Information protection (IP.DP) policies and procedures
(IP.GEN) policies and procedures
| Policy | Reference Number |
|---|---|
| Shredding Bin Use and Protection | IP.GEN.001 |
| Protecting and Mitigating Inappropriate or Unauthorized Access, Use and/or Disclosure of Personally Identifiable Information (PII) | IP.GEN.002 |
| Confidentiality Statements | IP.GEN.003 |
| Release of Company Data to External Entities | IP.GEN.004 |
| Global Privacy Policy – General Data Protection Regulation | IP.GEN.005 |
| Information Blocking Rule Compliance | IP.GEN.006 |
(IP.PRI) policies and procedures
Facility model policies
- Community Clergy to Patient Listings Under the HIPAA Standards Model Facility Policy
- Designated Record Set
- Determination, Uses and Disclosures of De-identified Information
- Fundraising Under the HIPAA Privacy Standards-HITECH
- Hybrid Entity
- Limited Data Set and Data Use Agreements
- Marketing Under the HIPAA Privacy Standards-HITECH
- Patient's Right to Opt Out of Being listed in Facility Directory
- Photographing, Video Monitoring-Recording, Audio Monitoring-Recording, and or Other Imaging Policy
- Privacy Complaint Process Policy
- Sanctions for Privacy and Information Security Violations Model Facility Policies
- Uses and Disclosures for which an Authorization or Opportunity to Agree or Object is Not Required Model Facility Policy
- Uses and Disclosures of Patient Health Info to Other Covered Entities and Health Care Providers Under the HIPAA Privacy Standard
- Uses and Disclosures of Protected Health Information for Involvement in the Patient's Care and Notification Purposes
- Uses and Disclosures Required by Law Policy
- Verification of External Requestors
(IP.PS) policies and procedures
| Policy | Reference Number |
|---|---|
| Theft and Violence in the Workplace (formerly IP.PS.006) |
IP.PS.002 |
| Active Shooter Hostile Event Response (ASHER) | IP.PS.003 |
| Chain of Custody - Illegal Items/Substances | IP.PS.004 |
| Infant Security Program | IP.PS.005 |
| Pediatric Security Program | IP.PS.007 |
| Search and Seizure | IP.PS.008 |
| Use of Force | IP.PS.009 |
| Forensic Patient Management | IP.PS.010 |
| Conducted Energy Device (CED) | IP.PS.011 |
(IP.SEC) policies and procedures
| Policy | Reference Number |
|---|---|
| Information - Program Requirements (formerly IP.PS.001) |
IP.SEC.001 |
|
Information Security - Electronic Communications (formerly IS.SEC.002) |
IP.SEC.002 |
|
Information Confidentiality and Security Agreements (formerly IS.SEC.005) |
IP.SEC.005 |
| Information Security - Roles and Responsibilities (formerly IS.SEC.006) |
IP.SEC.006 |
|
Information Protection Program - Security Committees (formerly IS.SEC.007) |
IP.SEC.007 |
|
Information Security - Information Security Agreement (formerly IS.SEC.008) |
IP.SEC.008 |
| Accountability for Risks Associated with Exceptions to the Information Security Standards (formerly IS.SEC.009) |
IP.SEC.009 |
|
Information Security - Appropriate Access Conformance and Monitoring (formerly IS.SEC.021) |
IP.SEC.021 |