Facility Security: Difference between revisions
(add Faculty tab) |
Mhurlocker (talk | contribs) mNo edit summary |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 26: | Line 26: | ||
</table> | </table> | ||
<br /> | <br /> | ||
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Information Security Awareness and Training]] | [[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Information Security Awareness and Training]] | [[Patient Privacy Investigations and Levels of Violation]]<br /> | ||
<br /><br /> | <br /> | ||
Policy No.: '''6067'''<br /> | Policy No.: '''6067'''<br /> | ||
Effective Date: '''03/17/03'''<br /> | Effective Date: '''03/17/03'''<br /> | ||
Revised Date: '''07/14/17 '''<br /> | Revised Date: '''07/14/17 '''<br /> | ||
Reviewed Date:''' | Reviewed Date:'''11/12/20 '''<br /><br /> | ||
<big>'''Facility Security Policy'''</big> | <big>'''Facility Security Policy'''</big> | ||
==Basis for Policy == | ==Basis for Policy == | ||
It is the policy of the University of Nebraska Medical Center (UNMC) to comply with authoritative guidelines, to ensure a safe and secure workplace for faculty, students, staff, patients and visitors, and to protect the University. Further, it is the policy of UNMC to protect confidentiality and privacy through appropriate use of information gathered in the course of employment or other affiliation with UNMC or entrusted to UNMC for academic, research, patient care, or administrative purposes. | It is the policy of the University of Nebraska Medical Center (UNMC) to comply with authoritative guidelines, to ensure a safe and secure workplace for faculty, students, staff, patients and visitors, and to protect the University. Further, it is the policy of UNMC to protect confidentiality and privacy through appropriate use of information gathered in the course of employment or other affiliation with UNMC or entrusted to UNMC for academic, research, patient care, or administrative purposes. | ||
== Policy == | == Policy == | ||
All exterior doors to buildings and interior doors to clinics and offices housing protected health information (PHI) or confidential proprietary information will be locked after normal business hours, including weekends and holidays. | All exterior doors to buildings and interior doors to clinics and offices housing protected health information (PHI) or confidential proprietary information will be locked after normal business hours, including weekends and holidays. <br /> | ||
Exterior and interior doors are secured by means of mechanical and/or electronic locking mechanisms. | Exterior and interior doors are secured by means of mechanical and/or electronic locking mechanisms. | ||
Line 42: | Line 42: | ||
*Knowing who should legitimately be in their work area | *Knowing who should legitimately be in their work area | ||
*Observing and reporting immediately any suspicious activities and/or individuals acting in a suspicious manner: | *Observing and reporting immediately any suspicious activities and/or individuals acting in a suspicious manner: | ||
:*Contact Campus Security, | :*Contact Campus Security, 402-559-5111 for occurrences on main campus | ||
:*Contact 911 for occurrences off main campus | :*Contact 911 for occurrences off main campus | ||
*Securing offices and other areas containing PHI or confidential proprietary information when not in use | *Securing offices and other areas containing PHI or confidential proprietary information when not in use | ||
===Securing Campus Buildings After Normal Business Hours=== | ===Securing Campus Buildings After Normal Business Hours=== | ||
*Campus buildings which include, but are not limited to Clarkson Tower, University Tower and Durham Outpatient Center which house confidential information are protected by a variety of physical security measures to prevent unauthorized individuals from gaining access. | *Campus buildings which include, but are not limited to Clarkson Tower, University Tower and Durham Outpatient Center which house confidential information are protected by a variety of physical security measures to prevent unauthorized individuals from gaining access. | ||
*Campus Security will control facility access, including locking, unlocking | *Campus Security will control facility access, including locking, unlocking and restricting access during designated hours. | ||
*Campus Security will conduct routine patrols of all buildings (both interior and exterior) after normal business hours. | *Campus Security will conduct routine patrols of all buildings (both interior and exterior) after normal business hours. | ||
*Campus Security will check any individual found in a secured area after hours for proper authorization. | *Campus Security will check any individual found in a secured area after hours for proper authorization. | ||
Line 56: | Line 56: | ||
*Managers of locations off the main campus are responsible for: | *Managers of locations off the main campus are responsible for: | ||
:*Evaluating and performing a risk assessment for their Clinic/Healthcare Center | :*Evaluating and performing a risk assessment for their Clinic/Healthcare Center | ||
:*Working with Facilities Management and Planning and Campus Security to develop appropriate | :*Working with Facilities Management and Planning and Campus Security to develop appropriate policies and procedures for securing their work areas | ||
:*Training and instructing staff members on how to properly secure patient related information | :*Training and instructing staff members on how to properly secure patient-related information | ||
:*Securing buildings after hours | :*Securing buildings after hours | ||
:*Securing Department Areas During Cleaning | :*Securing Department Areas During Cleaning | ||
::*Department management, in conjunction with Environmental Services (EVS) management, is responsible for performing a risk assessment of the physical security of the area when cleaning of the area takes place | ::*Department management, in conjunction with Environmental Services (EVS) management, is responsible for performing a risk assessment of the physical security of the area when cleaning of the area takes place | ||
::*It is department management responsibility to know the cleaning schedule and to inform EVS of any changes which might impact the physical security of the area during the cleaning hours. | ::*It is department management's responsibility to know the cleaning schedule and to inform EVS of any changes which might impact the physical security of the area during the cleaning hours. | ||
::*If after normal business hours, EVS will ensure that the main door to the area remains locked where possible. If it is not possible to lock off the area, EVS and department management will evaluate options to mitigate the risk. | ::*If after normal business hours, EVS will ensure that the main door to the area remains locked where possible. If it is not possible to lock off the area, EVS and department management will evaluate options to mitigate the risk. | ||
==Definitions == | ==Definitions == | ||
'''Privacy''' is defined as the right of individuals to keep information about themselves from being disclosed. <br/> | '''Privacy''' is defined as the right of individuals to keep information about themselves from being disclosed. <br/> | ||
'''Proprietary information''' refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records as defined in UNMC Policy No. 6045, [ | '''Proprietary information''' refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records as defined in UNMC Policy No. 6045, [https://wiki.unmc.edu/index.php/Privacy/Confidentiality Privacy/Confidentiality Privacy, Confidentiality and Security of Patient and Proprietary Information]. <br/> | ||
'''Protected Health Information (PHI)''' | '''Protected Health Information (PHI)''' | ||
*is created or received by UNMC; and | |||
*relates to the past, present | Individually identifiable health information including demographic information, collected from an Individual, whether oral or recorded in any medium, that: | ||
'''Workforce''' refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC. | * is created or received by UNMC/ACE; and | ||
* relates to the past, present or future physical or mental health or condition of an Individual; the provision of health care to an Individual; or the past, present or future payment for the provision of health care to an Individual and identifies the Individual or with respect to which there is a reasonable basis to believe the information can be used to identify the Individual. | |||
PHI includes genetic information, which includes information about: | |||
* an Individual’s genetic tests; | |||
* the genetic tests of an Individual’s family members; or | |||
* the manifestation of a disease or disorder in such Individual’s family members (i.e., family medical history). | |||
PHI excludes: | |||
* individually identifiable health information of a person who has been deceased for more than fifty (50) years. | |||
* education records covered by the Family Educational Rights and Privacy Act (FERPA); and | |||
* employment records held by UNMC in its role as employer.<br /> '''Workforce''' refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC. | |||
==Additional Information== | ==Additional Information== | ||
*See [ | *See [https://info.unmc.edu/safety/campus-security/ Campus Security] or contact [mailto:charlotte.evans@unmc.edu Charlotte Evans], Chief of Police, Assistant Vice Chancellor, UNO Department of Public Safety and [mailto:unmcsecoffice@unmc.edu UNMC Security] | ||
*Contact the [mailto:photoid@unmc.edu Photo ID Office] or [mailto:steven.williamson@unmc.edu Steven Williamson], | *Contact the [mailto:photoid@unmc.edu Photo ID Office] or [mailto:steven.williamson@unmc.edu Steven Williamson], Director, Identification Card and Access Control | ||
*[ | *[https://info.unmc.edu/safety/id-badge/ Photo ID Website] | ||
*UNMC Policy No. 6008, [[Identification Card]] | *UNMC Policy No. 6008, [[Identification Card]] | ||
*UNMC Policy No. 6009, [[Secure Area Card Access]] | *UNMC Policy No. 6009, [[Secure Area Card Access]] | ||
*UNMC Policy No. 6045, [ | *UNMC Policy No. 6045, [https://wiki.unmc.edu/index.php/Privacy/Confidentiality Privacy/Confidentiality Privacy, Confidentiality and Security of Patient and Proprietary Information] | ||
*[https://info.unmc.edu/safety/campus-security/campus-security-department/security-policies.html UNMC Security Policies and Procedures] | *[https://info.unmc.edu/safety/campus-security/campus-security-department/security-policies.html UNMC Security Policies and Procedures] | ||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. |
Latest revision as of 13:33, August 15, 2023
Human Resources | Safety/Security | Research Compliance | Compliance | Privacy/Information Security | Business Operations | Intellectual Property | Faculty |
Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training | Patient Privacy Investigations and Levels of Violation
Policy No.: 6067
Effective Date: 03/17/03
Revised Date: 07/14/17
Reviewed Date:11/12/20
Facility Security Policy
Basis for Policy
It is the policy of the University of Nebraska Medical Center (UNMC) to comply with authoritative guidelines, to ensure a safe and secure workplace for faculty, students, staff, patients and visitors, and to protect the University. Further, it is the policy of UNMC to protect confidentiality and privacy through appropriate use of information gathered in the course of employment or other affiliation with UNMC or entrusted to UNMC for academic, research, patient care, or administrative purposes.
Policy
All exterior doors to buildings and interior doors to clinics and offices housing protected health information (PHI) or confidential proprietary information will be locked after normal business hours, including weekends and holidays.
Exterior and interior doors are secured by means of mechanical and/or electronic locking mechanisms.
Department Personnel Responsibilities
- Knowing who should legitimately be in their work area
- Observing and reporting immediately any suspicious activities and/or individuals acting in a suspicious manner:
- Contact Campus Security, 402-559-5111 for occurrences on main campus
- Contact 911 for occurrences off main campus
- Securing offices and other areas containing PHI or confidential proprietary information when not in use
Securing Campus Buildings After Normal Business Hours
- Campus buildings which include, but are not limited to Clarkson Tower, University Tower and Durham Outpatient Center which house confidential information are protected by a variety of physical security measures to prevent unauthorized individuals from gaining access.
- Campus Security will control facility access, including locking, unlocking and restricting access during designated hours.
- Campus Security will conduct routine patrols of all buildings (both interior and exterior) after normal business hours.
- Campus Security will check any individual found in a secured area after hours for proper authorization.
After Hours Access to Campus Buildings/Departments
- Workforce authorized to access specific buildings and/or departments within a building may have a key issued to them in accordance with Key Control Procedures.
- If card access is available to a building or department, workforce authorized access to the building/department may be granted access via card access in accordance with UNMC Policy No. 6009, Secure Area Card Access Control.
Securing Clinics and Health Care Centers Located Off Main Campus
- Managers of locations off the main campus are responsible for:
- Evaluating and performing a risk assessment for their Clinic/Healthcare Center
- Working with Facilities Management and Planning and Campus Security to develop appropriate policies and procedures for securing their work areas
- Training and instructing staff members on how to properly secure patient-related information
- Securing buildings after hours
- Securing Department Areas During Cleaning
- Department management, in conjunction with Environmental Services (EVS) management, is responsible for performing a risk assessment of the physical security of the area when cleaning of the area takes place
- It is department management's responsibility to know the cleaning schedule and to inform EVS of any changes which might impact the physical security of the area during the cleaning hours.
- If after normal business hours, EVS will ensure that the main door to the area remains locked where possible. If it is not possible to lock off the area, EVS and department management will evaluate options to mitigate the risk.
Definitions
Privacy is defined as the right of individuals to keep information about themselves from being disclosed.
Proprietary information refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records as defined in UNMC Policy No. 6045, Privacy/Confidentiality Privacy, Confidentiality and Security of Patient and Proprietary Information.
Protected Health Information (PHI)
Individually identifiable health information including demographic information, collected from an Individual, whether oral or recorded in any medium, that:
- is created or received by UNMC/ACE; and
- relates to the past, present or future physical or mental health or condition of an Individual; the provision of health care to an Individual; or the past, present or future payment for the provision of health care to an Individual and identifies the Individual or with respect to which there is a reasonable basis to believe the information can be used to identify the Individual.
PHI includes genetic information, which includes information about:
- an Individual’s genetic tests;
- the genetic tests of an Individual’s family members; or
- the manifestation of a disease or disorder in such Individual’s family members (i.e., family medical history).
PHI excludes:
- individually identifiable health information of a person who has been deceased for more than fifty (50) years.
- education records covered by the Family Educational Rights and Privacy Act (FERPA); and
- employment records held by UNMC in its role as employer.
Workforce refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.
Additional Information
- See Campus Security or contact Charlotte Evans, Chief of Police, Assistant Vice Chancellor, UNO Department of Public Safety and UNMC Security
- Contact the Photo ID Office or Steven Williamson, Director, Identification Card and Access Control
- Photo ID Website
- UNMC Policy No. 6008, Identification Card
- UNMC Policy No. 6009, Secure Area Card Access
- UNMC Policy No. 6045, Privacy/Confidentiality Privacy, Confidentiality and Security of Patient and Proprietary Information
- UNMC Security Policies and Procedures
This page maintained by dkp.