Information Privacy and Security


Access to Confidential Information IM  10-30.03
Access to Protected Patient Information by Job Role IM  10-30.24
Audit Logs and Activity Review for Electronic Systems
and Applications Containing Protected Health Information
IM  10-40.24
Authorization and Access to Electronic System
and Applications
IM  10-30.19
Authorization to Access Medical Records:  Self & Others IM  10-20.01
Breach Notification:  Unauthorized Access, Use or Disclosure
of Individually Identifiable Patient or Other Personal Information
IM  10-30.02
Business Associate Agreements IM  10-10.01
Computer Workstation and Lockout and Automatic Log-off
IM  10-30.16
Confidentiality of Protected Patient Information IM  10-30.01
De-Identification of Protected Health Information
and Use of a Limited Data Set
IM  10-30.07
Disposal of Confidential Information IM  10-30.18
Electronic Messaging of Individually Identifiable Patient
and Other Sensitive Information

   FAX Cover Sheet
IM  10-30.15
Faxing Confidential Information IM  10-10.03
Identity Theft Prevention and Response IM  10-30.04
Internet Monitoring and Filtering for
Clinical Workstations
IM  10-10.07
Patient Photography and Video Imaging
       How to upload an image to your computer
IM   10-30.17
Patient Request to Amend Protected Health Information IM   10-40.17
Patient Request to Restrict the Use of Information
Patient Requests for Restriction:  Service Estimate Methodology
IM  10-30.08
Patient Request for Confidential Communication IM  10-30.09
Patient Safety and Confidentiality:  No Information,
Security Risk, STAT and Alisas Designations
IM  10-30.08
Privacy and Information Security Training IM  10-30.05
Protection and Security of Protected Health Information IM  10-30.13
Releasing Patient Information and Coordinating Access to
Patients by External Law Enforcement Officials and Investigators

HHS: HIPAA Guide for Law Enforcement
IM  10-30.11
Sanctions for Privacy and Information Security Violations IM  10-30.12
Use and Disclosure of Protected Health Information IM  10-30.06


These policies are intended to provide guidance about reasonable and appropriate safeguards for the confidentiality, accuracy, and integrity of patient and other individually identifiable information. 
If you have questions or need assistance in interpretation or application of any of these policies, please contact the Privacy Office at 936-3594 or email the Privacy Office.

Thank you for taking the time to visit our website.  In order to serve our customers better, we ask that you take a moment to complete a short survey.  Your opinion and comments are informative and helpful to maintaining the VUMC Privacy and Security Website.   


This page was last updated March 14, 2014 and is maintained by