Washington University expects all employees and contractors who interact with our patients and/or their protected health information to understand and comply with our policies and procedures related to the HIPAA Privacy and Security Rules.

These policies and procedures are designed to help our workforce understand the requirements for the appropriate use and disclosure of protected health information (PHI), patient rights, and breach notification.

Patient Rights

The HIPAA Patient Rights Policies include the WashU policies for:

  • Right of Access to PHI-WUSM (NEW) Policy | Form
  • Right of Access to PHI-WUPI (NEW) Policy | Form
  • Amendment of Protected Health Information-WUSM (NEW) Policy | Form
  • Amendment of Protected Health Information-WUPI (NEW) Policy |Form
  • Request for Confidential Communications Policy | Procedure | Form
  • Accounting for Disclosures of PHI-WUSM (NEW) Policy | Form
  • Accounting for Disclosures of PHI-WUPI (NEW) Policy | Form
  • Notice of Privacy Practices (NEW) Policy 
  • Appropriate Methods of Communicating PHI Policy | Procedure
  • Breach Notification Policy
  • Restrictions on Use or Disclosure of PHI (NEW) Policy | Form

Use and Disclosure of PHI

The Policies for the Use and Disclosure of Protected Health Information include the WashU policies for:

  • Authorization Required for Use and Disclosure of PHI-WUSM Policy | Procedure | Form
  • Authorization Required for Use and Disclosure of PHI-WUPI Policy | Procedure | Form
  • Business Associates (NEW) Policy 
  • Use or Disclosure of PHI in Marketing (NEW) Policy 
  • Use or Disclosure of PHI in Media Relations (NEW) Policy | Form
  • Use or Disclosure of PHI in Fundraising Policy | Procedure
  • Use or Disclosure of PHI in Research (NEW) Policy 
  • Use or Disclosures of PHI Not Requiring Authorization (NEW) Policy 
  • Minimum Necessary Request, Use or Disclosure of PHI (NEW) Policy 
  • Security Measures Required to Comply with Privacy Policy
  • Photography/Videography for Clinical, Research & Teaching Purposes Policy
  • Sanctions for Non-compliance with HIPAA Policies Policy
  • Engagement of Visitors or Shadowing Non-Professionals Policy
  • Scope of HIPAA Compliance (NEW) Policy
  • Designation of HIPAA Privacy Officer (NEW) Policy
  • WU HIPAA Organizational Structure (NEW) Policy
  • Privacy Complaints (NEW) Policy
  • HIPAA Privacy and Information Security Training of Workforce Members (NEW) Policy
  • HIPAA Privacy Incident Reporting (NEW) Policy

Office of Information Security

Policies, Standards, and Guidelines can be found here.