Policies & Procedures

Washington University expects all employees and contractors who interact with our patients and/or their protected health information to understand and comply with our policies and procedures related to the HIPAA Privacy and Security Rules.

These policies and procedures are designed to help our workforce understand the requirements for the appropriate use and disclosure of protected health information (PHI), patient rights, and breach notification.

Patient Rights

The HIPAA Patient Rights Policies include the WashU policies for:

Use and Disclosure of PHI

The Policies for the Use and Disclosure of Protected Health Information include the WashU policies for:

  • Authorization Required for Use and Disclosure of PHI-WUSM Policy | Procedure | Form
  • Authorization Required for Use and Disclosure of PHI-WUPI Policy | Procedure | Form
  • Use and Disclosure of PHI with Business Associates Policy | Procedure | Form 
  • Use or Disclosure of PHI in Marketing Policy | Procedure
  • Use or Disclosure of PHI in Media Relations Policy | Procedure | Form
  • Use or Disclosure of PHI in Fundraising Policy | Procedure
  • Use or Disclosure of PHI in Research Policy | Procedure
  • Use or Disclosures of PHI without Verbal or Written Authorization of the Patient Policy | Procedure
  • Use or Disclosure of Psychotherapy Notes Policy | Procedure
  • Minimum Necessary Request, Use or Disclosure of PHI Policy | Procedure
  • Restrictions on Use or Disclosure of PHI Policy | Procedure | Form
  • Security Measures Required to Comply with Privacy Policy
  • Verbal/Inferred Agreement to Use or Disclose PHI Policy | Procedure
  • Photography/Videography for Clinical, Research & Teaching Purposes Policy
  • Sanctions for Non-compliance with HIPAA Policies Policy
  • Engagement of Visitors or Shadowing Non-Professionals Policy
  • Accountability for Compliance with HIPAA Privacy Rules Policy | Procedure