Facility Security: Difference between revisions

m
no edit summary
No edit summary
mNo edit summary
Line 25: Line 25:
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Information Security Awareness and Training]]
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Information Security Awareness and Training]]
<br /><br />
<br /><br />
POLICY NO: '''6067'''<br />
Policy No.: '''6067'''<br />
EFFECTIVE DATE: 03/17/03<br />
Effective Date: '''03/17/03'''<br />
 
Revised Date: ''' '''<br />
Reviewed Date:''' '''<br /><br />
<big>'''Facility Security Policy'''</big>
<big>'''Facility Security Policy'''</big>
   
   
NOTE: These guidelines are provided to assist UNMC workforce, including those in the patient treatment areas of the Munroe-Meyer Institute, the College of Medicine Optical Shop, the Lions Eye Bank and the College of Dentistry, as applicable, comply with HIPAA regulations. Those departments and clinics which fall under the jurisdiction of  The Nebraska Medical Center and/or University Medical Associates should consult the policies and procedures of those entities for authoritative guidance.<br />  
NOTE: These guidelines are provided to assist UNMC workforce, including those in the patient treatment areas of the Munroe-Meyer Institute, the College of Medicine Optical Shop, the Lions Eye Bank and the College of Dentistry, as applicable, comply with HIPAA regulations. Those departments and clinics which fall under the jurisdiction of  The Nebraska Medical Center and/or University Medical Associates should consult the policies and procedures of those entities for authoritative guidance.<br />  


=== Basis for Policy ===
==Basis for Policy ==
<br />
It is the policy of the University of Nebraska Medical Center (UNMC) to comply with authoritative guidelines, to ensure a safe and secure workplace for faculty, students, staff, patients and visitors, and to protect the University. Further, it is the policy of UNMC to protect confidentiality and privacy through appropriate use of information gathered in the course of employment or other affiliation with UNMC or entrusted to UNMC for academic, research, patient care, or administrative purposes.
 
== Policy ==
It is the policy of the University of Nebraska Medical Center (UNMC) to comply with authoritative guidelines, to ensure a safe and secure workplace for faculty, students, staff, patients and visitors, and to protect the University. Further, it is the policy of UNMC to protect confidentiality and privacy through appropriate use of information gathered in the course of employment or other affiliation with UNMC or entrusted to UNMC for academic, research, patient care, or administrative purposes.<br />
 
=== Policy ===
<br />
 
All exterior doors to buildings and interior doors to clinics and offices housing protected health information (PHI) or confidential proprietary information will be locked after normal business hours, including weekends and holidays.  
All exterior doors to buildings and interior doors to clinics and offices housing protected health information (PHI) or confidential proprietary information will be locked after normal business hours, including weekends and holidays.  


Exterior and interior doors are secured by means of mechanical and/or electronic locking mechanisms.  
Exterior and interior doors are secured by means of mechanical and/or electronic locking mechanisms.  
===Department Personnel Responsibilities===
*Knowing who should legitimately be in their work area
*Observing and reporting immediately any suspicious activities and/or individuals acting in a suspicious manner:   
:*Contact Campus Security, Ext. 9-5111 for occurrences on main campus
:*Contact 911 for occurrences off main campus 
*Securing offices and other areas containing PHI or confidential proprietary information when not in use
===Securing Campus Buildings After Normal Business Hours===
*Campus buildings which include, but are not limited to, Clarkson Tower, University Tower, Durham Outpatient Center, University Medical Associates, and UNMC Recycling Center which house confidential information are protected by a variety of physical security measures to prevent unauthorized individuals from gaining access. A Facility Plan (under construction) has been developed for the University of Nebraska Medical (UNMC) campus to safeguard the premises and buildings (exterior and interior) from unauthorized physical access, tampering, or theft.
*Campus Security will control facility access, including locking, unlocking, and restricting access during designated hours
*Campus Security will conduct routine patrols of all buildings (both interior and exterior) after normal business hours to assure buildings and departments remain secure
*Campus Security will check any individual found in a secured area after hours to assure they are authorized
===After Hours Access to Campus Buildings/Departments===
*Workforce authorized to access specific buildings and/or departments within a building may have a key issued to them in accordance with Key Control Procedures
*If card access is available to a building or department, workforce authorized access to the building/department may be granted access via card access in accordance with UNMC Policy No. 6009, [[Secure Area Card Access Control]]
===Securing Clinics and Health Care Centers Located Off Main Campus===
*Managers of locations off the main campus are responsible for:     
:*Evaluating and performing a risk assessment for their Clinic/Healthcare Center
:*Working with Facilities Management and Campus Security to develop appropriate polices and procedures for securing their work areas     
:*Training and instructing staff members on how to properly secure patient related information
:*Securing buildings after hours
:*Securing Department Areas During Cleaning
::* Department management in conjunction with Environmental Services (EVS) management is responsible for performing a risk assessment of the physical security of the area when cleaning of the area takes place
::*It is department management responsibility to know the cleaning schedule and to inform EVS of any changes which might impact the physical security of the area during the cleaning hours
::*If after normal business hours, EVS will ensure that the main door to the area remains locked where possible. If it is not possible to lock off the area, EVS and department management will evaluate options to mitigate the risk
==Definitions ==
'''Privacy''' is defined as the right of individuals to keep information about themselves from being disclosed. <br/>
'''Proprietary information''' refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records as defined in UNMC Policy No. 6045, Privacy, Confidentiality and Information Security. <br/>
'''Protected Health Information (PHI)''' is individually identifiable health information.  Health information means any information, whether oral or recorded in any medium, that:
*is created or received by UNMC; and
*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
Records containing PHI, in any form, are the property of UNMC. The PHI contained in the record is the property of the individual who is the subject of the record. <br/>
'''Workforce''' refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.
==Additional Information==
*Contact [http://info.unmc.edu/safety/campus-security/ UNMC Campus Security]or [mailto:gsvanda@unmc.edu Gary Svanda], Director, Campus Security
*Contact the [mailto:photoid@unmc.edu Photo ID Office] or [mailto:steven.williamson@unmc.edu Steven Williamson], Manager, Identification and Access Control
*[http://info.unmc.edu/safety/id-badge/ Photo ID Website]
*UNMC Policy No. 6008, [[Identification Card]]
*UNMC Policy No. 6009, [[Secure Area Card Access]]


'''Department Personnel Responsibilities'''
This page maintained by [mailto:dpanowic@unmc.edu dkp].
   
* Knowing who should legitimately be in their work area
*    Observing and reporting immediately any suspicious activities and/or individuals acting in a suspicious manner:   
# Contact Campus Security, Ext. 9-5111 for occurrences on main campus
#        Contact 911 for occurrences off main campus 
* Securing offices and other areas containing PHI or confidential proprietary information when not in use<br />
 
'''Securing Campus Buildings After Normal Business Hours'''
   
* Campus buildings which include, but are not limited to, Clarkson Tower, University Tower, Durham Outpatient Center, University Medical Associates, and UNMC Recycling Center which house confidential information are protected by a variety of physical security measures to prevent unauthorized individuals from gaining access. A Facility Plan (under construction) has been developed for the University of Nebraska Medical (UNMC) campus to safeguard the premises and buildings (exterior and interior) from unauthorized physical access, tampering, or theft.
*    Campus Security will control facility access, including locking, unlocking, and restricting access during designated hours
*    Campus Security will conduct routine patrols of all buildings (both interior and exterior) after normal business hours to assure buildings and departments remain secure
*    Campus Security will check any individual found in a secured area after hours to assure they are authorized<br />
 
'''After Hours Access to Campus Buildings/Departments'''
   
* Workforce authorized to access specific buildings and/or departments within a building may have a key issued to them in accordance with Key Control Procedures
*    If card access is available to a building or department, workforce authorized access to the building/department may be granted access via card access in accordance with UNMC Policy No. 6009, Secure Area Card Access Control Policy and Secure Card Access Control Procedures<br />
 
'''Securing Clinics and Health Care Centers Located Off Main Campus'''
   
:Managers of locations off the main campus are responsible for:     
# Evaluating and performing a risk assessment for their Clinic/Healthcare Center
#        Working with Facilities Management and Campus Security to develop appropriate polices and procedures for securing their work areas     
# Training and instructing staff members on how to properly secure patient related information
#        Securing buildings after hours<br />
 
Securing Department Areas During Cleaning
   
* Department management in conjunction with Environmental Services (EVS) management is responsible for performing a risk assessment of the physical security of the area when cleaning of the area takes place
*    It is department management responsibility to know the cleaning schedule and to inform EVS of any changes which might impact the physical security of the area during the cleaning hours
*    If after normal business hours, EVS will ensure that the main door to the area remains locked where possible. If it is not possible to lock off the area, EVS and department management will evaluate options to mitigate the risk<br />
 
=== Definitions ===
<br />
 
'''Privacy''' is defined as the right of individuals to keep information about themselves from being disclosed.
 
'''Proprietary information''' refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records as defined in UNMC Policy No. 6045, Privacy, Confidentiality and Information Security.
 
'''Protected Health Information (PHI)''' is individually identifiable health information.  Health information means any information, whether oral or recorded in any medium, that:
   
* is created or received by UNMC; and
*    relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.<br />
 
Records containing PHI, in any form, are the property of UNMC. The PHI contained in the record is the property of the individual who is the subject of the record.
 
Workforce refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.
 
For more information on facility security, contact Gary Svanda, Campus Security.
 
Key Control Procedures / Secure Card Access Control Procedures
 
This is a new UNMC Policy.<br />
 
This page updated on Friday, March 03, 2006, by dkp.  Reviewed with minor changes on February 17, 2006.