Policies & Procedures

Washington University expects all employees and contractors who interact with our patients and/or their protected health information to understand and comply with our policies and procedures related to the HIPAA Privacy and Security Rules.

These policies and procedures are designed to help our workforce understand the requirements for the appropriate use and disclosure of protected health information (PHI), patient rights, and breach notification.

Patient Rights

The HIPAA Patient Rights Policies include the WashU policies for:

• Right of Access to PHI-WUSM (NEW) Policy | Form
• Right of Access to PHI-WUPI (NEW) Policy | Form
• Amendment of Protected Health Information-WUSM (NEW) Policy | Form
• Amendment of Protected Health Information-WUPI (NEW) Policy |Form
• Requests for Restrictions on Use and Disclosure of PHI Policy | Procedure | Form
• Request for Confidential Communications Policy | Procedure | Form
• Accounting for Disclosures of PHI-WUSM (NEW) Policy | Form
• Accounting for Disclosures of PHI-WUPI (NEW) Policy | Form
• Notice of Privacy Practice Policy | Procedure
• Appropriate Methods of Communicating PHI Policy | Procedure
• Breach Notification Policy

Use and Disclosure of PHI

The Policies for the Use and Disclosure of Protected Health Information include the WashU policies for:

• Authorization Required for Use and Disclosure of PHI-WUSM Policy | Procedure | Form
• Authorization Required for Use and Disclosure of PHI-WUPI Policy | Procedure | Form
• Business Associates (NEW) Policy 
• Use or Disclosure of PHI in Marketing Policy | Procedure
• Use or Disclosure of PHI in Media Relations Policy | Procedure | Form
• Use or Disclosure of PHI in Fundraising Policy | Procedure
• Use or Disclosure of PHI in Research Policy | Procedure
• Use or Disclosures of PHI without Verbal or Written Authorization of the Patient Policy | Procedure
• Use or Disclosure of Psychotherapy Notes Policy | Procedure
• Minimum Necessary Request, Use or Disclosure of PHI Policy | Procedure
• Restrictions on Use or Disclosure of PHI Policy | Procedure | Form
• Security Measures Required to Comply with Privacy Policy
• Verbal/Inferred Agreement to Use or Disclose PHI Policy | Procedure
• Photography/Videography for Clinical, Research & Teaching Purposes Policy
• Sanctions for Non-compliance with HIPAA Policies Policy
• Engagement of Visitors or Shadowing Non-Professionals Policy
• Scope of HIPAA Compliance (NEW) Policy
• Designation of HIPAA Privacy Officer (NEW) Policy
• WU HIPAA Organizational Structure (NEW) Policy
• Privacy Complaints (NEW) Policy

Office of Information Security

Policies, Standards, and Guidelines can be found here.