HIPAA Policies and Procedures

Emory University HIPAA Privacy Rule Policies

The Policies are available at the link above.  The Business Associate Agreement is accessible here.  The Emory University HIPAA Privacy Rule Policies cover the following issues. 


SECTION A:  GENERAL HIPAA POLICIES

  • Format and Organization of the Emory University HIPAA Privacy Rule Policies   
  • HIPAA Administrative Structure Policy   
  • General Administrative Policies   
  • Implementation of and Modification to HIPAA Policies; Documentation; Document Retention
  • Cooperation with Government Officials in Compliance Reviews and Compliant Investigations   
  • Confidentiality of Protected Health Information (PHI); Permitted and Required Uses and Disclosure
  • Minimum Necessary Rule   
  • Business Associate Policy   
  • Disclosures by Whistleblowers and Workforce Member Crime Victims  
  • Sale of PHI    


SECTION B:  HIPAA POLICIES REGARDING INDIVIDUAL RIGHTS UNDER HIPAA    

  • Notice of Privacy Practices (NPP)   
  • Right to Request Restrictions on use or Disclosure of PHI   
  • Confidential Communications  
  • Individual Right to Access PHI 
  • Right of an Individual to Request that His/Her PHI be Amended  
  • Right of an Individual to receive an Accounting of Disclosures of PHI
  • Complaints by an Individual Concerning Privacy Rights, Responsibilities, Policies & Procedures   


SECTION C:  GENERAL HIPAA POLICIES REGARDING USES AND DISCLOSURES OF PHI    

  • HIPAA Policy Regarding Use and Disclosure of PHI for Treatment, Payment, and Healthcare Operations   
  • Uses and Disclosures of PHI that Require: (A) Authorization; (B) No Authorization, but Opportunity for the Individual to Agree or Object; and (C) No Authorization and No Opportunity to Agree or Object 
  • HIPAA Policy Regarding Personal Representatives
  • De-Identification of PHI
  • Limited Data Sets
  • Verification Requirements for Disclosures of PHI   


SECTION D:  HIPAA POLICIES REGARDING USES AND DISCLOSURES OF PHI FOR SPECIFIC PURPOSES   

  • Use and Disclosure of PHI to Individuals Involved in an Individual’s Care and for Notification Purposes
  • HIPAA Policy Regarding Use and Disclosure of PHI of Deceased Individuals and Special HIPAA Rules Regarding Coroners, Medical Examiners, Funeral Directors, Tissue/Cadaver Donation, and Research Using 
  • HIPAA Policy Regarding use and Disclosure of PHI for Marketing Purposes 
  • HIPAA Policy Regarding the use and Disclosure of PHI for Fundraising   
  • HIPAA Policy Regarding use and Disclosure of PHI for Facility Directories
  • HIPAA Policy Regarding use and Disclosure of PHI for Public Health Activities and Workplace Surveillance Related Activities, and Student Immunizations  
  • HIPAA Policy Regarding use and Disclosure of PHI in Connection with Reporting of Child Abuse; Abuse, Neglect or Domestic Violence Concerning Adults Who Are Not Elder Persons or Disabled Adults; and Abuse or Neglect of an Elder Person or Disabled Adult 
  • HIPAA Policy Regarding Disclosure and use of PHI for Health Oversight Activities
  • HIPAA Policy Regarding use and Disclosure of PHI to Avert a Serious Threat to Health or Safety   
  • HIPAA Policy Regarding use and Disclosure of PHI for Special Government Functions
  • HIPAA Policy Regarding use and Disclosure of PHI for Workers Compensation Purposes 
  • HIPAA Policy Regarding Disclosures of PHI for Judicial and Administrative Proceedings   
  • HIPAA Policy Regarding Disclosures of PHI for Law Enforcement Purposes 
  • HIPAA Policy Regarding the use and Disclosures of PHI for Research Purposes and the Role of the Institutional Review Board   
  • HIPAA Policy Regarding use and Disclosure of Psychotherapy Notes and Mental Health Information
  • Preparatory to Research Pathway for Accessing PHI   
  • Special Rule Regarding the Confidentiality of Raw Research Data  


SECTION E.  MISCELLANEOUS HIPAA POLICIES    

  • HIPAA Policies Regarding Emailing and Telefaxing PHI 
  • Breach Notification  
  • AIDS Confidential Information