Policies & Procedures

Privacy Practices for Sponsored Health Plans

This notice applies to health plans sponsored by the University of Minnesota, including UPlan Medical; UPlan Pharmacy; UPlan Dental; HealthCare Flexible Spending Accounts; the Emergency Medical Assistance Program; the Wellness Program; and the Employee Assistance Program.

Notice of privacy practices

This Notice describes your rights concerning your protected health information and how the Group Health Plan may use and disclose that information.

HIPAA Authorizations

A HIPAA authorization allows a covered entity or business associate to obtain consent from a patient, research participant, or enrollee of a health insurance plan to use or disclose PHI for a purpose that would otherwise be allowed by the HIPAA Privacy Rule. View/Download General HIPAA Authorizations

If you will be using individually identifiable health information during the course of your research, you must use the University's HIPAA Authorization Form. The University updated its HIPAA Authorization Form for Research in 2017. The updated HIPAA Authorization Form was approved by HIPCO, the IRB, and the Office of General Counsel. Instructions for how to complete the HIPAA Authorization Form are included at the end of the form.

Expand all

Board of Regents

There are two Board of Regents Policies applicable to health information compliance. They are high level policies that provide overall direction to the University about handling individual health information.

Protection of Individual Health Information

Employee Health Benefits

Health Information & Privacy Compliance

The Health Information Privacy & Compliance Office is responsible for policies that build on the direction provided by the Board of Regents Policies.

Protected Health Information

E-Mail and Protected Health Information

Clinical Operations Units

These policies and procedures apply to all Clinical Operations Units at the University.

Clinical Operations Notice of Privacy Practices

Clinical Operations Accounting of Disclosures

Clinical Operations and Health Plans Third Party Requests for Information

Information Technology

Information Technology Policies categorize data into security classifications and specify how data in each classification is to be handled. Protected Health Information is classified at the highest level of data and requires the highest level of security.

Data Security Classification

Acceptable Use of Information Technology Resources

Information Security Risk Management

Information Security

Reporting and Notifying Individuals of Security Breaches

+ Board of Regents

+ Health Information & Privacy Compliance

+ Clinical Operations Units

+ Information Technology

Board of Regents

Health Information & Privacy Compliance

Clinical Operations Units

Information Technology