University of Nebraska Medical Center

Honest Broker: Difference between revisions

Page Discussion

Honest Broker (view source)

Revision as of 08:22, August 16, 2023

951 bytes added ,  August 16, 2023
m
→‎Business Associate
VisualWikitext
 
Line 38: Line 38:
Legally separate covered entities have designated themselves as a single covered entity for the purpose of HIPAA Compliance. Current UNMC ACE members are: UNMC, Nebraska Medicine, UNMC Physicians, University Dental Associates, Bellevue Medical Center, and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The [http://www.unmc.edu/hipaa/about/notice-privacy-practices.html Notice of Privacy Practices] lists current ACE members.
Legally separate covered entities have designated themselves as a single covered entity for the purpose of HIPAA Compliance. Current UNMC ACE members are: UNMC, Nebraska Medicine, UNMC Physicians, University Dental Associates, Bellevue Medical Center, and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The [http://www.unmc.edu/hipaa/about/notice-privacy-practices.html Notice of Privacy Practices] lists current ACE members.
===Business Associate===
===Business Associate===
A person or entity, other than a member of the workforce of a covered entity, who performs functions on behalf of a covered entity per 45 CFR 160 is a business associate.
A third party who performs services on behalf of Nebraska Medicine/UNMC that involve the creation, receipt, maintenance or transmission of PHI in any form, even if PHI is not accessed. Some examples of such services include storage, including cloud storage, claims processing, data analysis, data processing, practice management, utilization review, quality assurance, patient safety activities, billing, benefit management and repricing.
===De-identification===
===De-identification===
De-identification refers to removal of all eighteen (18) of the HIPAA identifiers or any other identifiers which would allow the reasonable possibility for investigators or others to identify patients directly or indirectly to prevent re-identification of patients.
De-identification refers to removal of all eighteen (18) of the HIPAA identifiers or any other identifiers which would allow the reasonable possibility for investigators or others to identify patients directly or indirectly to prevent re-identification of patients.
Line 51: Line 51:
A Limited Data Set means a set of identifiable patient information, as defined by HIPAA, which has limited identifiable information which may be used solely for the purpose of research, public health, or health care operations. A Limited Data Set should be shared only upon execution of a Data Use Agreement, which is an agreement which addresses HIPAA-mandated conditions related to subsequent uses and disclosures of Limited Data Sets.   
A Limited Data Set means a set of identifiable patient information, as defined by HIPAA, which has limited identifiable information which may be used solely for the purpose of research, public health, or health care operations. A Limited Data Set should be shared only upon execution of a Data Use Agreement, which is an agreement which addresses HIPAA-mandated conditions related to subsequent uses and disclosures of Limited Data Sets.   
===Protected Health Information (PHI)===
===Protected Health Information (PHI)===
Protected Health Information means any information whether oral or recorded in any medium created or received by a health care provider, health plan, employer or health care clearinghouse which relates to past, present or future physical or mental health or condition of an individual, or the past, present, or future payment for the provision of health care to an individual for which there is a reasonable basis to believe the information may be used to identify an individual.
Individually identifiable health information including demographic information, collected from an Individual, whether oral or recorded in any medium, that:
 
* is created or received by UNMC/ACE; and
* relates to the past, present or future physical or mental health or condition of an Individual; the provision of health care to an Individual; or the past, present or future payment for the provision of health care to an Individual and identifies the Individual or with respect to which there is a reasonable basis to believe the information can be used to identify the Individual.
 
PHI includes genetic information, which includes information about:
 
* an Individual’s genetic tests;
* the genetic tests of an Individual’s family members; or
* the manifestation of a disease or disorder in such Individual’s family members (i.e., family medical history).
 
 
PHI excludes:
 
* individually identifiable health information of a person who has been deceased for more than fifty (50) years.
* education records covered by the Family Educational Rights and Privacy Act (FERPA); and
* employment records held by UNMC in its role as employer.
 
===IRB Requirements===
===IRB Requirements===
Use of human biological, samples, specimens and data or the like shall be consistent with the requirements, regulations, laws for use of such information and materials.  
Use of human biological, samples, specimens and data or the like shall be consistent with the requirements, regulations, laws for use of such information and materials.  
===Workforce Member===
===Workforce Member===
Workforce member refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct in the performance of work the ACE entities, or are under the direct control of an ACE entity.
Employees, medical staff, volunteers, trainees and other persons whose conduct, in the performance of work for Nebraska Medicine/UNMC, is under the direct control of Nebraska Medicine/UNMC, whether or not they are paid by Nebraska Medicine/UNMC.
==Procedures==
==Procedures==
===Honest Broker Requirements===
===Honest Broker Requirements===
Retrieved from "https://wiki.unmc.edu/index.php/Special:MobileDiff/14230"