Use and Disclosure of Protected Health Information: Difference between revisions
No edit summary |
No edit summary |
||
Line 27: | Line 27: | ||
POLICY NO: '''6057'''<br /> | POLICY NO: '''6057'''<br /> | ||
EFFECTIVE DATE: '''03/17/03'''<br /> | EFFECTIVE DATE: '''03/17/03'''<br /> | ||
REVISED DATES: '''02/04/2010''', '''05/29/2013'''<br /> | |||
LAST REVIEWED DATE: '''05/29/2013'''<br /> | |||
== Basis for Policy == | |||
To establish guidelines for the use and disclousre of protected health information (PHI) in accordance with HIPAA. (45 CFR 164.502)<br /> | |||
<br /> | |||
== | == Policy == | ||
The University of Nebraska Medical Center (UNMC) shall use and disclose protected health information (PHI) in accordance with HEalth Insurance Portability and Accountability Act of 1996 (HIPAA) requirements and Executive Memorandum No. 27.<br /> | |||
<br /> | |||
== Definitions == | |||
<br /> | <br /> | ||
'''Treatment''' means the provision, coordination of management of healthcare and related services by one or more healthcare providers, including the coordination or management of healthcare by a healthcare provider with a third party; consultation between healthcare providers relating to a patient; or the referral of a patient for healthcare from one healthcare provider to another. | |||
'''Payment''' means activities undertaken by a healthcare provider or health plan to obtain reimbursement for the provision of healthcare. Activities include determinations of insurance coverage, premiums, provision of benefits under a health plan, adjudication of health benefit claims, billing, collection activities, claims management, medical data processing, medical necessity determinations, utilization review activities including pre-certification and pre-authorization, disclosure to consumer reporting agencies related to collection of premiums or reimbursement, and healthcare data processing related to the above listed activities | |||
'''Healthcare operations''' means the following activities related to UNMC’s function as an affiliated healthcare provider and sponsor of a self-insured health plan: | |||
:#Quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any studies resulting from such activities; otherwise these activities may be classified as research if PHI is included | |||
:#Population-based activities relating to improving health or reducing health care costs | |||
:#Protocol development | |||
:#Contacting of health care providers and patients with information about treatment alternatives | |||
:#Case management and care coordination | |||
:#Risk assessment | |||
:#Reviewing the competence or qualifications and accrediting/licensing of healthcare providers and plans | |||
:#Training future healthcare professionals (students and residents) | |||
:#Conducting or arranging for legal services | |||
:#Business planning and development | |||
:#Business management activities | |||
:#General administrative and business functions | |||
:#Conducting or arranging for medical review and auditing services | |||
:#Insurance activities relating to the renewal of a contract of insurance | |||
:#Evaluating healthcare provider and plan performance | |||
:#Resolution of internal grievances | |||
:#Fundraising | |||
'''Protected Health Information (PHI)''' is individually identifiable health information. Individually identifiable health information is a subset of health information including demographic information, collected from an individual, whether oral or recorded in any medium that | |||
: | :#Is created or received by ACE; and | ||
: | :#Relates to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual. | ||
Protected Health Information includes genetic information containing individual identifiers which are defined as: | |||
:#Information about an individual's gentic tests; or | |||
:#The genetic tests of family members of the individual; or | |||
:#The manifestation of a disease or disorder in family members of such individual (i.e., family medical history) | |||
Protected health information excludes individually identifiable health information of a person who has been deceased for more than fifty (50) years. | |||
Protected health information excludes education records covered by the Family Educational Rights and Privacy Act (FERPA), and employment records held by UNMC in its role as employer. | |||
''' | '''Affiliated Covered Entity (ACE)''' means University of Nebraska Medical Center, The Nebraska Medical Center, UNMC Physicians, University Dental Associates, Bellevue Medical Center and The Nebraska Pediatric Practice Plan as one covered entity for the purpose of sharing PHI under HIPAA. | ||
'''Individual''' means the person who is the subject of the protected health information. Personal representatives of the individual have the same rights as the individuals under HIPAA. Personal representatives include the legal guardian and anyone else authorized by law to act on behalf of the individual. | |||
'''Marketing''' means to make a communication about a product or service that encourages recipients of the communication to purchase or use the product or service. See Use and Disclosure of PHI for Marketing | |||
''' | '''Research''' means a systematic investigation, including research development, testing and evaluation, designed to develop or contribute to generalized knowledge. Generalized knowledge is knowledge that can be applied to populations outside the population service by the ACE. See Use and Disclosure of PHI for Research | ||
'''Sale of Protected Health Information''' means disclosure of protected health information by a covered entity or business associate, if applicable, where the covered entity or business associate directly or indirectly receives remuneration from or on behalf of the recipient of the protected health information in exchange for the protected health information. See Sale of Protected Health Information | |||
== Procedures == | |||
<br /> | |||
This page updated on Monday, February 16, 2004, by dkp. | This page updated on Monday, February 16, 2004, by dkp. |
Revision as of 07:49, June 24, 2013
Human Resources | Safety/Security | Research Compliance | Compliance | Privacy/Information Security | Business Operations | Intellectual Property |
Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Confidential Information | Protected Health Information (PHI) | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information
POLICY NO: 6057
EFFECTIVE DATE: 03/17/03
REVISED DATES: 02/04/2010, 05/29/2013
LAST REVIEWED DATE: 05/29/2013
Basis for Policy
To establish guidelines for the use and disclousre of protected health information (PHI) in accordance with HIPAA. (45 CFR 164.502)
Policy
The University of Nebraska Medical Center (UNMC) shall use and disclose protected health information (PHI) in accordance with HEalth Insurance Portability and Accountability Act of 1996 (HIPAA) requirements and Executive Memorandum No. 27.
Definitions
Treatment means the provision, coordination of management of healthcare and related services by one or more healthcare providers, including the coordination or management of healthcare by a healthcare provider with a third party; consultation between healthcare providers relating to a patient; or the referral of a patient for healthcare from one healthcare provider to another.
Payment means activities undertaken by a healthcare provider or health plan to obtain reimbursement for the provision of healthcare. Activities include determinations of insurance coverage, premiums, provision of benefits under a health plan, adjudication of health benefit claims, billing, collection activities, claims management, medical data processing, medical necessity determinations, utilization review activities including pre-certification and pre-authorization, disclosure to consumer reporting agencies related to collection of premiums or reimbursement, and healthcare data processing related to the above listed activities
Healthcare operations means the following activities related to UNMC’s function as an affiliated healthcare provider and sponsor of a self-insured health plan:
- Quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any studies resulting from such activities; otherwise these activities may be classified as research if PHI is included
- Population-based activities relating to improving health or reducing health care costs
- Protocol development
- Contacting of health care providers and patients with information about treatment alternatives
- Case management and care coordination
- Risk assessment
- Reviewing the competence or qualifications and accrediting/licensing of healthcare providers and plans
- Training future healthcare professionals (students and residents)
- Conducting or arranging for legal services
- Business planning and development
- Business management activities
- General administrative and business functions
- Conducting or arranging for medical review and auditing services
- Insurance activities relating to the renewal of a contract of insurance
- Evaluating healthcare provider and plan performance
- Resolution of internal grievances
- Fundraising
Protected Health Information (PHI) is individually identifiable health information. Individually identifiable health information is a subset of health information including demographic information, collected from an individual, whether oral or recorded in any medium that
- Is created or received by ACE; and
- Relates to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual.
Protected Health Information includes genetic information containing individual identifiers which are defined as:
- Information about an individual's gentic tests; or
- The genetic tests of family members of the individual; or
- The manifestation of a disease or disorder in family members of such individual (i.e., family medical history)
Protected health information excludes individually identifiable health information of a person who has been deceased for more than fifty (50) years.
Protected health information excludes education records covered by the Family Educational Rights and Privacy Act (FERPA), and employment records held by UNMC in its role as employer.
Affiliated Covered Entity (ACE) means University of Nebraska Medical Center, The Nebraska Medical Center, UNMC Physicians, University Dental Associates, Bellevue Medical Center and The Nebraska Pediatric Practice Plan as one covered entity for the purpose of sharing PHI under HIPAA.
Individual means the person who is the subject of the protected health information. Personal representatives of the individual have the same rights as the individuals under HIPAA. Personal representatives include the legal guardian and anyone else authorized by law to act on behalf of the individual.
Marketing means to make a communication about a product or service that encourages recipients of the communication to purchase or use the product or service. See Use and Disclosure of PHI for Marketing
Research means a systematic investigation, including research development, testing and evaluation, designed to develop or contribute to generalized knowledge. Generalized knowledge is knowledge that can be applied to populations outside the population service by the ACE. See Use and Disclosure of PHI for Research
Sale of Protected Health Information means disclosure of protected health information by a covered entity or business associate, if applicable, where the covered entity or business associate directly or indirectly receives remuneration from or on behalf of the recipient of the protected health information in exchange for the protected health information. See Sale of Protected Health Information
Procedures
This page updated on Monday, February 16, 2004, by dkp.