HIPAA Hints: Privacy Guidelines

The Washington University HIPAA Privacy Office has created HIPAA Hints to provide guidance for some of the most common privacy issues. Guidelines for emailing PHI Encourage patients to use the patient portal for secure electronic communication with their provider. If email must be used to transmit PHI/PII outside of the secure WUSM/BJC/SLCH environment, the email […]

HIPAA Forms

Patient Communication Form Email Authorization Form Media Authorization Form Medical Records Release Form Request for Alternative Methods of Communication Request for Restriction to Health Plan (Self-Pay) Request for Amendment of Protected Health Information Form Request for Restrictions on Use or Disclosure of Protected Health Information Form Washington University Business Associate Agreement Request for Accounting of […]

HIPAA Privacy Information

Centered on your privacy Washington University health care providers respect the confidentiality of our patient’s health information by observing the highest standards of ethics and integrity. Our Notice of Privacy Practices describes your rights under HIPAA and how Washington University may use and disclose your protected health information.  If you have not reviewed our Notice of Privacy Practices. […]

HIPAA Privacy Training

Workforce members at the Medical School are also required to complete HIPAA 101, a set of online training modules that cover the HIPAA Privacy, Security and Breach Notification Rule. Classroom and online refresher training is also available.  Refresher courses include topics such as: HIPAA 101:  Privacy Matters – Protecting Patient Privacy through Data Security Encryption […]

HIPAA Patient Forms and Rights

HIPAA provides patients with several rights, all described in our Notice of Privacy Practices.  The HIPAA Privacy Office works with our clinical departments, physicians, and Health Information Release Services to faciliate requests related to your rights under HIPAA.  These rights include: The right to request a copy of your medical records from Washington University Physicians for yourself or […]

HIPAA Health and Patient Information Policies

Health and Patient Information Policies Washington University expects all employees and contractors who interact with our patients and/or their protected health information to understand and comply with our policies and procedures related to the HIPAA Privacy and Security Rule. These policies and procedures are designed to help our workforce understand the requirements for the appropriate […]

Roles and Responsibilities Policy

Statement of Policy Washington University in St. Louis (WashU) is committed to conducting all university activities in compliance with all applicable laws, regulations and university policies. WashU has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use. view print version Objective This policy and […]

Data Classification

The identification of information processed on a system is essential to the proper selection of security controls and ensuring the confidentiality, integrity, and availability of the system and its data. Knowing the classification provides you with the guidance for storing, processing, transferring, and sharing of the data. Protected HIPAAHealth Insurance Portability and Accountability Act – […]

Secure Storage and Communication Services

Before using external websites or cloud services to store, create or transmit WashU confidential or Protected information the following reviews are needed. Contact the data owner to verify data classification. Please request an Information Security Risk review. Storage of ePHI may require a signed Business Associates Agreement (BAA). Please work with the HIPAA Privacy Office […]

Notice of Privacy Practices

Download PDF version This notice describes how medical information about you may be used and disclosed and how you can get access to this information.  Please review it carefully. This Notice serves as a joint notice for Barnes-Jewish Hospital, St. Louis Children’s Hospital and Washington University School of Medicine (collectively referred to herein as “we” or […]

Vulnerability Assessment

The scanner is capable of meeting all the requirements outlined for RA-5 priorities low, medium, high. The appliance performs assessments against system security policies and identifies vulnerabilities with CVE scoring. It has customizable templates that measure compliance with SOX, PCI DSS, HIPAA, ISO 27002, FISMA, and FDCC (Federal Desktop Core Configuration) baseline. It supports content […]

Information Security FAQ

Are there policies concerning remotely accessing my desktop? The policies state that you must use a secure method to connect to the network, Citrix or VPN clients are currently the approved methods of access.  Please check with your local IT support on the department approved method of connecting. Can I use Google Apps to store […]

Computer Use Policy

Statement Of Policy Washington University in St. Louis (WashU) is committed to conducting all university activities in compliance with all applicable laws, regulations and university policies. WashU has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use. view print version ObjectivesThis policy and associated […]

Electronic Messaging Security Policy

Statement of Policy Washington University in St. Louis (WashU) is committed to conducting all university activities in compliance with all applicable laws, regulations and university policies. WashU has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use. view print version ObjectiveThe policy and associated […]

Information Classification Policy

Statement of Policy Washington University in St. Louis (WashU) is committed to conducting all university activities in compliance with all applicable laws, regulations and university policies. WashU has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use. view print button ObjectiveThe policy and associated […]

Information Security Risk Management Policy

Statement of Policy Washington University in St. Louis (WashU) is committed to conducting all university activities in compliance with all applicable laws, regulations and university policies. WashU has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use. view print version Objective The policy and […]

Media Reuse and Disposal Policy

Statement of Policy Washington University in St. Louis (WashU) is committed to conducting all university activities in compliance with all applicable laws, regulations and university policies. WashU has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use. view print version ObjectiveThe policy and associated […]

Documents

Document /ˈdä-kyə-mənt/ noun a computer file containing information input by a computer user and usually created with an application (such as a spreadsheet or word processor) In the course of a year, WashU students, faculty and staff create millions of electronic documents related to the academic, research, clinical and/or administrative work done at the university. Not all of […]

Phishing

phish∙ing /’fiSHiNG/ noun the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers Phishing is an illegal way that criminals gather private information for the purposes of sending spam, sending phishing e-mails, logging onto university systems and […]