Health and Patient Information Policies

Washington University expects all employees and contractors who interact with our patients and/or their protected health information to understand and comply with our policies and procedures related to the HIPAA Privacy and Security Rule. These policies and procedures are designed to help our workforce understand the requirements for the appropriate use and disclosure of protected health information, patient rights, and breach notification.

The HIPAA Patient Rights Policies include the WashU policies for:

  • Individual’s Access to Protected Health Information
  • Amendment of PHI
  • Requests for Restrictions on Use and Disclosure of PHI
  • Request for Confidential Communications
  • Requests for Accounting of Disclosures

The Policies for the Use and Disclosure of Protected Health Information include the WashU policies for:

  • Authorizations Required for Use and Disclosure of PHI
  • Use and Disclosure of PHI with Business Associates
  • Use or Disclosure of PHI in Marketing, Fundraising, and Media Relations
  • Use or Disclosures of PHI without Verbal or Written Authorization of the Patient
  • Use or Disclosure of Psychotherapy Notes
  • Use or Disclosure of PHI in Research