HIPAA Privacy Policies and Procedures

Washington University expects all workforce members who interact with our patients and/or their protected health information to understand and comply with our policies and procedures related to the HIPAA Privacy and Security Rule. These policies and procedures are designed to help our workforce understand the requirements for the appropriate use and disclosure of protected health information, patient rights, and breach notification.

The HIPAA Patient Rights Policies include the WU policies for:

  • Individual’s Access to Protected Health Information
  • Amendment of PHI
  • Requests for Restrictions on Use and Disclosure of PHI
  • Request for Confidential Communications
  • Requests for Accounting of Disclosures


The Policies for the Use and Disclosure of Protected Health Information
include the WU policies for:

  • Authorizations Required for Use and Disclosure of PHI
  • Use and Disclosure of PHI with Business Associates
  • Use or Disclosure of PHI in Marketing, Fundraising, and Media Relations
  • Use or Disclosures of PHI without Verbal or Written Authorization of the Patient
  • Use or Disclosure of Psychotherapy Notes
  • Use or Disclosure of PHI in Research