The Washington University HIPAA Privacy Office works with all members of our workforce including faculty, staff, and students to help them understand their responsibilities to protect the confidentiality of our patients’ health information.


Policies & Procedures

These policies and procedures outline the appropriate use and disclosure of protected health information (PHI), patient rights, and breach notification at Washington University.

View all policies and procedures »

Business Associate Agreement (BAA)

All companies and individuals doing business with Washington University in St. Louis who may come in contact with protected health information must have a BAA on file with the HIPAA Privacy Office.

Learn more about BAAs and download »

HIPAA Privacy Forms

Download patient request forms and confidentiality agreements, media consent authorizations, and business associates agreements.

View all forms »

Medical Records Requests

Patients who would like to request a copy of their medical records can do so by following the instructions on the Washington University Physicians website.

Request medical records »

Incident Reporting

Any incident involving the impermissible use or disclosure of Protected Health Information (PHI) must be reported to the HIPAA Privacy Office upon discovery.