Third Party Registry: Difference between revisions

From University of Nebraska Medical Center
Jump to navigation Jump to search
(Created page with "<table style="background:#F8FCFF; text-align:center" width="100%" cellspacing="0" cellpadding="0" border="0"> <tr> <td style="padding:0.5em; background-color:#e5e5e5; font-siz...")
 
mNo edit summary
Line 32: Line 32:
<br />
<br />
<big>'''Third Party Registry Selection Policy'''</big><br /><br />
<big>'''Third Party Registry Selection Policy'''</big><br /><br />
==Basis for Policy==
UNMC has a responsibility to protect the identity of its faculty, staff and students, as well as all individuals with whom it has an association including alumni, donors, research subjects, potential students, and affiliates. Since an individual's Social Security Number (SSN) is one of the most critical data items used to establish an identity, UNMC needs to take extra precautions to safeguard SSNs from unauthorized use.
==Purpose of Policy==
==Purpose of Policy==
The purpose of this policy is to describe the organization’s requirements for selecting a third party registry to securely and efficiently submit data to in order to achieve organizational goals.   
The purpose of this policy is to describe the organization’s requirements for selecting a third party registry to securely and efficiently submit data to in order to achieve organizational goals.   
Line 56: Line 54:
===Data Policy Committee===
===Data Policy Committee===
The Data Policy Committee will review requests and determines if the benefits of participating within the submission outweighs the risk.
The Data Policy Committee will review requests and determines if the benefits of participating within the submission outweighs the risk.
==Definitions===
==Definitions==
'''Affiliated Covered Entity (ACE)''' means legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance.  Current Nebraska Medical ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center, and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members.
'''Affiliated Covered Entity (ACE)''' - legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance.  Current Nebraska Medical ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center, and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members.


'''Data Elements''' – the items collected by a third party registry.
'''Data Elements''' – the items collected by a third party registry.
Line 70: Line 68:


==Additional Information==
==Additional Information==
*Contact [mailto:swelna@unmc.edu Associate Director, Compliance, Information Technology Services] or 402.559.2545.
*Contact [mailto:swelna@unmc.edu Information Security Officer] or 402.559.2545.
*UNMC Policy No. 6045, [http://wiki.unmc.edu/index.php?title=Privacy/Confidentiality Privacy, Confidentiality and Information Security]
*UNMC Policy No. 6045, [http://wiki.unmc.edu/index.php?title=Privacy/Confidentiality Privacy, Confidentiality and Information Security]
*UNMC Policy No. 6051, [http://wiki.unmc.edu/index.php?title=Computer_Use/Electronic_Information Computer Use and Electronic Information Security]
*UNMC Policy No. 6051, [http://wiki.unmc.edu/index.php?title=Computer_Use/Electronic_Information Computer Use and Electronic Information Security]
Line 76: Line 74:
*[http://www.unmc.edu/its/security/procedures/thirdparty.html Third Party Registry Procedure]
*[http://www.unmc.edu/its/security/procedures/thirdparty.html Third Party Registry Procedure]
*[http://www.unmc.edu/its/security/forms.html Third Party Registry Form]
*[http://www.unmc.edu/its/security/forms.html Third Party Registry Form]


This page maintained by [mailto:dpanowic@unmc.edu dkp].
This page maintained by [mailto:dpanowic@unmc.edu dkp].

Revision as of 09:52, April 13, 2016

Human Resources   Safety/Security   Research Compliance   Compliance   Privacy/Information Security   Business Operations   Intellectual Property


Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Confidential Information | Protected Health Information (PHI) | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry



Policy No.: 6300
Effective Date: Draft
Revised Date:
Revised Date:

Third Party Registry Selection Policy

Purpose of Policy

The purpose of this policy is to describe the organization’s requirements for selecting a third party registry to securely and efficiently submit data to in order to achieve organizational goals.

Policy

The following serve as the guiding principles to follow when selecting a vendor:

Organizational Goals

The envisioned goals of the submission should be clearly documented and communicated to assess the benefits versus risks to form a recommendation on why the submission should proceed.

Incentive Bonus

The amount the payer will increase payment if organization participates in the registry and the date required to submit to achieve incentive bonus.

Penalty Avoidance

The amount payer will decrease payment if organization does not participate in the registry and date required to submit to avoid penalty.

Accreditation

Criteria required to obtain/retain accreditation.

Quality Objective

Quantifiable benefits due to specified quality goals is the quality objective.

Research Objective

Quantifiable benefits due to specified research goals is the research objective.

Data Collection

Data is efficiently collected.

Secure Storage

All vendors and sub-contractors that transfer or store PHI need to be covered under a business associate agreement (BAA).

Data Policy Committee

The Data Policy Committee will review requests and determines if the benefits of participating within the submission outweighs the risk.

Definitions

Affiliated Covered Entity (ACE) - legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current Nebraska Medical ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center, and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members.

Data Elements – the items collected by a third party registry.

Protected Health Information (PHI) is individually identifiable health information. Individually identifiable health information is a subset of health information including demographic information, collected from an individual, whether oral or recorded in any medium that:

  • is created or received by ACE; and
  • relates to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual.

Registry - an organized system that uses observational study methods to collect uniform data (clinical and other) to evaluate specified outcomes for a population defined by a particular disease, condition, or exposure, and that serves a predetermined scientific, clinical, or policy purpose(s) - Workman, T. (n.d.). Retrieved November 10, 2015, from http://www.ncbi.nlm.nih.gov/books/NBK164514/.

Third Party Registry – an external entity that collects data for quality or research objectives.

Additional Information

This page maintained by dkp.