehensive Patient Information Privacy Compliance Program related to the HIPAA Privacy Rule, the Washington State Uniform Health Care Act, and various other federal and state privacy laws. The foundation of this program are the UW Medicine Patient Information Privacy Policies.

This policy addresses:

• UW Medicine’s Designation of Healthcare Components at the University of Washington (UW);
• Administrative requirements addressing safeguards for protected health information (PHI), disclosures of PHI by whistleblowers, mitigation strategies, prohibition of retaliatory acts, patients’ non-waiver of rights, personnel designations and revisions and documentation of privacy policies and procedures;
• The maintenance of the designated record set.

• Guidance 101.G1 University of Washington HIPAA Designation
• Guidance 101.G2 Privacy Policies Summary

This policy establishes UW Medicine safeguards for protecting the confidentiality, integrity and availability of protected health information (PHI).

• Form 102.F1 Agreement for Electronic Access to Protected Health Information
• Form 102.F2 Workforce Member Documentation of IT System Access
• Form 102.F3 Non-UW Medicine Workforce Privacy, Confidentiality and Information Security Agreement
• Guidance 102.G2 Faxing PHI
• Guidance 102.G4 Protected Health Information (PHI)

This policy outlines the requirements for appropriate use and disclosure of protected health information (PHI), addresses the concept of minimum necessary as it applies to PHI uses and disclosures, describes the special restrictions on PHI requiring heightened standards of confidentiality, and references the requirement to document certain PHI disclosures made without patient authorization.

• Form 103.F1 Mandatory Violent Injury Report (UH2883) (VMC, see here)
• Form 103.F2 Release of Patient Property Form
• Form 103.F4 Patient Information for Inclusion in the UW Medicine Patient Directory (UH1868) (VMC, see here)
• Form 103.F7 Patient Authorization to Disclose, Release and/or Obtain Protected Health Information Form (UH0626) (VMC, see here)
• Form 103.F8 Release of Information Coordination and Action Form
• Form 103.F9 Verbal Redisclosure (Record of verbal Redisclosure of PHI) (UH1866)
  (VMC, see here)
• Form 103.F10 Patient Authorization to Use & Disclose Protected Health Information for Publication (UH3031) (VMC, see here)
• Form 103.F11 Patient Authorization to Use or Disclose Photography/Video Tape Form (UH0324) (VMC, see here)
• Form 103.F12 Patient Authorization for UW Medicine to Use or Disclose Protected Health Information for Publicity Form (UH1874) (VMC, see here)
• Guidance 103.G1 Treatment, Payment and Healthcare Operations
• Guidance 103.G2 Minimum Necessary Disclosure Decision Tree
• Guidance 103.G3 Law Enforcement Requests Disclosure of Patient Information
• Guidance 103.G4 Minor (Parent/Guardian) eCare Account Request Process
• Guidance 103.G7 Prohibition on Redisclosure
• Guidance 103.G8 Release of PHI for Judicial and Administrative proceedings
• Guidance 103.G9 Marketing Activities Guidance
• Guidance 103.G10 Use & Disclosure of PHI for Involvement in Patient’s Care and Notification Decision Tree
• Template 103.T1 Sample Letter: Subpoena Unenforceable
• Template 103.T2 Sample Letter: Subpoena Rejection
• Template 103.T3 Sample Letter: Rejection Out of State Subpoena
• Template 103.T4 Sample Letter: PHI – Incomplete Request
• Template 103.T5 Sample Letter: UW Medicine Authorization to Disclose PHI Status Update Letter to Patient
• Template 103.T6 Data Use Agreement for Limited Data Set (for individuals or entities NOT part of UW Medicine workforce)
• Template 103.T7 Data Use Agreement for Limited Data Set for UW Medicine workforce

This policy establishes the obligations of UW Medicine with respect to patients’ rights regarding their protected health information (PHI).

• Form 104.F1 UW Medicine Joint Notice of Privacy Practices (Brochure) (UH1858)
  (http://www.uwmedicine.org/nopp).
• Form 104.F2 UW Medicine Joint Notice of Privacy Practices (Text Version)
• Form 104.F3 Translation NoPP: Arabic
• Form 104.F4 Translation NoPP: Chinese
• Form 104.F5 Translation NoPP: Russian
• Form 104.F6 Translation NoPP: Somali
• Form 104.F7 Translation NoPP: Spanish
• Form 104.F8 Translation NoPP: Vietnamese
• Form 104.F9 Notice of Privacy Practices Acknowledgment Form (UH2045)
  (VMC, see here )
• Form 104.F10 Request to Consider Additional Privacy Protection for Protected Health Information (UH1869) (VMC, see here )
• Form 104.F11 Request to Restrict Disclosure of Health Care Items or Services to Health Plans When Patients Self Pay Out-of-Pocket (UH2923) (VMC, see here )
• Form 104.F12 Additional Privacy Protections, Restrictions and Alternative Communications Coordination and Action Form
• Form 104.F13 Amendment Request (UH2078) (VMC, see here )
• Form 104.F14 Accounting For Disclosure (UH3162) (VMC, contact VMC HIM.)

The purpose of this policy is to establish the following:

• The process UW Medicine follows to investigate potential breaches of protected health information (PHI);
• UW Medicine’s obligation to notify patients and other parties of a breach of PHI;
• The parties that must be notified and timelines that must be observed;
• Required elements of notifications made to patients; and
• Parties responsible for implementing the policy.

This policy outlines the criteria for a business associate (BA) and establishes the requirements for disclosing PHI to a BA, including the required content of a Business Associate Agreement (BAA).

• • Template 106.T1 UW Medicine Business Associate Agreement

  This policy establishes UW Medicine requirements for protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI).