2,654
edits
Patient Privacy Investigations and Levels of Violation: Difference between revisions
Jump to navigation
Jump to search
Patient Privacy Investigations and Levels of Violation (view source)
Revision as of 09:01, October 13, 2020
, October 13, 2020no edit summary
mNo edit summary |
No edit summary |
||
| Line 59: | Line 59: | ||
'''Workforce''' means ACE member employees, volunteers, trainees, and other persons whose conduct, in the performance of work for the ACE member, is under the direct control of the ACE member, whether or not they are paid by the ACE member. | '''Workforce''' means ACE member employees, volunteers, trainees, and other persons whose conduct, in the performance of work for the ACE member, is under the direct control of the ACE member, whether or not they are paid by the ACE member. | ||
==Procedures== | ==Procedures== | ||
#Suspected patient privacy incidents shall be reported to the Privacy Office immediately for further investigation. | #Suspected patient privacy incidents shall be reported to the [mailto:Privacy@NebraskaMed.com Privacy Office] immediately for further investigation. | ||
##Workforce Members and Business Associates must immediately notify the Privacy Office of any suspected impermissible use or disclosure of PHI of which they are aware. The Privacy Office will investigate all reports to determine if the incident violates UNMC privacy and/or information security policies, HIPAA, or any other related federal or state privacy law or regulation. | ##Workforce Members and Business Associates must immediately notify the Privacy Office of any suspected impermissible use or disclosure of PHI of which they are aware. The Privacy Office will investigate all reports to determine if the incident violates UNMC privacy and/or information security policies, HIPAA, or any other related federal or state privacy law or regulation. | ||
##Individuals who desire to remain anonymous may report the violation or suspected violation through the Compliance Hotline at | ##Individuals who desire to remain anonymous may report the violation or suspected violation through the UNMC Compliance Hotline number at 844-348-9584. | ||
#For patient privacy investigations involving UNMC Workforce Members, the Privacy Office will work with UNMC Human Resources (Employee Relations). | #For patient privacy investigations involving UNMC Workforce Members, the Privacy Office will work with UNMC Human Resources (Employee Relations). | ||
##Privacy Office identifies or is notified of a potential privacy violation | ##Privacy Office identifies or is notified of a potential privacy violation. | ||
##Privacy Office will contact Employee Relations regarding violation | ##Privacy Office will contact Employee Relations regarding violation. | ||
##Privacy Office will lead the investigation | ##Privacy Office will lead the investigation. | ||
###Privacy Office will initiate contact with operational leadership (department managers) and other stakeholders | ###Privacy Office will initiate contact with operational leadership (department managers) and other stakeholders. | ||
###Employee Relations will coordinate interviews with employees | ###Employee Relations will coordinate interviews with employees. | ||
###Privacy Office participates in the interview process | ###Privacy Office participates in the interview process. | ||
##Privacy Office will discuss outcome of investigation with Employee Relations for input on Level of Breach | ##Privacy Office will discuss outcome of investigation with Employee Relations for input on Level of Breach. | ||
##Employee Relations will work with manager to determine next steps | ##Employee Relations will work with manager to determine next steps. | ||
##Employee Relations will notify the Privacy Office in writing of the final outcome including any corrective or disciplinary action | ##Employee Relations will notify the Privacy Office in writing of the final outcome including any corrective or disciplinary action. | ||
###Privacy violation documentation must be available for internal and external oversight and regulatory responses for a minimum of six (6) years | ###Privacy violation documentation must be available for internal and external oversight and regulatory responses for a minimum of six (6) years. | ||
#For patient privacy investigations involving dually employed, or solely employed members of the medical staff or community/private practice members of the medical staff, the Privacy Office will work with the Chief Medical Officer (CMO), Nebraska Medicine Medical Staff leadership, Legal Services, Chief of Staff and/or Clinical Chair as appropriate on proper course of action for investigation and outcome. | #For patient privacy investigations involving dually employed (UNMC/Nebraska Medicine), or solely employed members of the medical staff or community/private practice members of the medical staff, the Privacy Office will work with the Chief Medical Officer (CMO), Nebraska Medicine Medical Staff leadership, Legal Services, Chief of Staff and/or Clinical Chair as appropriate on proper course of action for investigation and outcome. | ||
##Privacy identifies or is notified of a potential privacy violation | ##Privacy identifies or is notified of a potential privacy violation. | ||
##Privacy contacts Chief Medical Officer regarding violation to initiate investigation | ##Privacy contacts Chief Medical Officer regarding violation to initiate investigation. | ||
###Privacy Office works with CMO on coordinating interviews with stakeholders, witnesses, and other key workforce members | ###Privacy Office works with CMO on coordinating interviews with stakeholders, witnesses, and other key workforce members. | ||
###Privacy Office and/or Legal Services will participate in the interview process | ###Privacy Office and/or Legal Services will participate in the interview process. | ||
##CMO discusses outcome of investigation with Privacy Office for input on Level of Breach | ##CMO discusses outcome of investigation with Privacy Office for input on Level of Breach. | ||
##CMO determines outcome and contacts Privacy Office, Nebraska Medicine and UNMC leadership as applicable to advise on next steps | ##CMO determines outcome and contacts Privacy Office, Nebraska Medicine and UNMC leadership as applicable to advise on next steps. | ||
##CMO will notify the Privacy Office in writing of the final outcome | ##CMO will notify the Privacy Office in writing of the final outcome. | ||
###Such documentation must be available for internal and external oversight and regulatory responses for a minimum of six (6) years, and the corrective action will be communicated to the Privacy Office. | ###Such documentation must be available for internal and external oversight and regulatory responses for a minimum of six (6) years, and the corrective action will be communicated to the Privacy Office. | ||
#Privacy Office will be responsible for any required notification as a result of a breach of patient privacy. | #Privacy Office will be responsible for any required notification as a result of a breach of patient privacy. | ||