1,735
edits
Retention and Destruction/Disposal of Private and Confidential Information: Difference between revisions
Jump to navigation
Jump to search
Retention and Destruction/Disposal of Private and Confidential Information (view source)
Revision as of 14:05, September 29, 2025
, September 29→Additional Information: updated HIPAA Security Rule link 2x
Mhurlocker (talk | contribs) |
(→Additional Information: updated HIPAA Security Rule link 2x) |
||
| Line 35: | Line 35: | ||
<big>'''Retention and Destruction/Disposal of Private and Confidential Information Policy'''</big> | <big>'''Retention and Destruction/Disposal of Private and Confidential Information Policy'''</big> | ||
== Basis for Policy == | == Basis for Policy == | ||
Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/ | Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access. [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule] outline considerations for the access control family of security controls. | ||
==Policy== | ==Policy== | ||
#It is the policy of the UNMC/Nebraska Medicine and its affiliated entities to ensure the privacy and security of confidential information in the maintenance, retention and eventual destruction/disposal of such media. All destruction/disposal of confidential information media will be done in accordance with federal and state law and pursuant to the [http://www.sos.ne.gov/records-management/schedule_170.html UNMC Record Retention Schedule]. Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner. | #It is the policy of the UNMC/Nebraska Medicine and its affiliated entities to ensure the privacy and security of confidential information in the maintenance, retention and eventual destruction/disposal of such media. All destruction/disposal of confidential information media will be done in accordance with federal and state law and pursuant to the [http://www.sos.ne.gov/records-management/schedule_170.html UNMC Record Retention Schedule]. Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner. | ||
| Line 138: | Line 138: | ||
*Contract Management Policy '''(policy number needed)''' | *Contract Management Policy '''(policy number needed)''' | ||
*[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] | *[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] | ||
*[https://www.cdc.gov/phlp/ | *[https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html HIPAA Security Rule] | ||
*[https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final NIST Special Publication 800-88 Rev. 1, Guidelines for Media Sanitization] | *[https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final NIST Special Publication 800-88 Rev. 1, Guidelines for Media Sanitization] | ||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. | ||