Retention and Destruction/Disposal of Private and Confidential Information: Difference between revisions
No edit summary |
→Additional Information: updated HIPAA Security Rule link 2x |
||
| (One intermediate revision by one other user not shown) | |||
| Line 35: | Line 35: | ||
<big>'''Retention and Destruction/Disposal of Private and Confidential Information Policy'''</big> | <big>'''Retention and Destruction/Disposal of Private and Confidential Information Policy'''</big> | ||
== Basis for Policy == | == Basis for Policy == | ||
Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/ | Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule] outline considerations for the access control family of security controls. | ||
==Policy== | ==Policy== | ||
#It is the policy of the UNMC/Nebraska Medicine and its affiliated entities to ensure the privacy and security of confidential information in the maintenance, retention and eventual destruction/disposal of such media. All destruction/disposal of confidential information media will be done in accordance with federal and state law and pursuant to the [http://www.sos.ne.gov/records-management/schedule_170.html UNMC Record Retention Schedule]. Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner. | #It is the policy of the UNMC/Nebraska Medicine and its affiliated entities to ensure the privacy and security of confidential information in the maintenance, retention and eventual destruction/disposal of such media. All destruction/disposal of confidential information media will be done in accordance with federal and state law and pursuant to the [http://www.sos.ne.gov/records-management/schedule_170.html UNMC Record Retention Schedule]. Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner. | ||
| Line 106: | Line 106: | ||
==Definitions== | ==Definitions== | ||
===Affiliated Covered Entity (ACE)=== | ===Affiliated Covered Entity (ACE)=== | ||
Legally separate covered entities that | Legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center and Nebraska Pediatric Practice, Inc. d/b/a Children’s Specialty Physicians. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members. | ||
===Business Associate=== | ===Business Associate=== | ||
A third party who performs services on behalf of Nebraska Medicine/UNMC that involve the creation, receipt, maintenance or transmission of PHI. Some examples of such services include claims processing, data analysis, data processing, practice management, utilization review, quality assurance, patient safety activities, billing, benefit management and repricing. | A third party who performs services on behalf of Nebraska Medicine/UNMC that involve the creation, receipt, maintenance or transmission of PHI in any form, even if PHI is not accessed. Some examples of such services include storage, including cloud storage, claims processing, data analysis, data processing, practice management, utilization review, quality assurance, patient safety activities, billing, benefit management and repricing. | ||
===Confidential Information=== | ===Confidential Information=== | ||
Protected Health Information and proprietary information, including contracts, business plans and practices, financial information, employee records and meeting minutes. | Protected Health Information and proprietary information, including contracts, business plans and practices, financial information, employee records and meeting minutes. | ||
| Line 138: | Line 138: | ||
*Contract Management Policy '''(policy number needed)''' | *Contract Management Policy '''(policy number needed)''' | ||
*[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] | *[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] | ||
*[https://www.cdc.gov/phlp/ | *[https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule] | ||
*[https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final NIST Special Publication 800-88 Rev. 1, Guidelines for Media Sanitization] | *[https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final NIST Special Publication 800-88 Rev. 1, Guidelines for Media Sanitization] | ||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. | ||