2,654
edits
No edit summary |
No edit summary |
||
Line 31: | Line 31: | ||
* [http://www.nebraska.edu/docs/president/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29.pdf University of Nebraska Executive Memorandum No. 26], Information Security Plan | * [http://www.nebraska.edu/docs/president/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29.pdf University of Nebraska Executive Memorandum No. 26], Information Security Plan | ||
* [http://www.nebraska.edu/docs/president/27%20HIPAA%20Compliance.pdf University of Nebraska Executive Memorandum No. 27], HIPAA Compliance Plan | * [http://www.nebraska.edu/docs/president/27%20HIPAA%20Compliance.pdf University of Nebraska Executive Memorandum No. 27], HIPAA Compliance Plan | ||
* [http://www. | * [http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf Health Insurance Portability and Accountability Act of 1996] (HIPAA) [45 CFR §164.502(e)(1)] | ||
* [http://www. | * [http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf Gramm-Leach-Bliley Act](GLBA)[12 CFR §225.28] | ||
==Policy== | ==Policy== | ||
=== Written Agreements Required === | === Written Agreements Required === | ||
Line 61: | Line 61: | ||
<br /> | <br /> | ||
<br /> | <br /> | ||
The | The Business Associate Addendum describes the permitted uses of the PHI and the business associate’s responsibilities regarding it. If a business associate relationship exists with no written contract, a Business Associate Agreement must be signed. | ||
====Use of Protected Student Financial Information (PSFI) by an Outside Entity==== | ====Use of Protected Student Financial Information (PSFI) by an Outside Entity==== | ||
When a person or entity outside UNMC, The Nebraska Medical Center, UDA, and UNMC-P performs a function or activity on behalf of UNMC that involves protected student financial information (PSFI), a [ | When a person or entity outside UNMC, The Nebraska Medical Center, UDA, and UNMC-P performs a function or activity on behalf of UNMC that involves protected student financial information (PSFI), a [http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf Gramm-Leach-Bliley Act](GLBA) Addendum must be added to the contract for GLBA compliance. | ||
<br /> | <br /> | ||
<br /> | <br /> | ||
The GLBA addendum describes the permitted uses of the PSFI and the service provider’s responsibilities regarding it. If a service provider relationship exists with no written contract, a GLBA agreement must be signed. | The GLBA addendum describes the permitted uses of the PSFI and the service provider’s responsibilities regarding it. If a service provider relationship exists with no written contract, a GLBA agreement must be signed. | ||
====Use of UNMC Information Systems==== | ====Use of UNMC Information Systems==== | ||
When a person or entity outside UNMC, The Nebraska Medical Center, UDA and UNMC-P (“service provider”) requires electronic access to UNMC private network resources, and is not a business associate, the service provider shall sign a | When a person or entity outside UNMC, The Nebraska Medical Center, UDA and UNMC-P (“service provider”) requires electronic access to UNMC private network resources, and is not a business associate, the service provider shall sign a Business Partner Agreement or Addendum. | ||
<br /> | <br /> | ||
<br /> | <br /> | ||
Academic Affiliation agreements are required for all organizations accepting UNMC students and for all students who come to UNMC from other educational institutions for clinical experience. The academic affiliation template shall be used. Any modifications to the academic affiliation template must be approved by the Office of the Vice Chancellor for Academic Affairs. A fully executed original copy of the agreement is kept on file in the Office of the Vice Chancellor for Academic Affairs. | |||
== Definitions == | == Definitions == | ||
'''Business Associate''' is defined as a person or entity outside UNMC, The Nebraska Medical Center, University Dental Associates (UDA), and UNMC Physicians (UNMC-P) (the affiliated covered entity) that performs a function or activity on behalf of UNMC that involves the use or disclosure of protected health information (PHI). Health care providers providing treatment are exempt from the business associate requirements. | '''Business Associate''' is defined as a person or entity outside UNMC, The Nebraska Medical Center, University Dental Associates (UDA), and UNMC Physicians (UNMC-P) (the affiliated covered entity) that performs a function or activity on behalf of UNMC that involves the use or disclosure of protected health information (PHI). Health care providers providing treatment are exempt from the business associate requirements. | ||
Line 85: | Line 85: | ||
'''Protected Student Financial Information (PSFI)''' is information that UNMC has obtained from a student in the process of offering a financial product or service, or such information provided to UNMC by another financial institution. Offering a financial product or service includes offering student loans to students, receiving tax information from a student’s parent when offering a financial aid package and other financial services. Examples of student financial information include addresses, phone numbers, bank and credit account numbers, income and credit histories, and social security numbers in both paper and electronic format. | '''Protected Student Financial Information (PSFI)''' is information that UNMC has obtained from a student in the process of offering a financial product or service, or such information provided to UNMC by another financial institution. Offering a financial product or service includes offering student loans to students, receiving tax information from a student’s parent when offering a financial aid package and other financial services. Examples of student financial information include addresses, phone numbers, bank and credit account numbers, income and credit histories, and social security numbers in both paper and electronic format. | ||
==Additional Information== | ==Additional Information== | ||
*For additional information, please contact the [mailto:swrobel@unmc.edu Compliance Officer] or the [mailto:kswartsl@unmc.edu Director, Business Services] | *For additional information, please contact the [mailto:swrobel@unmc.edu Compliance Officer] or the [mailto:kswartsl@unmc.edu Director, Business Services] | ||
*[http://wiki.unmc.edu/images/f/f4/ContractSignature.pdf Contract Signature Authority Table] | *See [[Business Associate Agreements and Addendums Procedures]]. | ||
*[http:// | *[http://www.nebraska.edu/board/bylaws2006.pdf Section 6.4 of the Bylaws of the Board of Regents] (BOR) of the University of Nebraska Board of Regents Policy on Administrative Approval of University Contracts ([http://www.nebraska.edu/docs/board/RegentPolicies.pdf RP – 6.3.1]) | ||
*[http:// | *University of Nebraska [http://www.nebraska.edu/docs/president/13%20Delegation%20to%20Approve%20Academic-Admin%20Personnel%20Actions.pdf Executive Memorandum 13], Delegation of Administrative Authority to Approve Academic-Administrative Personnel Actions | ||
*[http://www.nebraska.edu/docs/president/14%20Authority%20to%20Approve%20Contracts.pdf University of Nebraska Executive Memorandum 14], Delegation of Administrative Authority to Approve Certain Types of University Contracts, and Requirements for Submittal and Execution of Contracts Requiring Approval by the Board of Regents | |||
*[http://www.nebraska.edu/docs/president/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29.pdf University of Nebraska Executive Memorandum No. 26], Information Security Plan | |||
*[http://www.nebraska.edu/docs/president/27%20HIPAA%20Compliance.pdf University of Nebraska Executive Memorandum No. 27], HIPAA Compliance Plan | |||
*[http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf Health Insurance Portability and Accountability Act of 1996] (HIPAA) [45 CFR §164.502(e)(1)] | |||
*[http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf Gramm-Leach-Bliley Act](GLBA) 12 CFR §225.28] | |||
*[http://wiki.unmc.edu/images/f/f4/ContractSignature.pdf Contract Signature Authority Table] | |||
*[http://www.irs.ustreas.gov/pub/irs-pdf/p1779.pdf IRS Publications 1779] and [http://www.irs.gov/pub/irs-pdf/p15a.pdf 15-A]. | |||
*[http://webmedia.unmc.edu/policy/8009IndepContTempl.doc Independent Contractor Agreement Template] | |||
*UNMC Sapphire for Business Partner and Business Associate Agreements and Addendums | |||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. |