TABLE OF CONTENTS
 March 21, 2005

Section 1.    Senior Management Statement

Section 2.    Introduction With Glossary of Terms

Section 3.    Administrative Safeguards
            
           3.1  Security Management Process
                   1. Risk Analysis
                   2. Risk Management
                   3. Information System Activity Review

            3.2 Discipline and Dismissal

            3.3  Security Officer

            3.4 Workforce Security

            3.5 Information Access Management

            3.6 Security Awareness and Training

            3.7 Security Incident Procedures

            3.8 Mitigation

            3.9 Contingency Operations Plan
                   1. Data Backup Plan
                   2. Disaster Recovery Plan
                   3. Emergency Mode Operation Plan
                   4. Testing and Revision Procedures
                   5. Applications and Data Criticality Analysis

            3.10 Evaluation

            3.11 Business Associate Agreements

Section 4.     Physical Safeguards

            4.1 Facility Access Controls

            4.2 Workstation Use

            4.3 Workstation Security

            4.4 Device and Media Controls

Section 5.    Technical Safeguards

            5.1 Access Control

            5.2 Audit Controls

            5.3 Integrity of Electronic Protected Health Information

            5.4 Person or Entity Authentication

            5.5 Transmission Security

Section 6.    Policy and Procedure, Documentation, Amendment, and Record Retention

—————————————————————————————                   
                           APPENDIX

3.7   Security Incident Response Form

4.4.1   Receipt of Hardware or Electronic Media Containing PHI Log Form

4.4.2   Request To Remove PHI From UTD Callier Center Form

4.4.3   PHI Destruction Log Form