Changes

Jump to: navigation, search

Privacy/Confidentiality

678 bytes added, 19:12, July 16, 2021
no edit summary
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"
width="20">[[Intellectual Property]]</td>
<td style="border-bottom:2px solid #A3B1BF" width="3">&#160;</td>
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"
width="20">[[Faculty]]</td>
</tr>
</table>
Policy No.: '''6045'''<br />
Effective Date: '''11/21/03'''<br />
Revised Date: '''0807/2801/1819'''<br />Reviewed Date: '''0806/2817/1819'''<br />
<br />
<big>'''Privacy, Confidentiality and Security of Patient and Proprietary Information Policy'''</big><br /><br />
:*is created or received by ACE; and
:*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
*'''Workforce''' means employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC is under the direct control of UNMC, whether or not they are paid by UNMC.
==Other Definitions==
*'''Controlled Unclassified Information (CUI)''' as defined by U.S. Presidential Executive Order 13556 is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.
*'''Proprietary Information''' is information relating to business practices, including but not limited to financial statements, contracts, and business plans; employee records; student records; and meeting minutes.
*'''Student Education Records''' means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person who is employed by UNMC by virtue of his or her status as a student at UNMC (e.g. work study, assistantships, resident assistants), (iv) alumni record and (v) medical record that is part of the common medical record shared by the Affiliated Covered Entity. Student education records are covered by the Family Educational Rights and Privacy Act (FERPA).
*'''Workforce''' means employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC is under the direct control of UNMC, whether or not they are paid by UNMC.
==Procedures==
===Patient Information===
*The ACE is responsible for safeguarding and protecting PHI against loss, tampering, and disclosure to unauthorized individuals. The safeguarding of PHI in any form includes when the information is stored and/or being transferred outside the facility (see UNMC Policy No. 6073, [[Transporting Protected Health Information]]).
*ACE workforce have a duty to protect PHI. Breach of this duty includes the following:
:*Accessing PHI, in any form, without a "need to know" to perform assigned duties. Workforce members with medical information system may not access may view their own individual medical records. Workforce members may not print copies of their own records nor access records of family members (including children), relatives, friends and others, unless access is necessary to perform assigned duties. Workforce members may obtain a copy of their medical records from the Health Information Management Department. Workforce may not alter their own medical recordvia the online patient portal.
:*Discussing or disclosing patient care events to individuals who do not have a “need to know” to perform assigned duties, even if the patient’s name is not mentioned. The facts surrounding patient care are confidential and can lead to the identity of the patient.
:*Disclosing PHI without proper authorization (see UNMC Policy No. 6057, [[Use and Disclosure of Protected Health Information]]);
:*Transferring PHI in any form without both parties having a need to know.
*The ACE shall reasonably mitigate or reduce any harmful effects that may result from privacy breaches.
*All employees, medical staff, allied health practitioners and members of the workforce with access to PHI shall sign UNMC [https://www.unmc.edu/hipaaacademicaffairs/policies_documents/6045-exhibit-a-statement-of-understandingcompliance/Statement_of_Understanding.pdf Statement of Understanding (Exhibit A)] upon initial employment/work/appointment/credentialing.
*Workforce members who suspect a privacy or information security violation must report it immediately to their respective manager and the Privacy and/or Information Security Office. A full investigation of the suspected violation shall be conducted. Staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 844-348-9548. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations. The Medical Staff and allied health practitioners shall report suspected violations to the System Chief Medical Officer.
*Sanctions for violations of privacy or information security may include revocation of medical staff privileges, allied health credentials, or employee corrective action up to and including termination of employment (see UNMC Policy No. 1098, [https://wiki.unmc.edu/index.php/Corrective/Disciplinary_Action Corrective and Disciplinary Action]). Civil and criminal fines and penalties can also be levied under HIPAA.
*Contact the [mailto:debrbishop@nebraskamed.com Privacy] or [mailto:libazis@nebraskamed.com Information Security] Officers
*Contact Human Resources – Records at 402-559-8962 or Human Resources - Employee Relations
*Exhibit A - [https://www.unmc.edu/hipaaacademicaffairs/policies_documents/6045-exhibit-a-statement-of-understandingcompliance/Statement_of_Understanding.pdf Statement of Understanding]
*Exhibit B - [https://www.unmc.edu/hipaa/_documents/6045-Exhibit-B-SSN-Student.docx Use of Student Social Security Number Exception]
*Exhibit C - [https://www.unmc.edu/hipaa/_documents/6045-Exhibit-C-SSN-Employee.docx Use of Employee Social Security Number Exception]
*[https://info.unmc.edu/its-security/policies/plan.html Information Security Plan]
*[http://www.unmc.edu/hipaa/_documents/telehealth-final.pdf Telehealth Procedures]
*[httphttps://www.unmc.edu/mediahipaa/compliance_documents/privacy_incident_response_and_breach_notification_proceduresprivacy-incident-response-and-breach-notification-procedures.pdf Privacy Incident Response and Breach Notification Procedures]*[https://nebraska.edu/siteoffices-information.html?redirect=true policies/general-counsel/practice-areas/intellectual-property Copyright and Disclaimer]
*[https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information Procedures]
*[http://wiki.unmc.edu/index.php?title=Informed_Consent_for_UNMC_Media_Production_and_Distribution_Procedures Procedures for Obtaining Informed Consent for UNMC Audio-Visual Media Production and Distribution]
*Nebraska Free Flow of Information Act (§ 20-144, 20-145, 20-146, 20-1470)
*[http://nebraskalegislature.gov/laws/laws.php Nebraska Rev. Statutes] § 84-712, 84-712.01, 84-712.02, 84-712.03, 84-712.04, 84-712.05, 84-712.06, 84-712.07, 84-712.08, 84-712.09
*University of Nebraska [httphttps://www.nebraska.edu/bylaws-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-bylaws.html pdf?la=en Board of Regents Bylaws ]*University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and -policies/policies/board-governing-documents/board-of-regents-policies.pdf?la=en Board of Regents Policies]*[httphttps://www.nebraska.edu/-/media/unca/docs/presidentoffices-and-policies/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systemspolicies/executive-memorandum/policy-for-responsible-use-of-university-computers-and-information-systems.pdf Executive Memorandum No. 16, Policy for Responsible Use of University Computers and Information Resources, Technology and NetworksSystems]*[https://nebraska.edu/-/media/unca/docs/presidentoffices-and-policies/22%20Public%20Record%20Requestspolicies/executive-memorandum/public-records-request.pdf Executive Memorandum No. 22, Public Record Requests]*[https://nebraska.edu/-/media/unca/docs/presidentoffices-and-policies/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29policies/executive-memorandum/university-of-nebraska-information-security-plan.pdf Executive Memorandum No. 26, Information Security Plan- Gramm Leach Bliley Compliance]*[https://nebraska.edu/-/media/unca/docs/presidentoffices-and-policies/27%20HIPAA%20Compliancepolicies/executive-memorandum/hipaa-compliance-policy.pdf Executive Memorandum No. 27, HIPAA Compliance Policy]
*[https://www.unmc.edu/com/about/gme/housestaffmanual.pdf University of Nebraska Affiliated Hospital House Staff Manual 2018 – 2019]
*[https://www.unmc.edu/vcr/about/research-handbook-web.pdf Research Handbook]

Navigation menu