Third Party Registry: Difference between revisions - University of Nebraska Medical Center

(3 intermediate revisions by 2 users not shown)

Line 35:

<big>'''Third Party Registry Selection Policy'''</big><br /><br />

==Basis for Policy ==

Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/~~publications~~/~~topic~~/hipaa.html~~#security-rule~~ HIPAA Security Rule] outline considerations for the access control family of security controls.

Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule] outline considerations for the access control family of security controls.

==Policy==

The following serve as the guiding principles to follow when selecting a third-party vendor:

Line 44:

##Quality Objective - Quantifiable benefits due to specified quality goals

##Research Objective - Quantifiable benefits due to specified research goals

#Data is ~~efficently~~ collected

#Data is efficiently collected.

##Data quality

###The third-party vendor will provide a quality assurance process to ensure that the collected data is accurate prior to submission.

Line 77:

==Definitions==

===Affiliated Covered Entity (ACE)===

Legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center and Nebraska Pediatric Practice, Inc. d/b/a Children’s Specialty Physicians. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members. Access and amendment rights apply to designated record sets throughout the ACE.

Legally separate covered entities that are affiliated and designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center and Nebraska Pediatric Practice, Inc. d/b/a Children’s Specialty Physicians. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members. Access and amendment rights apply to designated record sets throughout the ACE.

===Data Elements===

The items collected by a third-party registry.

Line 107:

Line 108:

*[https://info.unmc.edu/its-security/policies/procedures/thirdparty.html Third Party Registry Procedure]

*[https://wiki.unmc.edu/index.php/Business_Associate_Agreements_and_Addendums_Procedures Business Associate Agreements and Addendums Procedures]

*[https://~~app1~~.unmc.edu/~~forms~~/~~its~~/~~third_party_registry~~.~~cfm~~ Third Party Registry Form]

*[https://info.unmc.edu/its-security/policies/procedures/thirdparty.html Third Party Registry Form]

*[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53]

*[https://www.cdc.gov/phlp/~~publications~~/~~topic~~/hipaa.html Health Insurance Portability and Accountability Act of 1996] (HIPAA)

*[https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html Health Insurance Portability and Accountability Act of 1996] (HIPAA)

*[https://www.cdc.gov/phlp/~~publications~~/~~topic~~/hipaa.html~~#security-rule~~ HIPAA Security Rule]

*[https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule]

This page maintained by [mailto:dpanowic@unmc.edu dkp].

@@ Line 35: / Line 35: @@
 <big>'''Third Party Registry Selection Policy'''</big><br /><br />
 ==Basis for Policy ==
-Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/publications/topic/hipaa.html#security-rule HIPAA Security Rule] outline considerations for the access control family of security controls.
+Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule] outline considerations for the access control family of security controls.
 ==Policy==
 The following serve as the guiding principles to follow when selecting a third-party vendor:
@@ Line 44: / Line 44: @@
 ##Quality Objective - Quantifiable benefits due to specified quality goals
 ##Research Objective - Quantifiable benefits due to specified research goals
-#Data is efficently collected
+#Data is efficiently collected.
 ##Data quality
 ###The third-party vendor will provide a quality assurance process to ensure that the collected data is accurate prior to submission.
@@ Line 77: / Line 77: @@
 ==Definitions==
 ===Affiliated Covered Entity (ACE)===
-Legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center and Nebraska Pediatric Practice, Inc. d/b/a Children’s Specialty Physicians. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members. Access and amendment rights apply to designated record sets throughout the ACE.
+Legally separate covered entities that are affiliated and designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center and Nebraska Pediatric Practice, Inc. d/b/a Children’s Specialty Physicians. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members. Access and amendment rights apply to designated record sets throughout the ACE.
 ===Data Elements===
 The items collected by a third-party registry.
@@ Line 107: / Line 108: @@
 *[https://info.unmc.edu/its-security/policies/procedures/thirdparty.html Third Party Registry Procedure]
 *[https://wiki.unmc.edu/index.php/Business_Associate_Agreements_and_Addendums_Procedures Business Associate Agreements and Addendums Procedures]
-*[https://app1.unmc.edu/forms/its/third_party_registry.cfm Third Party Registry Form]
+*[https://info.unmc.edu/its-security/policies/procedures/thirdparty.html Third Party Registry Form]
 *[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53]
-*[https://www.cdc.gov/phlp/publications/topic/hipaa.html Health Insurance Portability and Accountability Act of 1996] (HIPAA)
+*[https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html Health Insurance Portability and Accountability Act of 1996] (HIPAA)
-*[https://www.cdc.gov/phlp/publications/topic/hipaa.html#security-rule HIPAA Security Rule]
+*[https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule]
 This page maintained by [mailto:dpanowic@unmc.edu dkp].