APPENDIX A:  HIPAA PRIVACY RULE COMPLIANCE POLICY
Section
   1.   Purpose
   2.   Definitions
   3.   General statement of policy
   4.   Business associates
   5.   Patient privacy rights
   6.   Patient access request for access procedures
   7.   Storage of PHI
   8.   Procedure for amending PHI
   9.   Procedures for deidentification of PHI
   10.   Procedure for disposal of PHI
   11.   Administrative, technical and physical safeguards to protect PHI
   12.   Enforcement, sanctions and penalties for violations
   13.   Complaint procedure
   14.   Internal administration