Retention and Destruction/Disposal of Private and Confidential Information: Difference between revisions
No edit summary |
m (Dpanowic moved page Confidential Information to Retention and Destruction/Disposal of Private and Confidential Information: Request of Policy Owner) |
(No difference)
|
Revision as of 12:19, August 22, 2014
Human Resources | Safety/Security | Research Compliance | Compliance | Privacy/Information Security | Business Operations | Intellectual Property |
Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Confidential Information | Protected Health Information (PHI) | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information
POLICY NO: 6056
EFFECTIVE DATE: 03/17/03
Retention and Destruction/Disposal of Private and Confidential Information Policy
NOTE: These guidelines are provided to assist UNMC workforce, including those in the patient treatment areas of the Munroe-Meyer Institute, the College of Medicine Optical Shop, the Lions Eye Bank and the College of Dentistry, as applicable, comply with HIPAA regulations. Those departments and clinics which fall under the jurisdiction of The Nebraska Medical Center and/or University Medical Associates should consult the policies and procedures of those entities for authoritative guidance.
Basis for Policy
Retention and subsequent destruction/disposal of proprietary and protected health information are governed by federal and state regulations and University policies and procedures. These regulations and guidelines include, but may not be limited to:
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Executive Memorandum No. 27, HIPAA Compliance Policy
- Board of Regents Bylaws
- Board of Regents Policies
- Privacy, Confidentiality and Information Security Policy
- Institutional Review Board Guidelines, Retention of Research Records for Non-Exempt Research
- Information Technology Services Procedures
- UNMC Record Retention Schedule
Policy
Retention
It is the policy of the University of Nebraska Medical Center (UNMC) and its affiliated entities to ensure the privacy and security of proprietary and protected health information in the maintenance, retention, and eventual destruction/disposal of such media. All destruction/disposal of patient health information media will be done in accordance with federal and state law and pursuant to the UNMC Record Retention Schedule. Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner.
The retention schedule for destruction/disposal shall be suspended for records involved in any open investigation, audit, or litigation. Individuals who know or suspect that confidentiality has been breached by another person or persons have a responsibility to report the breach to the respective supervisor or administrator or to the Human Resources Department. Employees should not confront the individual under suspicion or initiate investigations on their own, as such actions could compromise any ensuing investigation. All individuals are to cooperate fully with those performing an investigation pursuant to this policy.
Disposal/Destruction
Department administration shall determine what information entrusted to their department is private and/or confidential and shall communicate methods of protecting that information through the destruction/disposal process to appropriate persons associated with their department.
All paper waste must be placed in a recycling container. Environmental Services (EVS)is responsible for the security, transport and storage of confidential paper waste from internal customer locations. EVS will secure the confidential waste in locked containers provided by the UNMC Recycling Center. All confidential waste containers will be secured on the dock areas or at the collection points designated by department policy. As recycling containers are transported on the trucks to the Recycling Center, they will be the responsibility of the UNMC Recycling Center staff. The UNMC Recycling Center will be responsible for disposing of the recycled material in a secure manner and ensuring that all documentation necessary for demonstrating compliance with regulations is maintained. Failure to appropriately dispose of/destroy private or confidential information may result in sanctions, civil or criminal prosecution and penalties, scholastic or employment corrective action which could lead to dismissal or, as it relates to health care professionals or others outside of UNMC, suspension or revocation of all access privileges.
Definitions
Information is data presented in readily comprehensible form. (Whether a specific message is informative or not depends in part on the subjective perceptions of the person who receives it.) Information may be stored or transmitted via electronic media, on paper or other tangible media, or be known by individuals or groups. Information generated in the course of University operations is a valuable asset of the University and belongs to the University.
Proprietary information refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records:
- Employee records refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
- Student education records means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by UNMC, The Nebraska Medical Center, UMA and UDA. (NOTE: The HIPAA privacy regulation does not apply to education records covered by FERPA.)
Protected Health Information (PHI) is individually identifiable health information. Health information means any information, whether oral or recorded in any medium, that:
- is created or received by UNMC; and
- relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
Records containing PHI, in any form, are the property of UNMC. The PHI contained in the record is the property of the individual who is the subject of the record.
For additional information, contact Sheila Wrobel, Privacy Officer, or see Privacy, Confidentiality and Information Security Procedures contained in the following resources:
- UNMC Privacy, Confidentiality and Information Security Procedures
- UNMC Destruction of Private and Confidential Information Procedures
- Laboratory Notebook Maintenance Procedures
This policy contains minor revisions to UNMC Policy #6056, issued on 03/17/03.
This page updated on Monday, February 16, 2004, by dkp.