Facility Security

From University of Nebraska Medical Center
Jump to navigation Jump to search
Human Resources   Safety/Security   Research Compliance   Compliance   Privacy/Information Security   Business Operations   Intellectual Property   Faculty


Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training | Patient Privacy Investigations and Levels of Violation

Policy No.: 6067
Effective Date: 03/17/03
Revised Date: 07/14/17
Reviewed Date:11/12/20

Facility Security Policy

Basis for Policy

It is the policy of the University of Nebraska Medical Center (UNMC) to comply with authoritative guidelines, to ensure a safe and secure workplace for faculty, students, staff, patients and visitors, and to protect the University. Further, it is the policy of UNMC to protect confidentiality and privacy through appropriate use of information gathered in the course of employment or other affiliation with UNMC or entrusted to UNMC for academic, research, patient care, or administrative purposes.

Policy

All exterior doors to buildings and interior doors to clinics and offices housing protected health information (PHI) or confidential proprietary information will be locked after normal business hours, including weekends and holidays.

Exterior and interior doors are secured by means of mechanical and/or electronic locking mechanisms.

Department Personnel Responsibilities

  • Knowing who should legitimately be in their work area
  • Observing and reporting immediately any suspicious activities and/or individuals acting in a suspicious manner:
  • Contact Campus Security, 402-559-5111 for occurrences on main campus
  • Contact 911 for occurrences off main campus
  • Securing offices and other areas containing PHI or confidential proprietary information when not in use

Securing Campus Buildings After Normal Business Hours

  • Campus buildings which include, but are not limited to Clarkson Tower, University Tower and Durham Outpatient Center which house confidential information are protected by a variety of physical security measures to prevent unauthorized individuals from gaining access.
  • Campus Security will control facility access, including locking, unlocking and restricting access during designated hours.
  • Campus Security will conduct routine patrols of all buildings (both interior and exterior) after normal business hours.
  • Campus Security will check any individual found in a secured area after hours for proper authorization.

After Hours Access to Campus Buildings/Departments

  • Workforce authorized to access specific buildings and/or departments within a building may have a key issued to them in accordance with Key Control Procedures.
  • If card access is available to a building or department, workforce authorized access to the building/department may be granted access via card access in accordance with UNMC Policy No. 6009, Secure Area Card Access Control.

Securing Clinics and Health Care Centers Located Off Main Campus

  • Managers of locations off the main campus are responsible for:
  • Evaluating and performing a risk assessment for their Clinic/Healthcare Center
  • Working with Facilities Management and Planning and Campus Security to develop appropriate policies and procedures for securing their work areas
  • Training and instructing staff members on how to properly secure patient-related information
  • Securing buildings after hours
  • Securing Department Areas During Cleaning
  • Department management, in conjunction with Environmental Services (EVS) management, is responsible for performing a risk assessment of the physical security of the area when cleaning of the area takes place
  • It is department management's responsibility to know the cleaning schedule and to inform EVS of any changes which might impact the physical security of the area during the cleaning hours.
  • If after normal business hours, EVS will ensure that the main door to the area remains locked where possible. If it is not possible to lock off the area, EVS and department management will evaluate options to mitigate the risk.

Definitions

Privacy is defined as the right of individuals to keep information about themselves from being disclosed.
Proprietary information refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records as defined in UNMC Policy No. 6045, Privacy/Confidentiality Privacy, Confidentiality and Security of Patient and Proprietary Information.
Protected Health Information (PHI)

Individually identifiable health information including demographic information, collected from an Individual, whether oral or recorded in any medium, that:

  • is created or received by UNMC/ACE; and
  • relates to the past, present or future physical or mental health or condition of an Individual; the provision of health care to an Individual; or the past, present or future payment for the provision of health care to an Individual and identifies the Individual or with respect to which there is a reasonable basis to believe the information can be used to identify the Individual.

PHI includes genetic information, which includes information about:

  • an Individual’s genetic tests;
  • the genetic tests of an Individual’s family members; or
  • the manifestation of a disease or disorder in such Individual’s family members (i.e., family medical history).

PHI excludes:

  • individually identifiable health information of a person who has been deceased for more than fifty (50) years.
  • education records covered by the Family Educational Rights and Privacy Act (FERPA); and
  • employment records held by UNMC in its role as employer.
    Workforce refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.

Additional Information


This page maintained by dkp.