Use and Disclosure of Protected Health Information: Difference between revisions

Jump to navigation Jump to search
no edit summary
No edit summary
No edit summary
Line 37: Line 37:
Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/publications/topic/hipaa.html#security-rule HIPAA Security Rule] outline considerations for the access control family of security controls.
Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/publications/topic/hipaa.html#security-rule HIPAA Security Rule] outline considerations for the access control family of security controls.
== Policy ==  
== Policy ==  
Nebraska Medicine/UNMC shall limit the use and disclosure of Protected Health Information (PHI) to the right people, for the right purposes, with the right authority, and always subject to reasonable safeguards -- all as defined by the [https://www.cdc.gov/phlp/publications/topic/hipaa.html Health Insurance Portability and Accountability Act of 1996 (HIPAA)]. Health Insurance Portability and Accountability Act of 1996 (HIPAA)] and Nebraska Medicine/UNMC policies.  
Nebraska Medicine/UNMC shall limit the use and disclosure of Protected Health Information (PHI) to the right people, for the right purposes, with the right authority, and always subject to reasonable safeguards -- all as defined by the [https://www.cdc.gov/phlp/publications/topic/hipaa.html Health Insurance Portability and Accountability Act of 1996 (HIPAA)] and Nebraska Medicine/UNMC policies.  
==Purpose==
==Purpose==
To establish guidelines for the use and disclosure of PHI.  
To establish guidelines for the use and disclosure of PHI.  
Line 253: Line 253:
===Designated Record Set (DRS)===
===Designated Record Set (DRS)===
Includes medical records and billing records about Individuals maintained by or for UNMC/ACE and any other record used by an ACE entity to make decisions about Individuals. Exact duplicates of records maintained by business associates are not considered part of the DRS.  
Includes medical records and billing records about Individuals maintained by or for UNMC/ACE and any other record used by an ACE entity to make decisions about Individuals. Exact duplicates of records maintained by business associates are not considered part of the DRS.  
===Health Care Operations ===
===Health Care Operations===
The following activities related to the Organization's functions as a health care provider and sponsor of a self-insured health plan:
The following activities related to the Organization's functions as a health care provider and sponsor of a self-insured health plan:
#Quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any studies resulting from such activities, otherwise these activities may be classified as research if PHI is included;
#Quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any studies resulting from such activities, otherwise these activities may be classified as research if PHI is included;
Line 271: Line 271:
#Evaluating healthcare provider and plan performance;
#Evaluating healthcare provider and plan performance;
#Resolution of internal grievances; and
#Resolution of internal grievances; and
#Fundraising (see restrictions below).
'''#Fundraising (see restrictions below).'''
===Health Information Exchange (HIE)===
===Health Information Exchange (HIE)===
The electronic movement of health-related information among organizations according to nationally recognized standards. The goal of a HIE is to facilitate health care providers’ access to and retrieval of clinical data to provide safer, timelier, efficient, effective and equitable patient-centered care. Health Information exchange organizations (HIOs) provide the capability to electronically move information between disparate health care information systems.  
The electronic movement of health-related information among organizations according to nationally recognized standards. The goal of a HIE is to facilitate health care providers’ access to and retrieval of clinical data to provide safer, timelier, efficient, effective and equitable patient-centered care. Health Information exchange organizations (HIOs) provide the capability to electronically move information between disparate health care information systems.  

Navigation menu