College of Medicine

Privacy Policy & Procedure Manual

Operational Guidelines for Health Information

Complete Text, Including Table of Contents
*Does not include forms.*

Policy Name

Last Revised

1.

Relationship of University of Florida Components and Entities Explained

2.

Maintaining Confidentiality of Health Information
  Confidentiality Statement  Form

3.

De-Identification of Protected Health Information

4.

Reporting, Investigating, & Responding to Privacy Violations
   - The Investigation Process
   - Notification of Individuals
   - Disclosures By Whistleblowers
   - Incidental, Accidental, and Intentional Disclosures

Incident Report - Protected Health Information  Form
   Fillable Form
Incident Report - Personal Identification Information  Form
   Fillable Form
Recommended Sanctions - Staff
Recommended Sanctions - Students
Reporting and Investigation Flowchart - PHI

5.

Health Information and Record Management Policy
(See next section for Retention & Storage Guidlines)
   - Using and Disclosing Health Information
   - Management of Active Records
   - Storage and Security of Active Records
   - Removing Records from Patient Care Areas
   - Duplicating / Photocopying Records
   - Recovery of Lost and/or Damaged Paper Records

Designated Record Set Matrix

6.

Retention, Archiving, & Disposal of Patient Information
   - Retention of Records
   - Storing Inactive Records
   - Disposal and Destruction of Records

Record Inventory Log  Form
Record Destruction Log Form
UF Records Disposition Request Form

 7.   Patient's Rights

7a

Notice of Privacy Practices
Notice of Privacy Practices (English) (Español)
Acknowledgment of Receipt of NPP (English) (Español)

7b

Access to Records
Authorization to Use and Disclose PHI (Form)

7c

Restrictions of Uses and Disclosures
Request for Special Privacy Protections(Form)

7d

More Confidential Communications
Request for Special Privacy Protections (Form)

7e

Amendment or Correction of Records
Request for Amendment of a Medical Record (Form)
Response to Request for Amendment (Form)

 8.  Uses and Disclosures of PHI

8a

General Rules
- What is PHI?
- Permitted Uses and Disclosures
- Purchasing, Developing, Upgrading, or Enhancing Products
  or Systems That Use PHI
- Responding to Agencies Claiming Exemption from HIPAA
- Responding to Media Requests for Patient Information

8b

Marketing and Fundraising
- Attestation of Compliance (Fillable Form)

8c

Subpoenas, Court Orders, and Attorney Requests
- Records for Depositions
- UF Gainesville - Processing Requests for Records
- UF Jacksonville - Requests for Records
- Requests for Super-Confidential Records (Mental Health,
  Substance Abuse, STD's/HIV/AIDS)

8d

Treatment, Payment, Operations

8e

Family Members and Friends

8f

Research

9.

Authorizations to Use or Disclose PHI
Authorization to Use or Disclose PHI Form
Authorization to Use or Disclose PHI via Electronic Communications Form
  Alert for Electronic Communication Form
Authorization to Use or Disclose PHI for Marketing, Fundraising, or Public Relations Form

10.

Accounting for Disclosures
Request for Accounting of Disclosures (Form)

11.

Verification of Identity and Authority

12.

Minimum Necessary Rule
Includes the Minimum Necessary Decision Tree and
Examples of Routine and Non-Routine Disclosures

13.

Complaints
Privacy Complaint Form(Form)

 14.  Security of E-PHI (Electronic Protected Health Information)

14a

Security: General Privacy Safeguards

14b

Security of Personal Portable Data Devices
Including PDA's, dictation equipment, laptop or notebook computers, blackberry devices, cell phones, camera phones, digital cameras, video recorders, and similar devices

14c

Electronic Databases

14d

Electronic Mail

14e

Video-conferences and Audio-conferences

 15.  Security of Other PHI

15a

Verbal and Telephone Communications
 - Use of Interpreters
 - Use of Telephone Devices for Hearing Impaired

15b

Faxing
Sample Fax Cover Sheet - Form

16.

Education and Training
 - Level 1: General Awareness
 - Level 2: Policies & Procedures
 - Level 3: Role-Specific

17.

Volunteering and Shadowing
(Moved from Privacy Management 6/1/09)
Visit the web page here.

 Volunteer Form (Print & complete)
Volunteer Form (Complete online)

 Request to Observe Patient Care (Print & complete)
Request to Observe Patient Care (Complete online)
   Group Observation Roster (Print & complete)
Group Observation Roster (Complete Online)

18.

Student Data Access
(Moved from Privacy Management 6/1/09)
Visit the web page here.

 Student Data Access Application (Print & complete)
Student Data Access Application (Complete online)
   Student Date Access Chart