Policy No.: '''6045'''<br />
Effective Date: '''11/21/03'''<br />
Revised Date: '''
DRAFT'''<br />Reviewed Date: ''' DRAFT'''<br />
<big>'''Privacy, Confidentiality and
Information Security Policy'''</big><br /><br />
== Basis for Policy ==
To maintain the privacy, confidentiality and security of patient and proprietary information and comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). UNMC workforce and business associates have access to individually identifiable health information (protected health information) and proprietary information. For purposes of this policy, confidential information means protected health information and proprietary information.
It is the policy of UNMC to maintain strict confidentiality and security of protected health information and proprietary information.
== Definitions (as defined by HIPAA 45 CFR 164.501) ==
*'''Affiliated Covered Entity (ACE)''' means University of Nebraska Medical Center, The Nebraska Medical Center, UNMC Physicians, University Dental Associates, Bellevue Medical Center and The Nebraska Pediatric Practice Plan as one covered entity for the purpose of sharing PHI under HIPAA.
*'''Business Associate''' means a third party who performs services on behalf of UNMC and has access to protected health information (PHI) when performing services; or provides one of the following services for UNMC involving access to PHI: claims processing, data analysis, data processing, practice management, utilization review, quality assurance, billing, benefit management, and repricing.
*'''Designated Record Set''' is the medical record and billing record.
*'''Individual''' means the person who is the subject of the protected health information (including
UNMC employees who are patients).
*'''Information Security''' is the ability to control access and protect information from unauthorized alteration, destruction, loss or accidental or intentional disclosure to unauthorized persons.
*'''Protected Health Information (PHI)''' is individually identifiable health information. Health information means any information, whether oral or recorded in any medium that:
:*is created or received by
:*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
*'''Proprietary Information''' is information relating to business practices, including but not limited to financial statements, contracts, and business plans; employee records; and meeting minutes.
*'''Workforce''' means employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC is under the direct control of UNMC, whether or not they are paid by UNMC.
*'''Employee Records''' refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
*'''Student Education Records''' means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by the Affiliated Covered Entity. Student education records are covered by the Family Educational Rights and Privacy Act (FERPA).
* Contact the Privacy or [mailto:email@example.com Information Security] Officers * [https://www.unmc.edu/spa/ Privacy, Confidentiality and Information Security Procedures]* [https://wiki.unmc.edu/index.php/Job_Shadowing_Procedure Job Shadowing Procedures]* [https://info.unmc.edu/its-security/policies/plan.html Information Security Plan]* [http://www.unmc.edu/hipaa/_documents/telehealth-final.pdf Telehealth Procedures]* [http://www.unmc.edu/media/compliance/privacy_incident_response_and_breach_notification_procedures.pdf Privacy Incident Response and Breach Notification Procedures]* [https://nebraska.edu/site-information.html?redirect=true Copyright and Disclaimer]* [https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information Procedures]* [http://wiki.unmc.edu/index.php?title=Informed_Consent_for_UNMC_Media_Production_and_Distribution_Procedures Procedures for Obtaining Informed Consent for UNMC Audio-Visual Media Production and Distribution]* [http://www.unmc.edu/hr/Proc/Procedures1097.pdf Human Resources Performance Management Procedures]* [http://info.unmc.edu/wiki/index.php/Faculty_Handbook UNMC Faculty Handbook: Operating Procedures]* [http://www.unmc.edu/studentservices/_documents/handbook.pdf UNMC Student Handbook: Academic Policies]* [http://www.unmc.edu/hipaa Health Insurance Portability and Accountability Act of 1996] (HIPAA)* [http://www.ftc.gov/privacy/privacyinitiatives/glbact.html Gramm-Leach-Bliley Act] (GLBA)* [http://www.ed.gov/offices/OM/fpco/ferpa/index.html Family Educational Rights and Privacy Act] (FERPA)* Nebraska Free Flow of Information Act (§ 20-144, 20-145, 20-146, 20-1470)* Nebraska Rev. Statutes § 84-712, 84-712.01, 84-712.02, 84-712.03, 84-712.04, 84-712.05, 84-712.06, 84-712.07, 84-712.08, 84-712.09* [http://www.nebraska.edu/bylaws-and-policies.html Board of Regents Bylaws and Policies]* [http://www.nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Executive Memorandum No. 16, Responsible Use of Information Resources, Technology and Networks]* [https://nebraska.edu/docs/president/22%20Public%20Record%20Requests.pdf Executive Memorandum No. 22, Public Record Requests]* [https://nebraska.edu/docs/president/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29.pdf Executive Memorandum No. 26, Information Security Plan]* [https://nebraska.edu/docs/president/27%20HIPAA%20Compliance.pdf Executive Memorandum No. 27, HIPAA Compliance Policy]* [http://wiki.unmc.edu/index.php?title=Compliance_Program UNMC Policy No. 8000, Compliance Program]* [http://wiki.unmc.edu/index.php?title=Privacy/Information_Security UNMC Privacy and Information Security Policies]* [http://wiki.unmc.edu/index.php?title=Reproducing_Copyrighted_Materials UNMC Policy No. 6036, Reproduction of Copyrighted Materials Policy]* [http://wiki.unmc.edu/index.php?title=Student_Training_Agreement UNMC Policy No. 6052, Contract or Agreement for Student Training Policy]* [http://wiki.unmc.edu/index.php?title=Human_Resources_-_Procedures UNMC Human Resources Procedures]* [http://www.unmc.edu/com/about/gme/gme-housestaff.pdf University of Nebraska Residency Program Policies and Procedures]* [https://www.unmc.edu/vcr/about/research-handbook-web.pdf Research Handbook]* [http://www.unmc.edu/irb/ Institutional Review Board Guidelines]* [https://info.unmc.edu/its-security/policies/procedures/index.html Information Technology Services Procedures]
This page maintained by [mailto:firstname.lastname@example.org dkp].