Use and Disclosure of Protected Health Information: Difference between revisions
Mhurlocker (talk | contribs) mNo edit summary |
Mhurlocker (talk | contribs) |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 30: | Line 30: | ||
Policy No.: '''6057'''<br /> | Policy No.: '''6057'''<br /> | ||
Effective Date: '''03/17/03'''<br /> | Effective Date: '''03/17/03'''<br /> | ||
Revised Date: ''' | Revised Date: '''03/28/24'''<br /> | ||
Reviewed Date: ''' '''<br /> | Reviewed Date: ''' 04/22/24'''<br /> | ||
<big>'''Use and Disclosure of Protected Health Information Policy'''</big> | <big>'''Use and Disclosure of Protected Health Information Policy'''</big> | ||
== Basis for Policy == | == Basis for Policy == | ||
Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/ | Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule] outline considerations for the access control family of security controls. | ||
== Policy == | == Policy == | ||
Nebraska Medicine/UNMC shall limit the use and disclosure of Protected Health Information (PHI) to the right people, for the right purposes, with the right authority, and always subject to reasonable safeguards -- all as defined by the [https://www.cdc.gov/phlp/ | Nebraska Medicine/UNMC shall limit the use and disclosure of Protected Health Information (PHI) to the right people, for the right purposes, with the right authority, and always subject to reasonable safeguards -- all as defined by the [https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html Health Insurance Portability and Accountability Act of 1996 (HIPAA)] and Nebraska Medicine/UNMC policies. | ||
==Purpose== | ==Purpose== | ||
To establish guidelines for the use and disclosure of PHI. | To establish guidelines for the use and disclosure of PHI. | ||
| Line 160: | Line 162: | ||
##Documentation of the death of such Individuals; and | ##Documentation of the death of such Individuals; and | ||
##A representation that the requested PHI is necessary for the research purposes. | ##A representation that the requested PHI is necessary for the research purposes. | ||
#Review of PHI Preparatory to Research. Nebraska Medicine/UNMC staff and students who wish to review PHI to prepare a research proposal must submit a [https://unmcredcap.unmc.edu/redcap/surveys/?s=NMPNWMEA7W Electronic Health Data Request] Form to the [https://www.unmc.edu/ | #Review of PHI Preparatory to Research. Nebraska Medicine/UNMC staff and students who wish to review PHI to prepare a research proposal must submit a [https://unmcredcap.unmc.edu/redcap/surveys/?s=NMPNWMEA7W Electronic Health Data Request] Form to the [https://www.unmc.edu/research-resources/resources/cores/readi-core/index.html Electronic Health Record Data Access Core] to obtain access to such PHI. | ||
#Access to PHI for reviews preparatory to research requires that the researcher provide the following representations in advance of such disclosure and use: | #Access to PHI for reviews preparatory to research requires that the researcher provide the following representations in advance of such disclosure and use: | ||
##that the use or disclosure is sought solely to review PHI as necessary to prepare a research protocol or for similar purposes preparatory to research; | ##that the use or disclosure is sought solely to review PHI as necessary to prepare a research protocol or for similar purposes preparatory to research; | ||
| Line 331: | Line 333: | ||
*[https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/hipaa-compliance-policy.pdf University of Nebraska Executive Memorandum No. 27] | *[https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/hipaa-compliance-policy.pdf University of Nebraska Executive Memorandum No. 27] | ||
*[http://nehii.org/index.php?option=com_docman&Itemid=59 NeHII Privacy and Information Security Policies and Procedures] | *[http://nehii.org/index.php?option=com_docman&Itemid=59 NeHII Privacy and Information Security Policies and Procedures] | ||
*[https://www.cdc.gov/phlp/ | *[https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html Health Insurance Portability and Accountability Act of 1996 (HIPAA)] | ||
*[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] | *[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] | ||
*[https://www.cdc.gov/phlp/ | *[https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule] | ||
This page is maintained by [mailto:mhurlocker@unmc.edu mh]. | This page is maintained by [mailto:mhurlocker@unmc.edu mh]. | ||