11. Must include a statement of who has access to protected health information, how it is used within the covered entity, and when it would or would not be disclosed to other entities.
22. U.S. Department of Health and Human Services . Retrieved June 9, 2011 from http://www.ihs.gov/AdminMngrResources/HIPAA/index.cfm?module=privacy_standards.
23. Wolper, L. (2011). Health care administration managing organized delivery systems (Fifth Edition). Sudbury, Massachusetts, Jones and Bartlett Publishers.