HIPAA Privacy Rule: Forms and Other Resources

Federal regulations, known as the Health Insurance Portability and Accountability Act (HIPAA) privacy law, generally prohibit the use and disclosure of health information without written permission from the patient.  The policies located on https://policy.usc.edu/admin/ were developed to assist USC faculty and staff in complying with these regulations.  Questions about these policies should be directed to the USC Office of Ethics and Compliance at (213) 740-8258 or compliance@usc.edu.  Also, see Cooperation with Compliance Investigations policy.

 

General (100) Senior Vice President memorandum Dated February 19, 2003, to university community regarding compliance with HIPAA privacy rule.
Authorization Form [generic template] USC has developed specific template authorizations for uses/disclosures of health information for (1) research; (2), fundraising; (3) marketing and (4) special privacy considerations.  Those specific authorization forms can be found below.  This authorization form should be used and tailored for other uses and disclosures for which no other specific template document exists.  See USC Policy GEN-102 for further information regarding use of the authorization.
USC and DHS agreement to coordinate education efforts Explains the terms under which USC and Department of Health Services will accept the HIPAA education certification of the other institution.
Clinical Practices (200) Notice of Privacy Practices

Must be provided to patient no later than first clinical encounter; must be posted in conspicuous location at each clinical site
*See USC Policy CLIN-200 for further information regarding use of the Notice of Privacy Practices.
Research (300) Instructions for completing HIPAA authorization form See USC HIPAA Policy RES-301 for further information about using these forms.
HIPAA Research Authorization

This template has been reviewed and approved by the respective USC IRBs.  Please attach documents to the subject’s informed consent document.  Any proposed changes to this form must first be approved by the Office of Compliance.  Please see instructions for use for further information.
CERTIFICATION Request for Protected Health Information for Preparatory Research Activities Should be signed by USC researchers accessing health information for purposes of subject recruitment or for other purposes preparatory to research.  May ONLY be used in connection with USC-held protected health information.
CERTIFICATION Request for Decedent Protected Health Information Should be signed by investigators accessing USC or non-USC health information for purposes of conducting research on decedents
Data Use Agreement To be signed by all recipients of limited data sets.
Fundraising/Marketing (400) Authorization for USC Fundraising Activities This document should be signed prior to using individual identifiable health information (e.g., treatment, diagnosis) for fundraising activities.
Authorization for USC Marketing Activities This document should be signed prior to using individual identifiable health information (e.g., treatment, diagnosis) for marketing activities.
Authorization to Use Protected Health Information for Public Relations and Other Media Purposes

This document should be signed prior to using individual identifiable health information (e.g., treatment, diagnosis) for purposes of videotaping or filming interviews with patients for public relations purposes.
Education (500) Authorization to Use Protected Health Information for Education and Instruction

This document should be signed prior to using individual identifiable health information (e.g., treatment, diagnosis) for purposes of photographing or videotaping patients for education and instruction.
Patients’ Rights (600) Access Request Form Patients who request access to their health information must complete this form.
Denial of Access Form To be used when a clinical unit denies a patient’s request to access health information (see PAT 601 Access to Protected Health Information).
Request to Amend Form Patients who request an amendment to their health information must complete this form.
Acceptance of Request to Amend To be used when a clinical unit accepts a patient’s request to amend health information (see PAT 602 Patient Requests to Amend Protected Health Information).
Denial of Request to Amend To be used when a clinical unit denies a patient’s request to amend health information (see PAT 602 Patient Requests to Amend Protected Health Information).
Request for Accounting Form Patients who request an accounting of their health information must complete this form.
Accounting of Disclosures Tracking Log For internal use by clinical units to track accountable disclosures in accordance with the HIPAA privacy rule requirements.
Request to Receive Confidential Communications Patients who request to receive confidential communications about their health information by alternative means or at alternative locations pursuant to USC Policy PAT-605 must complete this form.
Business Associates (700) Business Associate Privacy and Security Addendum