UAB HIPAA Core Policies

UAB HIPAA Core Policies


UAB has policies that govern how the organization and its personnel shall operate in order to meet HIPAA regulations. Click on policy titles below to view individual policies. For more information, please visit


HIPAA Policies Index 


Privacy Core Policies

HIPAA Administration

Use & Disclosure of Health Information

Use & Disclosure of Health Information for Marketing

Use & Disclosure of Health Information for Fundraising

Use & Disclosure of Identifiable Health Information for Research

Patient Health Information Rights


Security Core Policies

Media Reallocation and Disposal

Information System Account Management

Internet and eMail Use

Information Systems & Network Access

Contingency Planning

Risk Analysis and Management of EPHI

Information Security and Privacy Incident Response

Use of Portable Devices


Other Health System-Related Policies

Designated Record Set

Release of Protected Health Information

Patient Requests for Restrictions, Managment of

Patient Access to Protected Health Information

Request for Amendments to Protected Health Information

Accounting of Disclosures

HS Retention Policy


Other University-Related Policies

Records Retention Policy