Facility Security: Difference between revisions

From University of Nebraska Medical Center
Jump to navigation Jump to search
No edit summary
mNo edit summary
 
(10 intermediate revisions by 2 users not shown)
Line 20: Line 20:
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"  
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"  
width="20">[[Intellectual Property]]</td>
width="20">[[Intellectual Property]]</td>
<td style="border-bottom:2px solid #A3B1BF" width="3">&#160;</td>
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"
width="20">[[Faculty]]</td>
</tr>
</tr>
</table>
</table>
<br />
<br />
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Information Security Awareness and Training]]
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Information Security Awareness and Training]] | [[Patient Privacy Investigations and Levels of Violation]]<br />
<br /><br />
<br />
Policy No.: '''6067'''<br />
Policy No.: '''6067'''<br />
Effective Date: '''03/17/03'''<br />
Effective Date: '''03/17/03'''<br />
Revised Date: ''' '''<br />  
Revised Date: '''07/14/17 '''<br />  
Reviewed Date:''' '''<br /><br />
Reviewed Date:'''11/12/20 '''<br /><br />
<big>'''Facility Security Policy'''</big>
<big>'''Facility Security Policy'''</big>
NOTE: These guidelines are provided to assist UNMC workforce, including those in the patient treatment areas of the Munroe-Meyer Institute, the College of Medicine Optical Shop, the Lions Eye Bank and the College of Dentistry, as applicable, comply with HIPAA regulations. Those departments and clinics which fall under the jurisdiction of  The Nebraska Medical Center and/or University Medical Associates should consult the policies and procedures of those entities for authoritative guidance.<br />
==Basis for Policy ==
==Basis for Policy ==
It is the policy of the University of Nebraska Medical Center (UNMC) to comply with authoritative guidelines, to ensure a safe and secure workplace for faculty, students, staff, patients and visitors, and to protect the University. Further, it is the policy of UNMC to protect confidentiality and privacy through appropriate use of information gathered in the course of employment or other affiliation with UNMC or entrusted to UNMC for academic, research, patient care, or administrative purposes.
It is the policy of the University of Nebraska Medical Center (UNMC) to comply with authoritative guidelines, to ensure a safe and secure workplace for faculty, students, staff, patients and visitors, and to protect the University. Further, it is the policy of UNMC to protect confidentiality and privacy through appropriate use of information gathered in the course of employment or other affiliation with UNMC or entrusted to UNMC for academic, research, patient care, or administrative purposes.
== Policy ==
== Policy ==
All exterior doors to buildings and interior doors to clinics and offices housing protected health information (PHI) or confidential proprietary information will be locked after normal business hours, including weekends and holidays.  
All exterior doors to buildings and interior doors to clinics and offices housing protected health information (PHI) or confidential proprietary information will be locked after normal business hours, including weekends and holidays. <br />


Exterior and interior doors are secured by means of mechanical and/or electronic locking mechanisms.  
Exterior and interior doors are secured by means of mechanical and/or electronic locking mechanisms.  
Line 42: Line 42:
*Knowing who should legitimately be in their work area
*Knowing who should legitimately be in their work area
*Observing and reporting immediately any suspicious activities and/or individuals acting in a suspicious manner:     
*Observing and reporting immediately any suspicious activities and/or individuals acting in a suspicious manner:     
:*Contact Campus Security, Ext. 9-5111 for occurrences on main campus
:*Contact Campus Security, 402-559-5111 for occurrences on main campus
:*Contact 911 for occurrences off main campus   
:*Contact 911 for occurrences off main campus   
*Securing offices and other areas containing PHI or confidential proprietary information when not in use
*Securing offices and other areas containing PHI or confidential proprietary information when not in use
===Securing Campus Buildings After Normal Business Hours===
===Securing Campus Buildings After Normal Business Hours===
*Campus buildings which include, but are not limited to, Clarkson Tower, University Tower, Durham Outpatient Center, University Medical Associates, and UNMC Recycling Center which house confidential information are protected by a variety of physical security measures to prevent unauthorized individuals from gaining access. A Facility Plan (under construction) has been developed for the University of Nebraska Medical (UNMC) campus to safeguard the premises and buildings (exterior and interior) from unauthorized physical access, tampering, or theft.
*Campus buildings which include, but are not limited to Clarkson Tower, University Tower and Durham Outpatient Center which house confidential information are protected by a variety of physical security measures to prevent unauthorized individuals from gaining access.
*Campus Security will control facility access, including locking, unlocking, and restricting access during designated hours
*Campus Security will control facility access, including locking, unlocking and restricting access during designated hours.
*Campus Security will conduct routine patrols of all buildings (both interior and exterior) after normal business hours to assure buildings and departments remain secure
*Campus Security will conduct routine patrols of all buildings (both interior and exterior) after normal business hours.
*Campus Security will check any individual found in a secured area after hours to assure they are authorized
*Campus Security will check any individual found in a secured area after hours for proper authorization.
===After Hours Access to Campus Buildings/Departments===
===After Hours Access to Campus Buildings/Departments===
*Workforce authorized to access specific buildings and/or departments within a building may have a key issued to them in accordance with Key Control Procedures
*Workforce authorized to access specific buildings and/or departments within a building may have a key issued to them in accordance with [https://info.unmc.edu/safety/campus-security/campus-security-department/security-policies.html Key Control Procedures].
*If card access is available to a building or department, workforce authorized access to the building/department may be granted access via card access in accordance with UNMC Policy No. 6009, [[Secure Area Card Access Control]]
*If card access is available to a building or department, workforce authorized access to the building/department may be granted access via card access in accordance with UNMC Policy No. 6009, [[Secure Area Card Access Control]].
===Securing Clinics and Health Care Centers Located Off Main Campus===
===Securing Clinics and Health Care Centers Located Off Main Campus===
*Managers of locations off the main campus are responsible for:       
*Managers of locations off the main campus are responsible for:       
:*Evaluating and performing a risk assessment for their Clinic/Healthcare Center
:*Evaluating and performing a risk assessment for their Clinic/Healthcare Center
:*Working with [http://info.unmc.edu/safety/facilities/ Facilities Management and Planning] and [http://info.unmc.edu/safety/campus-security/ Campus Security] to develop appropriate polices and procedures for securing their work areas       
:*Working with Facilities Management and Planning and Campus Security to develop appropriate policies and procedures for securing their work areas       
:*Training and instructing staff members on how to properly secure patient related information  
:*Training and instructing staff members on how to properly secure patient-related information  
:*Securing buildings after hours
:*Securing buildings after hours
:*Securing Department Areas During Cleaning
:*Securing Department Areas During Cleaning
::* Department management, in conjunction with Environmental Services (EVS) management, is responsible for performing a risk assessment of the physical security of the area when cleaning of the area takes place
::*Department management, in conjunction with Environmental Services (EVS) management, is responsible for performing a risk assessment of the physical security of the area when cleaning of the area takes place
::*It is department management responsibility to know the cleaning schedule and to inform EVS of any changes which might impact the physical security of the area during the cleaning hours
::*It is department management's responsibility to know the cleaning schedule and to inform EVS of any changes which might impact the physical security of the area during the cleaning hours.
::*If after normal business hours, EVS will ensure that the main door to the area remains locked where possible. If it is not possible to lock off the area, EVS and department management will evaluate options to mitigate the risk
::*If after normal business hours, EVS will ensure that the main door to the area remains locked where possible. If it is not possible to lock off the area, EVS and department management will evaluate options to mitigate the risk.
==Definitions ==
==Definitions ==
'''Privacy''' is defined as the right of individuals to keep information about themselves from being disclosed. <br/>
'''Privacy''' is defined as the right of individuals to keep information about themselves from being disclosed. <br/>
'''Proprietary information''' refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records as defined in UNMC Policy No. 6045, [[Privacy/Confidentiality | Privacy, Confidentiality and Information Security]]. <br/>
'''Proprietary information''' refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records as defined in UNMC Policy No. 6045, [https://wiki.unmc.edu/index.php/Privacy/Confidentiality Privacy/Confidentiality Privacy, Confidentiality and Security of Patient and Proprietary Information]. <br/>
'''Protected Health Information (PHI)''' is individually identifiable health information.  Health information means any information, whether oral or recorded in any medium, that:  
'''Protected Health Information (PHI)'''
*is created or received by UNMC; and
 
*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
Individually identifiable health information including demographic information, collected from an Individual, whether oral or recorded in any medium, that:  
Records containing PHI, in any form, are the property of UNMC. The PHI contained in the record is the property of the individual who is the subject of the record. <br/>
 
'''Workforce''' refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.  
* is created or received by UNMC/ACE; and
* relates to the past, present or future physical or mental health or condition of an Individual; the provision of health care to an Individual; or the past, present or future payment for the provision of health care to an Individual and identifies the Individual or with respect to which there is a reasonable basis to believe the information can be used to identify the Individual.
 
PHI includes genetic information, which includes information about:
 
* an Individual’s genetic tests;
* the genetic tests of an Individual’s family members; or
* the manifestation of a disease or disorder in such Individual’s family members (i.e., family medical history).
 
PHI excludes:
 
* individually identifiable health information of a person who has been deceased for more than fifty (50) years.
* education records covered by the Family Educational Rights and Privacy Act (FERPA); and
* employment records held by UNMC in its role as employer.<br /> '''Workforce''' refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.  
==Additional Information==
==Additional Information==
*See [http://info.unmc.edu/safety/campus-security/ Campus Security] or contact [mailto:gsvanda@unmc.edu Gary Svanda], Director, Campus Security
*See [https://info.unmc.edu/safety/campus-security/ Campus Security] or contact [mailto:charlotte.evans@unmc.edu Charlotte Evans], Chief of Police, Assistant Vice Chancellor, UNO Department of Public Safety and [mailto:unmcsecoffice@unmc.edu UNMC Security]
*Contact the [mailto:photoid@unmc.edu Photo ID Office] or [mailto:steven.williamson@unmc.edu Steven Williamson], Manager, Identification and Access Control  
*Contact the [mailto:photoid@unmc.edu Photo ID Office] or [mailto:steven.williamson@unmc.edu Steven Williamson], Director, Identification Card and Access Control  
*[http://info.unmc.edu/safety/id-badge/ Photo ID Website]
*[https://info.unmc.edu/safety/id-badge/ Photo ID Website]
*UNMC Policy No. 6008, [[Identification Card]]
*UNMC Policy No. 6008, [[Identification Card]]
*UNMC Policy No. 6009, [[Secure Area Card Access]]
*UNMC Policy No. 6009, [[Secure Area Card Access]]
*UNMC Policy No. 6045, [[Privacy/Confidentiality | Privacy, Confidentiality and Information Security]]
*UNMC Policy No. 6045, [https://wiki.unmc.edu/index.php/Privacy/Confidentiality Privacy/Confidentiality Privacy, Confidentiality and Security of Patient and Proprietary Information]
*[https://info.unmc.edu/safety/campus-security/campus-security-department/security-policies.html UNMC Security Policies and Procedures]
 


This page maintained by [mailto:dpanowic@unmc.edu dkp].
This page maintained by [mailto:dpanowic@unmc.edu dkp].

Latest revision as of 14:33, August 15, 2023

Human Resources   Safety/Security   Research Compliance   Compliance   Privacy/Information Security   Business Operations   Intellectual Property   Faculty


Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training | Patient Privacy Investigations and Levels of Violation

Policy No.: 6067
Effective Date: 03/17/03
Revised Date: 07/14/17
Reviewed Date:11/12/20

Facility Security Policy

Basis for Policy

It is the policy of the University of Nebraska Medical Center (UNMC) to comply with authoritative guidelines, to ensure a safe and secure workplace for faculty, students, staff, patients and visitors, and to protect the University. Further, it is the policy of UNMC to protect confidentiality and privacy through appropriate use of information gathered in the course of employment or other affiliation with UNMC or entrusted to UNMC for academic, research, patient care, or administrative purposes.

Policy

All exterior doors to buildings and interior doors to clinics and offices housing protected health information (PHI) or confidential proprietary information will be locked after normal business hours, including weekends and holidays.

Exterior and interior doors are secured by means of mechanical and/or electronic locking mechanisms.

Department Personnel Responsibilities

  • Knowing who should legitimately be in their work area
  • Observing and reporting immediately any suspicious activities and/or individuals acting in a suspicious manner:
  • Contact Campus Security, 402-559-5111 for occurrences on main campus
  • Contact 911 for occurrences off main campus
  • Securing offices and other areas containing PHI or confidential proprietary information when not in use

Securing Campus Buildings After Normal Business Hours

  • Campus buildings which include, but are not limited to Clarkson Tower, University Tower and Durham Outpatient Center which house confidential information are protected by a variety of physical security measures to prevent unauthorized individuals from gaining access.
  • Campus Security will control facility access, including locking, unlocking and restricting access during designated hours.
  • Campus Security will conduct routine patrols of all buildings (both interior and exterior) after normal business hours.
  • Campus Security will check any individual found in a secured area after hours for proper authorization.

After Hours Access to Campus Buildings/Departments

  • Workforce authorized to access specific buildings and/or departments within a building may have a key issued to them in accordance with Key Control Procedures.
  • If card access is available to a building or department, workforce authorized access to the building/department may be granted access via card access in accordance with UNMC Policy No. 6009, Secure Area Card Access Control.

Securing Clinics and Health Care Centers Located Off Main Campus

  • Managers of locations off the main campus are responsible for:
  • Evaluating and performing a risk assessment for their Clinic/Healthcare Center
  • Working with Facilities Management and Planning and Campus Security to develop appropriate policies and procedures for securing their work areas
  • Training and instructing staff members on how to properly secure patient-related information
  • Securing buildings after hours
  • Securing Department Areas During Cleaning
  • Department management, in conjunction with Environmental Services (EVS) management, is responsible for performing a risk assessment of the physical security of the area when cleaning of the area takes place
  • It is department management's responsibility to know the cleaning schedule and to inform EVS of any changes which might impact the physical security of the area during the cleaning hours.
  • If after normal business hours, EVS will ensure that the main door to the area remains locked where possible. If it is not possible to lock off the area, EVS and department management will evaluate options to mitigate the risk.

Definitions

Privacy is defined as the right of individuals to keep information about themselves from being disclosed.
Proprietary information refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records as defined in UNMC Policy No. 6045, Privacy/Confidentiality Privacy, Confidentiality and Security of Patient and Proprietary Information.
Protected Health Information (PHI)

Individually identifiable health information including demographic information, collected from an Individual, whether oral or recorded in any medium, that:

  • is created or received by UNMC/ACE; and
  • relates to the past, present or future physical or mental health or condition of an Individual; the provision of health care to an Individual; or the past, present or future payment for the provision of health care to an Individual and identifies the Individual or with respect to which there is a reasonable basis to believe the information can be used to identify the Individual.

PHI includes genetic information, which includes information about:

  • an Individual’s genetic tests;
  • the genetic tests of an Individual’s family members; or
  • the manifestation of a disease or disorder in such Individual’s family members (i.e., family medical history).

PHI excludes:

  • individually identifiable health information of a person who has been deceased for more than fifty (50) years.
  • education records covered by the Family Educational Rights and Privacy Act (FERPA); and
  • employment records held by UNMC in its role as employer.
    Workforce refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.

Additional Information


This page maintained by dkp.