Policy
The University of Arizona Privacy, Security and Breach Notification Policy 2013 (Link)
Procedures and Standards
- 100: Health Care Component Designation (PDF)
- 110: Authority and Responsibilities (PDF)
- 120: Requirements of Designated Health Care Components (PDF)
- 130: Breach of Protected Health Information (PDF)
- 140: Complaints and Investigations (PDF)
- 150: Training (PDF)
- 160: Notice of Privacy Practices (PDF)
- 170: Business Associate Agreements (PDF)
- 180: Limited Data Sets and Data Use Agreements (PDF)
- 190: Access of an Individual to Protected Health Information (PDF)
- 200: Individual's Right to Request an Accounting of Disclosures (PDF)
- 210: Individual's Right to Request Amendments (PDF)
- 220: When an Authorization is Required (Authorization Checklist) (PDF)
- 230: Documentation Retention and Destruction (PDF)
- 240: Minimum Necessary Standards for Uses and Disclosures (PDF)
- 250: Opportunity to Agree or Object Required for Certain Uses and Disclosures (PDF)
- 260: Permissible Uses and Disclosures (PDF)
- 270: Individual's Right to Request Restrictions & Confidential Communications (PDF)
Guidance
- Definitions of Key Words (PDF)
- PHI, Limited Data Set and De-Identified Data Reference Guide
- De-Identification of PHI (PDF)
- Human Subjects Research and HIPAA (PDF)
- Methods for Securely Emailing PHI or IIHI (PDF)