As of December 15, 2014

Privacy and Security (Administration, Physical and Technical) Policies
Policies are listed in Alphabetical Order regardless of Number.


A. Privacy

Business Associates PRI102 (U08/31/09)
Fundraising and Protected Health Information PRI114 (U08/31/09)
      Form-  No Further Development Communication Form

Minimum Necessary Disclosures of PHI PRI110 (U08/31/09)
     FormRoutine and Recurring Disclosure of PHI Not Related to Treatment (R05/15)

     Form - Non-Treatment Related Disclosure of Entire Medical Records (Rev05/15)

Minimum Necessary Requests for PHI PRI111 (U08/31/09)
     FormNon Treatment Related Request of Medical Records (R09/09)

     Form: Routine and Recurring Requests of PHI Not Related to Treatment (Rev05/15)

Minimum Necessary Uses of PHI PRI109 (U08/31/09)
     FormRole Based Minimum Necessary PHI for Treatment Rev 05/15

     Form: Role Base Minimum Necessary Uses of PHI for Operations (Rev 05/15)

   Form - Role Based Minimum Necesary Uses of PHI for Payment (Rev 05/15)

Notice of Privacy Practices PRI100 (U08/31/09)
      Form - Notice of Privacy Practices for Patients (Rev03/13/13)

Patient Privacy and Marketing PRI113 (U08/31/09)
     FormRecord of Individual No Further Marketing Communication R0909

Patient Privacy Rights PRI103 (U08/31/09)

Patient Requests for Access to Health Information for Inspection and/or Copying PRI106 (U08/31/09)
     FormAcceptance of Request for Access to PHI R09/09
     FormRequest for Access to PHI R09/09

     Form- Denial of Request for Access to PHI (Rev05/15)

Patient Requests for Confidential Communications PRI105 (U08/31/09)
     FormEmail Permission Form N1-12
     FormRequest for Confidential Communication R09/09

Patient Requests for Restrictions on the Use and Disclosure of PHI  PRI104 (U08/31/09)
     FormRequest for Restrictions R09/09

Patient Requests to Amend Health Care Information PRI107 (U08/31/09)
     FormAcceptance to Request to Amend PHI R09/09

      Form-Denial of Request to Amend PHI (Rev 05/15)

Privacy of the Heath Information of Deceased Patients PRI115 (U08/31/09)

Privacy Training for Staff and Volunteers PRI116 (U08/31/09)

Requests for an Accounting of Disclosures of Health Care Information PRI108 (U08/31/09)

Sanctions for Privacy Violations PRI112 (U08/31/09)

Use of Authorizations PRI101 (U08/31/09)
     FormPatient Authorization Form (R08/08)
    FormRevocation of Authorization (R09/09)

B. Security

     1. Administrative

Business Associates SEC200 (U08/10)
Evaluation SEC201 (U08/10)
Information Access Management SEC 202 (U08/10)
Information System Activity Review SEC 207 (U08/10)
Password Management SEC 204 (R12/14)
Protection from Malicious Software SEC205(U11/10)
Risk Analysis SEC208 (U08/10)
Risk Management SEC209 (U08/10)
Sanction Policy SEC 210 (U11/10)
Security Awareness and Training SEC203 (U08/10)
Security Incidents SEC 206 (U08/10)

      Form: Risk Assessment Worksheet (Rev 06/15)

     Form: Security Incident Report (Rev 02/13)

     Form: Security Incident Report Log (Rev 06/15)

Workforce Security SEC 211 (U08/10)

    Form: Termination of Computer Access Checklist (Rev 08/10)

     2. Physical

Device and Media Control SEC212  (U11/10)
Facility Access Controls SEC 213 (U08/10)
Workstation Use and Workstation Security SEC214  (U11/10)

    3. Technical

Integrity of Electronic Protected Health Information  SEC216 (U11/10)
Person or Entity Authentication SEC 217 (U11/10)
Technical Access Control SEC215 (U11/10)
Transmission Security SEC218 (U11/10)