Access to Records Request Form - to be used by clients/patients who are requesting access to their own records

Accounting of Disclosures Request Form - to be used by clients/patients who wish to see a list of disclosures of their records

Amendment of Health Record Request Form - to be used by clients/patients who are requesting an amendment to their own records

Authorization For Release of Personal Health Information - to be completed by a client/patient who would like to authorize a person/organization to access/use his or her records (more in-depth than Authorization for Use and Disclosure of Health Information)

Authorization for Use and Disclosure of Health Information - to be completed by a client/patient who would like to
authorize a person/organization to access/use his or her records

Business Associate Contract - establishes rules and procedures that a business associate must follow in order to protect confidential information and to minimize the risk of unauthorized access, use, or disclosure

Business Associate Relationships - specifies when the organization may disclose an individual’s protected health information to a business associate of the organization and provisions that must be included in the organization’s contracts with business associates

Client and Participant Privacy Rights - establishes the privacy rights that the organization’s clients/patients have regarding the use and disclosure of their protected information and describes the process for filing a complaint should the client/patient feel those rights have been violated

De-identification of Client or Participant Information and Use of Limited Data Sets - establishes standards under which client/patient  information can be used and disclosed if information that can be used to identify the person has been removed or restricted

Disclosures of Protected Health Information (PHI) - to be completed by the organization upon disclosing a client/patient's PHI and kept on file in case the client/patient requests a list of disclosures

Employee Complaint Form - to be completed by an employee who wishes to lodge a complaint and that employee's supervisor/manager

Employee Training Log - to be signed by employees upon completion and understanding of HIPAA training

Enforcement, Sanctions, and Penalties for Violations of Individual Privacy - specifies the enforcement, sanction, penalty, and disciplinary actions that may result from violation of organizational policies regarding the privacy and protection of an individual’s information

Gap Analysis Document - hints for performing a preliminary Gap Analysis to determine where the organization is now and where it will have to get in order to be compliant with HIPAA

General Privacy - outlines the guidelines set forth by the organization for the collection, use, and disclosure of confidential information

HIPAA Administrative, Technical, and Physical Safeguards and Accounting Procedures - establishes criteria for safeguarding confidential     information and to minimize the risk of unauthorized access, use, or disclosure

HIPAA Checklist - a list of activities that need to be completed by the organization in order to become HIPAA compliant

HIPAA Notice of Privacy Practices - Employees - describes how information about employees may be disclosed and how the employee may gain access to his or her records

HIPAA Requirements Outline - a list of the HIPAA requirements

HIPAA Privacy Contact Job Description - describes the duties of the appointed Privacy Contact for a specific unit

HIPAA Privacy Officer Job Description - describes the duties of the appointed Privacy Officer for the organization

HIPAA Privacy Policies, Guiding Principles, and Forms - list of HIPAA policies and HIPAA-related forms

HIPAA Privacy Policy - description of HIPAA guidelines and the requirements for compliance

HIPAA Privacy Policy and Security Procedures - gives an overview of the organization's plan for protecting confidential information and minimizing the risk of unauthorized access, use, or disclosure

Minimum Necessary Information - describes the organization's policy towards disclosing the minimum amount of information necessary to improve the privacy of confidential information and while ensuring that  employees have access to the information they need to accomplish the mission, goals and objectives of the organization

Notice of Privacy Policy Receipt Acknowledgement - to be signed by an individual employee upon receipt of the organization's HIPAA Privacy Policy

Personal Health Information List - list of all information that is considered by HIPAA to be PHI

Privacy Policy Glossary - defines certain terms that are used throughout the HIPAA documents

Privacy Program Statement of Understanding - to be signed by individual employees upon reviewing, understanding, and agreeing to abide by all of the organization's HIPAA policies

Response to Request to Amend Protected Health Information - to be filled out by an employee and returned to the client/patient upon that individual's request to amend his or her PHI; lets the client/patient know what further action will be taken regarding the request

Restriction of Use and Disclosures Request Form - to be completed by a client/patient who wishes to limit the use or disclosure of specific bits of information

Safeguards Assessment Tool - helps managers and supervisors to decide whether confidential information is protected by reasonable administrative, technical and physical safeguards

Supervisor's List of Trained Employees - list of all employees who have received HIPAA training

Tracking PHI Flow - used to identify and track the flow of PHI throughout the organization and its departments/units

Uses and Disclosures of Client or Participant Information - specifies that client/patient  information cannot be used or disclosed without the individual’s prior authorization and identifies possible exceptions