Skip to main content Skip to navigation
Washington State University Compliance and Civil Rights



The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.  The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

The Privacy Rule is located at 45 CFR Part 160 and Subparts A and E of Part 164.

U.S. Department of Health & Human Services

Executive Policy – Hybrid Policy – coming soon 



On Demand trainings on HIPAA and WSU Policies and Procedures are available on the CCR Training Schedule

CCR – Training Schedule 

Policy Templates

These templates are for WSU Departmental use as the groundwork for departmental polices regarding HIPAA and Protected Health Information – Departments needing assistance or that have questions are encouraged to reach out.

Templates coming soon 

Business Associate Agreements

WSU Departments who are considered covered entities must ensure that HIPAA Business Associate Agreements (BAA’s) are in place and up to date with partners regarding Protected Health Information (PHI) security as well as HIPAA compliance.

BAA’s need to go through the WSU Contracts process and procedure as outlined in BPPM 10.11 

WSU Business Associate Decision Tree

WSU – Business Associate Agreement Decision Tree PDF