1,735
edits
Privacy/Confidentiality: Difference between revisions
Jump to navigation
Jump to search
→Additional Information: updated HIPAA Security Rule link
Mhurlocker (talk | contribs) No edit summary |
(→Additional Information: updated HIPAA Security Rule link) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 37: | Line 37: | ||
To maintain the privacy, confidentiality and security of patient and proprietary information and comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related regulations. For purposes of this policy, confidential information means protected health information and proprietary information. | To maintain the privacy, confidentiality and security of patient and proprietary information and comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related regulations. For purposes of this policy, confidential information means protected health information and proprietary information. | ||
Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/ | Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule] outline considerations for the access control family of security controls. | ||
== Policy == | == Policy == | ||
It is the policy of Nebraska Medicine/UNMC to maintain strict confidentiality and security of protected health information (PHI) and proprietary information. | It is the policy of Nebraska Medicine/UNMC to maintain strict confidentiality and security of protected health information (PHI) and proprietary information. | ||
| Line 62: | Line 62: | ||
##Transferring confidential information in any form without both parties having a need to know such confidential information. | ##Transferring confidential information in any form without both parties having a need to know such confidential information. | ||
#Nebraska Medicine/UNMC shall mitigate or reduce, to the extent practicable, any harmful effects of a use or disclosure of PHI in violation of its policies and procedures that is known to Nebraska Medicine/UNMC. | #Nebraska Medicine/UNMC shall mitigate or reduce, to the extent practicable, any harmful effects of a use or disclosure of PHI in violation of its policies and procedures that is known to Nebraska Medicine/UNMC. | ||
#All employees, the medical staff, allied health practitioners and members of the Workforce with access to confidential information shall sign Nebraska Medicine/UNMC Information Privacy, Confidentiality and Security Agreement or [https://www.unmc.edu/academicaffairs/_documents/compliance/statement_of_understanding. | #All employees, the medical staff, allied health practitioners and members of the Workforce with access to confidential information shall sign Nebraska Medicine/UNMC Information Privacy, Confidentiality and Security Agreement or [https://www.unmc.edu/academicaffairs/_documents/compliance/statement_of_understanding.pdf Statement of Understanding] upon initial employment/work/appointment/credentialing. | ||
#Workforce members who suspect a privacy or information security violation must report it immediately. Such reports may be made to their respective manager and the Privacy and/or Information Security Office. Alternatively, staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 800-822-8310. A full investigation of the suspected violation shall be conducted. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations. The Medical Staff and allied health practitioners shall report suspected violations to the [https://now.nebraskamed.com/leadership/ System Chief Medical Officer]. | #Workforce members who suspect a privacy or information security violation must report it immediately. Such reports may be made to their respective manager and the Privacy and/or Information Security Office. Alternatively, staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 800-822-8310. A full investigation of the suspected violation shall be conducted. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations. The Medical Staff and allied health practitioners shall report suspected violations to the [https://now.nebraskamed.com/leadership/ System Chief Medical Officer]. | ||
#Sanctions for violations of privacy or information security may include revocation of medical staff privileges or allied health credentials, or employee corrective action up to and including termination of employment (see UNMC Policy No. 6302, [[Patient Privacy Investigations and Levels of Violation]]). Civil and criminal fines and penalties can also be levied under HIPAA. | #Sanctions for violations of privacy or information security may include revocation of medical staff privileges or allied health credentials, or employee corrective action up to and including termination of employment (see UNMC Policy No. 6302, [[Patient Privacy Investigations and Levels of Violation]]). Civil and criminal fines and penalties can also be levied under HIPAA. | ||
| Line 135: | Line 135: | ||
*[https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information Procedures] | *[https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information Procedures] | ||
*[https://wiki.unmc.edu/index.php?title=Informed_Consent_for_UNMC_Media_Production_and_Distribution_Procedures Procedures for Obtaining Informed Consent for UNMC Audio-Visual Media Production and Distribution] | *[https://wiki.unmc.edu/index.php?title=Informed_Consent_for_UNMC_Media_Production_and_Distribution_Procedures Procedures for Obtaining Informed Consent for UNMC Audio-Visual Media Production and Distribution] | ||
*[https://www.unmc.edu/ | *[https://www.unmc.edu/human-resources/_documents/procedures/Procedures1097.pdf Human Resources Performance Management Procedures] | ||
*[https://info.unmc.edu/wiki/index.php/Faculty_Handbook UNMC Faculty Handbook: Operating Procedures] | *[https://info.unmc.edu/wiki/index.php/Faculty_Handbook UNMC Faculty Handbook: Operating Procedures] | ||
*[https://catalog.unmc.edu/general-information/ Student Handbook] | *[https://catalog.unmc.edu/general-information/ Student Handbook] | ||
*[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] | *[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] | ||
*[https://www.cdc.gov/phlp/ | *[https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html Health Insurance Portability and Accountability Act of 1996] (HIPAA) | ||
*[https://www.cdc.gov/phlp/ | *[https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule] | ||
*University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-bylaws.pdf?la=en Board of Regents Bylaws] | *University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-bylaws.pdf?la=en Board of Regents Bylaws] | ||
*University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-policies.pdf?la=en Board of Regents Policies] | *University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-policies.pdf?la=en Board of Regents Policies] | ||
| Line 149: | Line 149: | ||
*Executive Memorandum No. 41, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-on-research-and-data-security.pdf Policy on Research Data and Security] | *Executive Memorandum No. 41, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-on-research-and-data-security.pdf Policy on Research Data and Security] | ||
*Executive Memorandum No. 42, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-on-risk-classification-and-minimum-security-standards.pdf Policy on Risk Classification and Minimum Security Standards] | *Executive Memorandum No. 42, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-on-risk-classification-and-minimum-security-standards.pdf Policy on Risk Classification and Minimum Security Standards] | ||
*[https://www.unmc.edu/com/ | *[https://www.unmc.edu/com/_documents/ho_manual.pdf University of Nebraska Affiliated Hospital House Staff Manual 2023 – 2024] | ||
*[https://guides.unmc.edu/books/research-handbook Research Handbook] | *[https://guides.unmc.edu/books/research-handbook Research Handbook] | ||
*[https://www.unmc.edu/irb/ Institutional Review Board Guidelines] | *[https://www.unmc.edu/irb/ Institutional Review Board Guidelines] | ||