Administrative and Business Practices
HIPAA Privacy Rule: Policies, Forms and Other Resources
Federal regulations, known as the Health Insurance Portability and Accountability Act (HIPAA) privacy law, generally prohibit the use and disclosure of health information without written permission from the patient. The following policies were developed to assist USC faculty and staff in complying with these regulations. Questions about these policies should be directed to the USC Office of Compliance at (213) 740-8258 or firstname.lastname@example.org.
- GEN-101 Education of Covered Workforce
Describes those individuals who are considered to be part of USC's covered workforce under the HIPAA Privacy Rule and who must complete USC's HIPAA Education program.
- GEN-102 When to Obtain Patient Authorizations to Use and Disclose Protected Health Information
Defines the elements of a valid HIPAA authorization and describes those circumstances when it is necessary to obtain an authorization from patients before using their identifiable health information.
- GEN-103 Public Policy Disclosures That Do Not Require Patient Authorization
Describes those circumstances wherefor public policy reasonsan authorization is not required prior to release of identifiable health information, e.g., subpoenas, public health activities, government oversight agencies, law enforcement, child and elder abuse.
- GEN-104 Limiting Uses and Disclosure of Protected Health Information to the Minimum Necessary
Describes the requirement that individuals only use and release the minimum amount of health information necessary to perform a particular task and to mitigate incidental disclosures.
- GEN-105 Disclosures of De-Identified Information
Describes the identifiers that must be removed in order for the health information to meet the criteria for de-identification under the HIPAA privacy rule.
- Senior Vice President memorandum, dated February 19, 2003, to university community regarding compliance with HIPAA privacy rule.
- Authorization Form [generic template]
USC has developed specific template authorizations for uses/disclosures of health information for (1) research; (2), fundraising; (3) marketing and (4) special privacy considerations. Those specific authorization forms can be found below. This authorization form should be used and tailored for other uses and disclosures for which no other specific template document exists. See USC Policy GEN-102 for further information regarding use of the authorization.
- USC and DHS agreement to coordinate education efforts
Explains the terms under which USC and Department of Health Services will accept the HIPAA education certification of the other institution.
Clinical Practices (200)
Non-Clinical Health Education (500)
- Uses and Disclosures of Protected Health Information for Non-Clinical Health Education and Instruction (PENDING)
Patients Rights (600)
Business Associates (700)
Office of Compliance