The University of Arizona

HIPAA Policy, Procedure & Guidance

Policy

The University of Arizona Privacy, Security and Breach Notification Policy 2013 (Link)

Procedures and Standards

  • 100: Health Care Component Designation (PDF)
  • 110: Authority and Responsibilities (PDF)
  • 120: Requirements of Designated Health Care Components (PDF)
  • 130: Breach of Protected Health Information (PDF)
  • 140: Complaints and Investigations (PDF)
  • 150: Training (PDF)
  • 160: Notice of Privacy Practices (PDF)
  • 170: Business Associate Agreements (PDF)
  • 180: Limited Data Sets and Data Use Agreements (PDF)
  • 190: Access of an Individual to Protected Health Information (PDF)
  • 200: Individual's Right to Request an Accounting of Disclosures (PDF)
  • 210: Individual's Right to Request Amendments (PDF)
  • 220: When an Authorization is Required (Authorization Checklist) (PDF)
  • 230: Documentation Retention and Destruction (PDF)
  • 240: Minimum Necessary Standards for Uses and Disclosures (PDF)
  • 250: Opportunity to Agree or Object Required for Certain Uses and Disclosures (PDF)
  • 260: Permissible Uses and Disclosures (PDF)
  • 270: Individual's Right to Request Restrictions & Confidential Communications (PDF)

Guidance