• Home
  • Administrative Privacy Regulations

Administrative Privacy Regulations


To implement and enforce the necessary policies, procedures and safeguards to protect the privacy of the information contained in the Designated Record Set (DRS).

Applies to: 

Students of Watkins Health Services

Policy Statement: 

Watkins Health Services (WHS) will comply with University policies and procedures as well as state and Federal laws that relate to the confidentiality and privacy of protected health information (PHI) in both paper and electronic format. This will be accomplished by:

  1. Providing administrative, technical, and physical safeguards to protect the PHI maintained by WHS.  These safeguards include:
    1. Appointing an individual to be responsible for on-site coordination of activities relating to compliance with university guidelines and state and federal privacy laws, and responsible for responding to complaints regarding WHS handling of PHI.
    2. Identification of those persons/classes in the WHS workforce who need access to PHI in order to carry out their duties.  Subsequently, identifying the categories of PHI to which access is needed and any conditions on that access.
    3. Instituting and auditing procedures that limit electronic system access to PHI needed for a WHS employee to perform the job (i.e., role-based access).
    4. Ensuring that all members of the WHS workforce (including student employees and volunteers) receive training at the time of hire and ongoing education on university policies and laws regarding confidentiality and privacy of patient information.
  2. Identifying the Business Associates and University support services who provide a service that involves access to PHI and documenting the necessary assurances of compliance with the applicable state and federal laws.
  3. Communicating to the WHS workforce their duty to report breaches of privacy or confidentiality.
  4. Working within University guidelines to mitigate, to the extent possible, any harmful effect of a use/disclosure of PHI that is in violation of applicable policies and procedures or requirement of state and federal law.
  5. Investigating violations of applicable policies or laws regarding confidentially and privacy of health information in accordance with WHS and University policies.
  6. Ensuring that, in accordance with university policies, appropriate sanctions for violations are imposed.
  7. Communicating to patients and others their right to submit complaints, questions or concerns regarding the use/disclosure of their PHI and the process to be followed.
  8. Communicating to patients and the WHS workforce that intimidation, retaliation or discrimination against patients or other individuals for exercising their rights are strictly prohibited.


All records that document compliance with this policy must be maintained for a minimum of six years.


Administrative Director
Watkins Health Services
1200 Schwegler Drive
Lawrence, KS 66045

Approved by: 
Watkins Health Services Administrative Director
Approved on: 
Saturday, February 1, 2003
Effective on: 
Saturday, February 1, 2003
Review Cycle: 
Annual (As Needed)
Privacy; PHI; Business Associates
Change History: 

07/01/2022: Policy published in the Policy Library as a live text page.
02/01/2022: Policy owner and approver changed from Associate Director to Administrative Director.
08/2008: Revised.
02/2003: Created.

Student Life Categories: 
Health & Wellness

Can't Find What You're Looking For?
Policy Library Search
New Policies in the last 30 days
KU Today
One of 34 U.S. public institutions in the prestigious Association of American Universities
Nearly $290 million in financial aid annually
44 nationally ranked graduate programs.
—U.S. News & World Report
Top 50 nationwide for size of library collection.
23rd nationwide for service to veterans —"Best for Vets," Military Times