Third Party Registry: Difference between revisions
No edit summary |
|||
Line 74: | Line 74: | ||
==Additional Information== | ==Additional Information== | ||
*Contact [ | *Contact [https://support.security.unmc.edu Office of Information Security] or 402.559.2545. | ||
*UNMC Policy No. 6045, [ | *UNMC Policy No. 6045, [https://wiki.unmc.edu/index.php/Privacy/Confidentiality] | ||
*UNMC Policy No. 6051, [ | *UNMC Policy No. 6051, [https://wiki.unmc.edu/index.php/Computer_Use/Electronic_Information] | ||
*[https://info.unmc.edu/its-security/policies/procedures/thirdparty.html Third Party Registry Procedure] | *[https://info.unmc.edu/its-security/policies/procedures/thirdparty.html Third Party Registry Procedure] | ||
*[ | *[https://app1.unmc.edu/forms/its/third_party_registry.cfm Third Party Registry Form] | ||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. |
Revision as of 09:32, December 12, 2018
Human Resources | Safety/Security | Research Compliance | Compliance | Privacy/Information Security | Business Operations | Intellectual Property |
Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training
Policy No.: 6300
Effective Date: 06/27/16
Revised Date:
Revised Date:
Third Party Registry Selection Policy
Purpose of Policy
A third party registry is an external entity that collects electronic medical record (EMR) data for quality or research objectives. The purpose of this policy is to describe the requirements for selecting a third party registry to securely and efficiently submit data while achieving organizational goals.
Basis for Policy
In order to ensure that the benefits of participating with submitting data to a third party registry outweigh the risks.
Policy
The following serve as the guiding principles to follow when selecting a vendor:
Organizational Goals
The envisioned goals of the submission should be clearly documented and communicated to assess the benefits versus risks to form a recommendation on why the submission should proceed.
Incentive Bonus
The amount the payer will increase payment if organization participates in the registry and the date required to submit to achieve incentive bonus.
Penalty Avoidance
The amount payer will decrease payment if organization does not participate in the registry and date required to submit to avoid penalty.
Accreditation
Criteria required to obtain/retain accreditation.
Quality Objective
Quantifiable benefits due to specified quality goals is the quality objective.
Research Objective
Quantifiable benefits due to specified research goals is the research objective.
Data Collection
Data Quality
- The third party vendor will provide a quality assurance process to ensure that the collected data is accurate prior to submission.
- The third party vendor will provide a data dictionary that clearly documents that data elements collected and how they will use those data elements
Workflow
- The data elements documented within the data dictionary will need to be collected as part of a clinical workflow within OneChart
Data Security
- All vendors and sub-contractors that transfer or store PHI need to be covered under a business associate agreement (BAA)
Data Policy Committee
The Data Policy and Governance Committee (Subcommittee of IM Governance Cabinet Research Committee) will review requests and determine if the benefits of participating within the submission outweighs the risk
Definitions
Affiliated Covered Entity (ACE) - legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current Nebraska Medical ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center, and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members.
Data Elements – the items collected by a third party registry.
Protected Health Information (PHI) is individually identifiable health information. Individually identifiable health information is a subset of health information including demographic information, collected from an individual, whether oral or recorded in any medium that:
- is created or received by ACE and
- relates to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual.
Registry - an organized system that uses observational study methods to collect uniform data (clinical and other) to evaluate specified outcomes for a population defined by a particular disease, condition, or exposure, and that serves a predetermined scientific, clinical, or policy purpose(s) - Workman, T. (n.d.). Retrieved November 10, 2015, from http://www.ncbi.nlm.nih.gov/books/NBK164514/.
Third Party Registry – an external entity that collects data for quality or research objectives.
Additional Information
- Contact Office of Information Security or 402.559.2545.
- UNMC Policy No. 6045, [1]
- UNMC Policy No. 6051, [2]
- Third Party Registry Procedure
- Third Party Registry Form
This page maintained by dkp.