Policies, Templates and Assessments

Executive Policy: HIPAA Hybrid Entity

Executive Policy 40: HIPAA Hybrid Entity Designation Policy

This policy identifies Washington State University (WSU) as a hybrid entity and designates its covered health care components, which include business associate functions (collectively “Health Care Components” or “HCC”), in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Protected Health Care Information (PHI) Breach Response Guide

If you are unsure if a breach has occurred please fill out our PHI Breach Response Form.

For Employees: PHIBreachResponseGuideForEmployees.pdf
For Supervisors and Managers: PHIBreachResponseGuideForSupervisors.pdf
For Privacy Officers:

Protected Health Care Information Breach Response Guide for Privacy Officers

Building Security Reminders

Use the building security reminders checklist as needed to review building security.

Policy Templates

These templates are for WSU Departmental use as the groundwork for departmental policies regarding HIPAA and Protected Health Information – Departments needing assistance or that have questions are encouraged to reach out.

Notice of Privacy Practice – Template

Risk Assessment

Multiple Risk Assessments are available for use ranging from isolated incidents to yearly departmental review.

The Security Risk Assessment Tool provided by the Office of the National Coordinator for Health Information Technology is available for WSU Health Care Components when completing their annual departmental risk assessment.
The SRA tool must be downloaded and installed to use; departments may need to work with their IT contacts for setup. 

Business Associate Agreements

WSU Departments who are considered covered entities must ensure that HIPAA Business Associate Agreements (BAA’s) are in place and up to date with partners regarding Protected Health Information (PHI) security as well as HIPAA compliance.

BAA’s need to go through the WSU Contracts process and procedure as outlined in BPPM 10.11

WSU Business Associate Decision Tree

WSU – Business Associate Agreement Decision Tree PDF