Information Protection

(IP.DP) Policies & Procedures

• California Consumer Privacy Act of 2018 (CCPA) and Data Breaches IP.DP.CA.001
• Breach of Personal Identifying Information under the Texas Identify Theft Enforcement and Protection Act IP.DP.TX.002
• Nevada - Notice Regarding Privacy of Personally Identifiable Information Collected on the Internet from Consumers IP.DP.NV.003
• Breach of Personal Information under Colorado’s Consumer Data Privacy Law IP.DP.CO.004
• Breach of Confidential Information under the Florida Information Protection Act of 2014 IP.DP.FL.005
• Breach of Personal Information under the Louisiana Database Security Breach Notification Law IP.DP.LA.006
• North Carolina Identity Theft Act: Breach of Personal and Identifying Information IP.DP.NC.007
• Tennessee – Breach of Personal Information under the Identity Theft Deterrence Law IP.DP.TN.008
• Breach of Personal Information under Georgia's Personal Identity Protection Act ID.DP.GA.009
• Virginia – Breach of Personal and/or Medical Information Notification IP.DP.VA.010
• South Carolina - Breach of Security of Business Data Containing Personal Identifying Information IP.DP.SC.011
• Missouri - Notice to Consumer for Breach of Security of Personal Information IP.DP.MO.012
• Kansas – Consumer Information and Security Breach Requirements IP.DP.KS.013
• Idaho – Breach of Security of Computerized Personal Information IP.DP.ID.014
• Utah – Protection of Personal Information Act IP.DP.UT.015
• Breach of Security of Computerized Unencrypted Personally Identifiable Information IP.DP.KY.016
• Indiana - Disclosure of Security Breaches and Notification Process IP.DP.IN.017
• New Hampshire - Notice of Security Breach IP.DP.NH.018
• Breach of Security Involving Personal Information IP.DP.AK.019

(IP.GEN) Policies & Procedures

• Shredding Bin Use and Protection IP.GEN.001
• Protecting and Mitigating Inappropriate or Unauthorized Access, Use and/or Disclosure of Personally Identifiable Information (PII) IP.GEN.002
• Confidentiality Statements IP.GEN.003
• Release of Company Data to External Entities IP.GEN.004
• Global Privacy Policy – General Data Protection Regulation IP.GEN.005
• Information Blocking Rule Compliance IP.GEN.006

(IP.PRI) Policies & Procedures

• Patient Privacy Program Requirements
  (formerly HIM.PRI.001) IP.PRI.001
• Privacy Official
  (formerly HIM.PRI.002) IP.PRI.002
• Minimum Necessary
  (formerly HIM.PRI.003) IP.PRI.003
• Patients' Right to Access
  (formerly HIM.PRI.004) IP.PRI.004
• Patients’ Right to Amend
  (formerly HIM.PRI.005) IP.PRI.005
• Patients' Rights to Request Privacy Restrictions
  (formerly HIM.PRI.006) IP.PRI.006
• Notice of Privacy Practices
  (formerly HIM.PRI.007) IP.PRI.007
• Patients' Right to Request Confidential Communication
  (formerly HIM.PRI.008) IP.PRI.008
• Accounting of Disclosures
  (formerly HIM.PRI.009) IP.PRI.009
• Authorization for Uses and Disclosures of Protected Health Information
  (formerly HIM.PRI.010) IP.PRI.010
• Protected Health Information Breach Risk Assessment and Notification
  (formerly HIM.PRI.011) IP.PRI.011
• Safeguarding Protected Health Information
  (formerly HIM.PRI.012) IP.PRI.012
• Mitigating Inappropriate or Unauthorized Access, Use and/or Disclosure of Protected Health Information
  (formerly HIM.PRI.013) IP.PRI.013

Facility Model Policies

• Community Clergy to Patient Listings Undr the HIPAA Standards Model Facility Policy
• Designated Record Set
• Determination, Uses and Disclosures of De-identified Information
• Fundraising Under the HIPAA Privacy Standards-HITECH
• Hybrid Entity
• Limited Data Set and Data Use Agreements
• Marketing Under the HIPAA Privacy Standards-HITECH
• Patient's Right to Opt Out of Being listed in Facility Directory
• Photographing, Video Monitoring-Recording, Audio Monitoring-Recording, and or Other Imaging Policy
• Privacy Complaint Process Policy
• Sanctions for Privacy and Information Security Violations Model Facility Policies
• Uses and Disclosures for which an Authorization or Opportunity to Agree or Object is Not Required Model Facility Policy
• Uses and Disclosures of Patient Health Info to Other Covered Entities and Health Care Providers Under the HIPAA Privacy Standard
• Uses and Disclosures of Protected Health Information for Involvement in the Patient's Care and Notification Purposes
• Uses and Disclosures Required by Law Policy
• Verification of External Requestors

(IP.PS) Policies & Procedures

• Theft and Violence in the Workplace
  (formerly IP.PS.006) IP.PS.002
• Active Shooter Hostile Event Response (ASHER)
  IP.PS.003
• Chain of Custody - Illegal Items/Substances
  IP.PS.004
• Infant Security Program
  IP.PS.005
• Pediatric Security Program
  IP.PS.007
• Search and Seizure
  IP.PS.008
• Use of Force
  IP.PS.009
• Forensic Patient Management
  IP.PS.010
• Conducted Energy Device (CED)
  IP.PS.011

(IP.SEC) Policies & Procedures

• Information - Program Requirements
  (formerly IP.PS.001) IP.SEC.001
• Information Security - Electronic Communications
  (formerly IS.SEC.002) IP.SEC.002
• Information Confidentiality and Security Agreements
  (formerly IS.SEC.005) IP.SEC.005
• Information Security - Roles and Responsibilities
  (formerly IS.SEC.006) IP.SEC.006
• Information Protection Program - Security Committees
  (formerly IS.SEC.007) IP.SEC.007
• Information Security - Information Security Agreement
  (formerly IS.SEC.008) IP.SEC.008
• Accountability for Risks Associated with Exceptions to the Information Security Standards
  (formerly IS.SEC.009) IP.SEC.009
• Information Security - Appropriate Access Conformance and Monitoring
  (formerly IS.SEC.021) IP.SEC.021