BPPM Revision #589

March 3, 2022

---

This BPPM revision includes the following changes:

WSU Information Security Roles, Responsibilities, and Definitions 87.01

This revision updates the roles, responsibilities, and definitions that support EP8 and EP37, and other sections in BPPM Chapter 87: Information Security.

Information Security Incident Management and Breach Notification 87.55

This new section provides requirements, responsibilities, and procedures for managing information security incidents.

NOTE: The following new sections are located in the new BPPM Chapter 88: Information Privacy.

Protected Health Care Information Breach Response 88.05

This new section provides requirements and procedures for managing protected health information (PHI) breach incidents.

Patient Access to Protected Health Information 88.10

This new section:

• Defines the rights of patients to access their protected health information (PHI) and health care information;
• Describes circumstances under which it is appropriate to permit such access; and
• Sets forth procedures for approving or denying a patient request for PHI or health care information access.