Policies & Procedures

There are two Board of Regents Policies applicable to health information compliance. They are high level policies that provide overall direction to the University about handling individual health information.

Protection of Individual Health Information

Employee Health Benefits

The Health Information Privacy & Compliance Office is responsible for policies that build on the direction provided by the Board of Regents Policies.

Protected Health Information

E-Mail and Protected Health Information

These policies and procedures apply to all Clinical Operations Units at the University.

Clinical Operations Notice of Privacy Practices

Clinical Operations Accounting of Disclosures

Clinical Operations and Health Plans Third Party Requests for Information

Information Technology Policies categorize data into security classifications and specify how data in each classification is to be handled.  Protected Health Information is classified at the highest level of data and requires the highest level of security.

Data Security Classification

Acceptable Use of Information Technology Resources

Information Security Risk Management

Information Security

Reporting and Notifying Individuals of Security Breaches