Policy

The University of Arizona Privacy, Security and Breach Notification Policy 2013 (Link)

Procedures and Standards

• 100: Health Care Component Designation (PDF)
• 110: Authority and Responsibilities (PDF)
• 120: Requirements of Designated Health Care Components (PDF)
• 130: Breach of Protected Health Information (PDF)
• 140: Complaints and Investigations (PDF)
• 150: Training (PDF)
• 160: Notice of Privacy Practices (PDF)
• 170: Business Associate Agreements (PDF)
• 180: Limited Data Sets and Data Use Agreements (PDF)
• 190: Access of an Individual to Protected Health Information (PDF)
• 200: Individual's Right to Request an Accounting of Disclosures (PDF)
• 210: Individual's Right to Request Amendments (PDF)
• 220: When an Authorization is Required (Authorization Checklist) (PDF)
• 230: Documentation Retention and Destruction (PDF)
• 240: Minimum Necessary Standards for Uses and Disclosures (PDF)
• 250: Opportunity to Agree or Object Required for Certain Uses and Disclosures (PDF)
• 260: Permissible Uses and Disclosures (PDF)
• 270: Individual's Right to Request Restrictions & Confidential Communications (PDF)

Guidance

• Definitions of Key Words (PDF)
• PHI, Limited Data Set and De-Identified Data Reference Guide
• De-Identification of PHI (PDF)
• Human Subjects Research and HIPAA (PDF)
• Methods for Securely Emailing PHI or IIHI (PDF)