Clinic Policies and Procedures Regarding Privacy & Security of Patient Information

PRINT DISCLAIMER: Official version of this document is accessible in the online policy library at https://policyoffice.ku.edu/. Printed copies may not reflect the most recent updates.

DOCUMENT TYPE:

Policy

PURPOSE:

To outline clinic policies and procedures pertaining to the handling of Protected Health Information on the Lawrence and Edwards campuses.

APPLIES TO:

University Clinics on the Lawrence and Edwards campuses and the employees, students, volunteers, trainees, agents, business associates, or subcontractors involved in the creation, receipt, transmission, storage, or disposition of Protected Health Information covered by the policy.

CAMPUS:

Edwards, Lawrence

POLICY STATEMENT:

See attachment. 

CONTACT:

Office of the Provost and Executive Vice Chancellor
785-864-4904
provost@ku.edu

Information Technology Security Office
785-864-9003
itsec@ku.edu

University Privacy Officer
913-588-0940 
cgriffith@ku.edu 

Anonymous Reporting Hotline
https://hotline.ku.edu

APPROVED BY:

HIPAA University Privacy Officer

APPROVED ON:

2013-05-22

EFFECTIVE ON:

2013-05-22

REVIEW CYCLE:

Annual (As Needed)

CHANGE HISTORY:

05/20/2025: Updated links. 
04/01/2025: Migration to TeamDynamix from Drupal.
09/27/2024: Updated contact section.
07/19/2024: Updated Policy Statement to an accessible PDF. Added Exclusions and Special Circumstances section. Updated Approver title.
09/05/2018: Updated Contact section.
04/15/2015: Posted updated version of the manual in the Policy Library. Prior to posting, this Manual was reviewed and approved by the HIPAA Committee, the Office of Institutional Compliance, the Information Technology Security Office, and the HIPAA Privacy Official.

Was this helpful?
0 reviews
Print Article

Related Articles (4)

Data Classification and Handling Procedures Guide
This Procedures Guide for the University community was created to help you effectively manage information in your daily mission-related activities. Determining how to protect & handle information depends on a consideration of the information’s type, importance, and usage. These procedures outline the minimum level of protection necessary when performing certain activities, based on the classification of the information being handled. Classification is necessary to understand which security p
HIPAA Compliance Policy
To describe the requirements pertaining to the handling of Protected Health Information (PHI) on the Lawrence and Edwards campuses.
Mental Health Resource Guide
The purpose of the Mental Health Resource Guide is to organize campus, local, state, and national resources concerning disability and accessibility.
Roles and Responsibilities for Information Management Policy
The proper stewardship and custodianship of University administrative information will facilitate access to data that supports the work of those with official educational or administrative responsibilities within the institution, consistent with legal, ethical, competitive, and practical considerations.This document informs information stewards, managers, custodians, and users of data of their responsibilities.Note:  Nothing in this document precludes or addresses the release of institutional da