Retention and Destruction/Disposal of Private and Confidential Information: Difference between revisions
No edit summary |
mNo edit summary |
||
Line 72: | Line 72: | ||
*Contact the [mailto:infosecurity@unmc.edu Information Security Office] | *Contact the [mailto:infosecurity@unmc.edu Information Security Office] | ||
*Procedure No. 6056, [https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information] | *Procedure No. 6056, [https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information] | ||
*[http://www.sos.ne.gov/records-management/schedule_170.html UNMC Record Retention Schedule] | |||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. |
Revision as of 12:53, August 9, 2017
Human Resources | Safety/Security | Research Compliance | Compliance | Privacy/Information Security | Business Operations | Intellectual Property |
Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training
Policy No.: 6056
Effective Date: 03/17/03
Revised Date: 05/22/17
Reviewed Date: 05/22/17
Retention and Destruction/Disposal of Private and Confidential Information Policy
Basis for Policy
Retention and subsequent destruction/disposal of proprietary and protected health information are governed by federal and state regulations and University policies and procedures. These regulations and guidelines include, but may not be limited to:
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Executive Memorandum No. 27, HIPAA Compliance Policy
- Board of Regents Bylaws
- Board of Regents Policies
- Privacy, Confidentiality and Information Security Policy
- Institutional Review Board Guidelines, Retention of Research Records for Non-Exempt Research
- Information Technology Services Procedures
- UNMC Record Retention Schedule
Policy
Retention
It is the policy of the University of Nebraska Medical Center (UNMC) and its affiliated entities to ensure the privacy and security of confidential information in the maintenance, retention, and eventual destruction/disposal of such media. All destruction/disposal of confidential information media will be done in accordance with federal and state law and pursuant to the UNMC Record Retention Schedule. Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner.
The retention schedule for destruction/disposal shall be suspended for records involved in any open investigation, audit, or litigation, as well as where specific contract provisions specify record retentions requirements.
Individuals who know or suspect that confidentiality has been breached by another person or persons have a responsibility to report the breach to the respective supervisor or administrator or to the Human Resources Department. Employees should not confront the individual under suspicion or initiate investigations on their own, as such actions could compromise any ensuing investigation. All individuals are to cooperate fully with those performing an investigation pursuant to this policy.
If a preservation notice is received, the record retention schedule shall be suspended until the preservation notice terminates.
Disposal/Destruction
All paper waste must be placed in a recycling container. UNMC will ensure that all confidential paper waste is secured from the time it is collected until the time it is shredded by the selected vendor.
Records scheduled for destruction/disposal should be secured against unauthorized or inappropriate access until the destruction/disposal of information is complete.
Failure to appropriately dispose of/destroy private or confidential information may result in sanctions, civil or criminal prosecution and penalties, scholastic or employment corrective action which could lead to dismissal or, as it relates to health care professionals or others outside of UNMC, suspension or revocation of all access privileges.
Definitions
Information is data presented in readily comprehensible form. (Whether a specific message is informative or not depends in part on the subjective perceptions of the person who receives it.) Information may be stored or transmitted via electronic media, on paper or other tangible media, or be known by individuals or groups. Information generated in the course of University operations is a valuable asset of the University and belongs to the University.
Proprietary information refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records:
- Employee records refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, §3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
- Student education records means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution).
Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by UNMC, The Nebraska Medical Center, UMA and UDA. (NOTE: The HIPAA privacy regulation does not apply to education records covered by FERPA.)
Protected Health Information (PHI) is individually identifiable health information. Health information means any information, whether oral or recorded in any medium, that:
- is created or received by UNMC; and
- relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
Records containing PHI, in any form, may not be deleted. PHI contained in the medical record must be accessible at all times.
Additional Information
- Contact the Information Security Office
- Procedure No. 6056, Destruction of Private and Confidential Information
- UNMC Record Retention Schedule
This page maintained by dkp.