Skip to main content
Sign In

University of Colorado Denver

Heath Insurance Portability and Accountability Act

Policies and Forms

Health Insurance Portability and Accountability Act

Chapter 1 Use and Disclosure of Protected Health Information

1.1 General Rule:  Uses and Disclosures of Information 1.1 General Uses and Disclosures.pdf1.1 General Uses and Disclosures.pdf
1.2 De-identification of Information 1.2 De-identification of Information.pdf1.2 De-identification of Information.pdf
1.3 Minimum Necessary 1.3 Minimum Necessary.pdf1.3 Minimum Necessary.pdf
1.4 Data Gathered Prior to April 14, 2003 1.4 Data Gathered Prior to 4-14-03.pdf1.4 Data Gathered Prior to 4-14-03.pdf
1.5 Sanctions Applicable to Workforce for Violation of Policies 1.5 Workforce Sanctions.pdf1.5 Workforce Sanctions.pdf
1.6 Verification of Individuals 1.6 Verification of Individuals.pdf1.6 Verification of Individuals.pdf
1.7 Retention of Records 1.7 Record Retention.pdf1.7 Record Retention.pdf

Chapter 2 Notice of Privacy Practices

2.1 Notice of Privacy Practices Policy 2.1 Notice of Privacy Practices Policy.pdf2.1 Notice of Privacy Practices Policy.pdf
2.2 Notice of Privacy Practices Document   2.2 UCD - AMC NPP 9-2013.pdf2.2 UCD - AMC NPP 9-2013.pdf
2.3 Notice of Privacy Practices Acknowledgment Form 2.3 Acknowledgement of Receipt of NPP.pdf2.3 Acknowledgement of Receipt of NPP.pdf

Chapter 3 Authorization

3.1 Valid Authorization 3.1 Valid Authorization.pdf3.1 Valid Authorization.pdf
3.2 When No Authorization is Required to Use or Disclose PHI 3.2 No Auth required.pdf3.2 No Auth required.pdf
3.3 Authorization Required to Use or Disclose PHI contained in Psychotherapy Notes 3.3 Authorization for Psychotherapy Notes.pdf
3.4 Conditioning Receipt of Services on Providing Authorization 3.4 Conditioning Receipt of Services on Providing Authorization.pdf3.4 Conditioning Receipt of Services on Providing Authorization.pdf
3.5 Revoking Authorization 3.5 Revoking Authorization.pdf3.5 Revoking Authorization.pdf
3.6 Authorization Forms​ provided by Colorado Multiple Institutional Review Board​
3.7 Authorization for Public Relations Purposes Authorization for Photo.pdfAuthorization for Photo.pdf

Chapter 4 Uses and Disclosures Without the Need for an Authorization

4.1 Research Purposes (under construction)
4.2 Required by Law (under construction)
4.3 Permitted Disclosures: Opportunity to Agree or Object 4.3 Opportunity to Agree or Object.pdf4.3 Opportunity to Agree or Object.pdf
4.4 Deceased Research Certification Form 4.4 Decedent Research Form.doc4.4 Decedent Research Form.doc
4.5 Limited Data Sets 4.5 Limited Data Sets.pdf4.5 Limited Data Sets.pdf
4.6 Pre-Research Certification Form  Pre-Research Certification Form 10-13.docPre-Research Certification Form 10-13.doc

Chapter 5 Marketing and Fundraising

5.1 Marketing 5.1 Marketing.pdf5.1 Marketing.pdf
5.2 Fundraising 5.2 Fundraising.pdf5.2 Fundraising.pdf

Chapter 6 Individual Rights

6.1 Right to Request Restrictions 6.1 Right to Request Restrictions.pdf6.1 Right to Request Restrictions.pdf
6.2 Right to Request Confidential Communications 6.2 Right to Request Confidential Communications.pdf6.2 Right to Request Confidential Communications.pdf
6.3 [DELETED] 
6.4 Right to Access and Copy 6.4 Right to Access and Copy.pdf6.4 Right to Access and Copy.pdf
6.5 Right to an Accounting - Disclosure Tracking Mechanisms
6.5 [DELETED]    
6.6 No Waiver of Rights 6.6 No Waiver of Rights.pdf6.6 No Waiver of Rights.pdf
6.7 Process for Complaints 6.7 Process for Complaints.pdf6.7 Process for Complaints.pdf

Chapter 7 Institutional Requirements

7.1 Safeguards 7.1 Safeguards.pdf7.1 Safeguards.pdf
7.2 Training 7.2 Training.pdf7.2 Training.pdf

Chapter 8 Contracts

8.1 Business Associates Privacy Practices 8.1 Privacy Practices re Business Associates.pdf8.1 Privacy Practices re Business Associates.pdf
8.3 Business Associates Contract Template UCD BAA-HITECH Template FINAL 5-2013 (3).docxUCD BAA-HITECH Template FINAL 5-2013 (3).docx

8.4 Data Use Agreement Summary Sheet Template DUA checklist final.docDUA Summary Sheet
8.5 Data Use Agreement Template - Switched Role of University DUA Template - switched role of University - updated name.docDUA Template - switched role of University - updated name.doc

Chapter 9 Security

9.1 Security Management 9.1 Security Management.pdf9.1 Security Management.pdf
9.2 Security Incidents 9.2 Security Incidents.pdf9.2 Security Incidents.pdf 
9.3 Auditing 9.3 Auditing.pdf9.3 Auditing.pdf
9.4 Workforce Security 9.4 Workforce Security.pdf9.4 Workforce Security.pdf
9.5 Facility and Device Security 9.5 Facility and Device Security.pdf9.5 Facility and Device Security.pdf
9.6 Transmission Security 9.6 Transmission Security.pdf9.6 Transmission Security.pdf
9.7 Contingency Planning 9.7 Contingency Planning.pdf9.7 Contingency Planning.pdf
9.8 Data Integrity 9.8 Data Integrity.pdf9.8 Data Integrity.pdf
9.9 Person or Entity Authentication 9.9 Person or Entity Authentication.pdf9.9 Person or Entity Authentication.pdf
9.10 Device and Media Controls 9.10 Device and Media Controls.pdf9.10 Device and Media Controls.pdf
9.11 Portable Media Security 9.11 Portable Media Security.pdf9.11 Portable Media Security.pdf
9.12 Secure E-Mail Transmission 9.12 Secure E-Mail Transmission.pdf9.12 Secure E-Mail Transmission.pdf
9.13 Security of ePHI on Home Computers 9.13 Security of E-PHI on Home computers.pdf9.13 Security of E-PHI on Home computers.pdf

Chapter 10 Report a Breach

10.1 HIPAA Privacy Incident Notice
10.2 Complaint Notification Form

© The Regents of the University of Colorado, a body corporate. All rights reserved.

Accredited by the Higher Learning Commission. All trademarks are registered property of the University. Used by permission only.