PHI Privacy Policy Trust Interoperability Profile

Table of Contents

Overall Organization

Trustmark Definition Checklist

Policy: Purpose Statement

Issuance Criteria:
yes(ALL)


Policy: Policy Applicability and Legal Compliance

Issuance Criteria:
yes(ALL)


Policy: Definitions

Issuance Criteria:
yes(ALL)


Information Sharing Policy: Acquiring and Receiving Information

Issuance Criteria:
yes(ALL)


PHI Privacy Policy: Program Evaluation and Research

Issuance Criteria:
yes(ALL)


Information Sharing Policy: Merging Records

Issuance Criteria:
yes(ALL)


PHI Privacy Policy: Use and Disclosure

Issuance Criteria:
yes(ALL)


Redress Policy

Issuance Criteria:
yes(ALL)


Information Sharing Policy: Information Security Safeguards

Issuance Criteria:
yes(ALL)


Information Sharing Policy: Information Retention and Destruction

Issuance Criteria:
yes(ALL)


Information Sharing Policy: Training

Issuance Criteria:
yes(ALL)


PHI Privacy Policy: Governance and Oversight

Issuance Criteria:
yes(ALL)


Information Sharing Policy: Governance and Oversight

Issuance Criteria:
yes(ALL)


PHI Privacy Policy: Information

Issuance Criteria:
yes(ALL)


Information Sharing Policy: Information

Issuance Criteria:
yes(ALL)


PHI Privacy Policy: Information Quality Assurance

Issuance Criteria:
yes(ALL)


Information Sharing Policy: Information Quality Assurance

Issuance Criteria:
yes(ALL)


PHI Privacy Policy: Accountability and Enforcement

Issuance Criteria:
yes(ALL)


Information Sharing Policy: Accountability and Enforcement

Issuance Criteria:
yes(ALL)


PHI Privacy Policy Trust Interoperability Profile

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/PHI-policy-TIP/1.0/

Description:
This Trust Interoperability Profile specifies requirements for creating a PHI Privacy Policy for exchanging Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2.

References

Trustmark Definition Requirements

Trust Interoperability Profiles

Trust Expression:

Generic-A-TD AND Generic-B-TD AND PHI-C-TIP AND Generic-D-TD AND PHI-E-TIP AND IS-F-TD AND PHI-G-TIP AND PHI-H-TD AND IS-I-TD AND PHI-J-TD AND Redress-TD AND IS-L-TD AND IS-M-TD AND PHI-N-TIP AND IS-O-TD

Policy: Purpose Statement Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/generic-policy-purpose-statement/1.0/

Description:
This Trustmark Definition defines requirements for creating the Purpose Statement aspects of a generic Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Policy: Purpose Statement

Description: The policy MUST contain the required Purpose sections.

Issuance Criteria:
yes(ALL)

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/generic-policy-policy-applicability-and-legal-compliance/1.0/

Description:
This Trustmark Definition defines requirements for creating the Policy Applicability and Legal Compliance aspects of a generic Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Description: The policy MUST contain the required Policy Applicability and Legal Compliance sections.

Issuance Criteria:
yes(ALL)

Policy: Definitions Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/generic-policy-definitions/1.0/

Description:
This Trustmark Definition defines requirements for creating the Definitional aspects of a generic Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Policy: Definitions

Description: The policy MUST contain the required Definitions sections.

Issuance Criteria:
yes(ALL)

Information Sharing Policy: Acquiring and Receiving Information Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/IS-policy-acquiring-and-receiving-information/1.0/

Description:
This Trustmark Definition defines requirements for creating the Acquiring and Receiving Information aspects of an Information Sharing Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Information Sharing Policy: Acquiring and Receiving Information

Description: The policy MUST contain the required Acquiring and Receiving Information sections.

Issuance Criteria:
yes(ALL)

PHI Privacy Policy: Program Evaluation and Research Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/PHI-policy-program-evaluation-and-research/1.0/

Description:
This Trustmark Definition defines requirements for creating the Program Evaluation and Research aspects of a PHI Privacy Policy for exchanging Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

PHI Privacy Policy: Program Evaluation and Research

Description: The policy MUST contain the required Program Evaluation and Research sections.

Issuance Criteria:
yes(ALL)

Information Sharing Policy: Merging Records Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/IS-policy-merging-records/1.0/

Description:
This Trustmark Definition defines requirements for creating the Merging Records aspects of an Information Sharing Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Information Sharing Policy: Merging Records

Description: The policy MUST contain the required Merging Records sections.

Issuance Criteria:
yes(ALL)

PHI Privacy Policy: Use and Disclosure Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/PHI-policy-use-and-disclosure/1.0/

Description:
This Trustmark Definition defines requirements for creating the Use and Disclosure aspects of a PHI Privacy Policy for exchanging Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

PHI Privacy Policy: Use and Disclosure

Description: The policy MUST contain the required Use and Disclosure sections.

Issuance Criteria:
yes(ALL)

Redress Policy Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/contractual-agreements/Redress-Policy/1.0/

Description:
This Trustmark Definition defines conformance for an organization having a Redress Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Redress Policy

Description: The organization MUST have an acceptable Redress Policy.

Issuance Criteria:
yes(ALL)

Information Sharing Policy: Information Security Safeguards Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/IS-policy-information-security-safeguards/1.0/

Description:
This Trustmark Definition defines requirements for creating the Information Security Safeguards aspects of an Information Sharing Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Information Sharing Policy: Information Security Safeguards

Description: The policy MUST contain the required Information Security Safeguards sections.

Issuance Criteria:
yes(ALL)

Information Sharing Policy: Information Retention and Destruction Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/IS-policy-information-retention-and-destruction/1.0/

Description:
This Trustmark Definition defines requirements for creating the Information Retention and Destruction aspects of an Information Sharing Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Information Sharing Policy: Information Retention and Destruction

Description: The policy MUST contain the required Information Retention and Destruction sections.

Issuance Criteria:
yes(ALL)

Information Sharing Policy: Training Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/IS-policy-training/1.0/

Description:
This Trustmark Definition defines requirements for creating the Training aspects of an Information Sharing Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Information Sharing Policy: Training

Description: The policy MUST contain the required Training sections.

Issuance Criteria:
yes(ALL)

PHI Privacy Policy: Governance and Oversight Trust Interoperability Profile

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/PHI-policy-governance-and-oversight-TIP/1.0/

Description:
This Trust Interoperability Profile specifies requirements for creating the Governance and Oversight aspects of a PHI Privacy Policy for exchanging Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2.

References

Trustmark Definition Requirements

Trust Interoperability Profiles

Trust Expression:

PHI-C-TD AND IS-C-TD

PHI Privacy Policy: Governance and Oversight Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/PHI-policy-governance-and-oversight/1.0/

Description:
This Trustmark Definition defines requirements for creating the Governance and Oversight aspects of a PHI Privacy Policy for exchanging Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

PHI Privacy Policy: Governance and Oversight

Description: The policy MUST contain the required Governance and Oversight sections.

Issuance Criteria:
yes(ALL)

Information Sharing Policy: Governance and Oversight Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/IS-policy-governance-and-oversight/1.0/

Description:
This Trustmark Definition defines requirements for creating the Governance and Oversight aspects of an Information Sharing Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Information Sharing Policy: Governance and Oversight

Description: The policy MUST contain the required Governance and Oversight sections.

Issuance Criteria:
yes(ALL)

PHI Privacy Policy: Information Trust Interoperability Profile

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/PHI-policy-information-TIP/1.0/

Description:
This Trust Interoperability Profile specifies requirements for creating the Information aspects of a PHI Privacy Policy for exchanging Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2.

References

Trustmark Definition Requirements

Trust Interoperability Profiles

Trust Expression:

PHI-E-TD AND IS-E-TD

PHI Privacy Policy: Information Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/PHI-policy-information/1.0/

Description:
This Trustmark Definition defines requirements for creating the Information aspects of a PHI Privacy Policy for exchanging Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

PHI Privacy Policy: Information

Description: The policy MUST contain the required Information sections.

Issuance Criteria:
yes(ALL)

Information Sharing Policy: Information Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/IS-policy-information/1.0/

Description:
This Trustmark Definition defines requirements for creating the Information aspects of an Information Sharing Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Information Sharing Policy: Information

Description: The policy MUST contain the required Information sections.

Issuance Criteria:
yes(ALL)

PHI Privacy Policy: Information Quality Assurance Trust Interoperability Profile

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/PHI-policy-information-quality-assurance-TIP/1.0/

Description:
This Trust Interoperability Profile specifies requirements for creating the Information Quality Assurance of a PHI Privacy Policy for exchanging Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2.

References

Trustmark Definition Requirements

Trust Interoperability Profiles

Trust Expression:

PHI-G-TD AND IS-G-TD

PHI Privacy Policy: Information Quality Assurance Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/PHI-policy-information-quality-assurance/1.0/

Description:
This Trustmark Definition defines requirements for creating the Information Quality Assurance aspects of a PHI Privacy Policy for exchanging Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

PHI Privacy Policy: Information Quality Assurance

Description: The policy MUST contain the required Information Quality Assurance sections.

Issuance Criteria:
yes(ALL)

Information Sharing Policy: Information Quality Assurance Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/IS-policy-information-quality-assurance/1.0/

Description:
This Trustmark Definition defines requirements for creating the Information Quality Assurance aspects of an Information Sharing Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Information Sharing Policy: Information Quality Assurance

Description: The policy MUST contain the required Information Quality Assurance sections.

Issuance Criteria:
yes(ALL)

PHI Privacy Policy: Accountability and Enforcement Trust Interoperability Profile

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/PHI-policy-accountability-and-enforcement-TIP/1.0/

Description:
This Trust Interoperability Profile specifies requirements for creating the Accountability and Enforcement aspects of a PHI Privacy Policy for exchanging Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2.

References

Trustmark Definition Requirements

Trust Interoperability Profiles

Trust Expression:

PHI-N-TD AND IS-N-TD

PHI Privacy Policy: Accountability and Enforcement Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/PHI-policy-accountability-and-enforcement/1.0/

Description:
This Trustmark Definition defines requirements for creating the Accountability and Enforcement aspects of a PHI Privacy Policy for exchanging Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

PHI Privacy Policy: Accountability and Enforcement

Description: The policy MUST contain the required Accountability and Enforcement sections.

Issuance Criteria:
yes(ALL)

Information Sharing Policy: Accountability and Enforcement Trustmark Definition

URI:
http://ncsc.org/trustmarks/trustmark-definitions/PHI-privacy-policy/IS-policy-accountability-and-enforcement/1.0/

Description:
This Trustmark Definition defines requirements for creating the Accountability and Enforcement aspects of an Information Sharing Policy.

Metadata

Key Value
tf:TargetStakeholderDescription Organizations that are interested in safely and legally exchanging information in a manner that complies with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRecipientDescription Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with with HIPAA and 42 CFR Part 2 regulations.
tf:TargetRelyingPartyDescription Organizations and individuals that require their trusted partners' computer and information systems to comply with HIPAA and 42 CFR Part 2 regulations.
tf:TargetProviderDescription Organizations that audit or evaluate other organizations for compliance with HIPAA and 42 CFR Part 2 regulations.
tf:ProviderEligibilityCriteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
tf:AssessorQualificationsDescription Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
tf:TrustmarkRevocationCriteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
tf:ExtensionDescription This Trustmark Definition requires no extension data.
tf:LegalNotice This document and the information contained herein is provided on an “AS IS” basis, and the National Center for State Courts disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the National Center for State Courts disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
tf:Notes The National Center for State Courts (NCSC) has published this document with the support of the [TBD] via [TBD]. The views expressed herein do not necessarily reflect the official policies of NCSC, [TBD], or [TBD]; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria

Information Sharing Policy: Accountability and Enforcement

Description: The policy MUST contain the required Accountability and Enforcement sections.

Issuance Criteria:
yes(ALL)

Glossary

Term Definition
HIPAA Health Insurance Portability and Accountability Act of 1996
PHI Protected Health Information
Redress Laws, policies, and procedures that address public entity responsibilities with regard to access/disclosure and correction of information and the handling of complaints from persons regarding protected information about them which is under the entity’s control and which is exempt from disclosure and not disclosed to the individual to whom the information pertains.