UW-Madison - Policy Portfolio - Privacy

The Privacy policy portfolio includes policies related to privacy practices, for example, information collection, information sharing, permission for release of information, etc.

Privacy addresses the protection of privacy in an IT environment. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

  • Faculty Senate - Access to Faculty and Staff Electronic Files Policy

  • HIPAA (on compliance.wisc.edu)

    • 2.1 Notice of Privacy Practices (NPP)
    • 3.2 Uses and Disclosures of Protected Health Information That Require Patient Authorization
    • 3.3 Uses and Disclosures of PHI Not Requiring Patient Authorization
    • 3.4 Uses and Disclosures of PHI That Require Providing Patient with an Opportunity to Agree or Object
    • 3.5 Uses and Disclosures of Protected Health Information for Education and Training
    • 3.6 Uses and Disclosures of Protected Health Information for Marketing
    • 3.7 Uses and Disclosures of Protected Health Information for Fundraising
    • 3.8 Minimum Necessary Standard
    • 3.9 Verifying Identity and Authority of Persons Seeking Disclosure of a Patient's PHI
    • 3.10 Designated Record Set
    • 3.11 Sale of Protected Health Information Generally Prohibited
    • 5.1 De-identification of Protected Health Information Under the HIPAA Privacy Rule
    • 5.2 Creation of a Limited Data Set Under the HIPAA Privacy Rule
    • 7.1 Requests by Patients for an Accounting of Certain Disclosures
    • 7.2 Requests by Patients to Amend Protected Health Information
    • 7.3 Requests by Patients for Alternative Confidential Communications
    • 7.4 Requests by Patients for Access to Inspect and Obtain a Copy of Protected Health Information
    • 7.5 Requests by Patients for Restrictions on Uses and Disclosures of Protected Health Information
    • 8.5 Security of Faxed, Printed, and Copied Documents Containing Protected Health Information
    • 8.6 Email Communication Involving Protected Health Information
    • 10.1 Complaints Under the HIPAA Privacy Rule
  • IT Policy - Collection of Personal Identity Information via Email

  • UW-Madison IT Professionals - Guidelines, Best Practices, and Advice (on it.wisc.edu)

  • UW System - 25-3 Acceptable Use of Information Technology Resources (privacy and security provisions) (on wisconsin.edu)

Related Documents