Pursuant to the HIPAA Privacy Regulations, the University, as a Covered Entity, must:
1. Have a Privacy Official;
2. Develop and implement Privacy policies and procedures;
3. Train its workforce (students, volunteers, employees) on HIPAA;
4. Adopt Privacy safeguards to protect PHI;
5. Establish a process for reporting Privacy violations;
6. Adhere to a “no retaliation” policy against individuals who submit Privacy complaints;
7. Impose sanctions for Privacy violations;
8. Mitigate harmful effects of damage from known Privacy violations; and
9. Prohibit waivers of patient Privacy rights.