University of Nebraska Medical Center

Contracts: Difference between revisions

Page Discussion

Contracts (view source)

Revision as of 13:41, December 5, 2013

1,008 bytes added ,  December 5, 2013
no edit summary
VisualWikitext
No edit summary
No edit summary
Line 31: Line 31:
* [http://www.nebraska.edu/docs/president/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29.pdf University of Nebraska Executive Memorandum No. 26], Information Security Plan   
* [http://www.nebraska.edu/docs/president/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29.pdf University of Nebraska Executive Memorandum No. 26], Information Security Plan   
* [http://www.nebraska.edu/docs/president/27%20HIPAA%20Compliance.pdf University of Nebraska Executive Memorandum No. 27], HIPAA Compliance Plan   
* [http://www.nebraska.edu/docs/president/27%20HIPAA%20Compliance.pdf University of Nebraska Executive Memorandum No. 27], HIPAA Compliance Plan   
* [http://www.hhs.gov/ocr/hipaa/privrulepd.pdf Health Insurance Portability and Accountability Act of 1996] (HIPAA) [45 CFR §164.502(e)(1)]   
* [http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf Health Insurance Portability and Accountability Act of 1996] (HIPAA) [45 CFR §164.502(e)(1)]   
* [http://www.ftc.gov/privacy/glbact/ Gramm-Leach-Bliley Act] (GLBA) [12 CFR §225.28]   
* [http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf Gramm-Leach-Bliley Act](GLBA)[12 CFR §225.28]   
==Policy==                                                       
==Policy==                                                       
=== Written Agreements Required ===
=== Written Agreements Required ===
Line 61: Line 61:
<br />
<br />
<br />
<br />
The [http://sapphire.nebraska.edu/standard/Business_forms.asp?Campus=UNMC&Want=Forms&Heading=HIPAA Business Associate Addendum] describes the permitted uses of the PHI and the business associate’s responsibilities regarding it. If a business associate relationship exists with no written contract, a [http://sapphire.nebraska.edu/standard/Business_forms.asp?Campus=UNMC&Want=Forms&Heading=HIPAA Business Associate Agreement] must be signed.       
The Business Associate Addendum describes the permitted uses of the PHI and the business associate’s responsibilities regarding it. If a business associate relationship exists with no written contract, a Business Associate Agreement must be signed.       
====Use of Protected Student Financial Information (PSFI) by an Outside Entity====
====Use of Protected Student Financial Information (PSFI) by an Outside Entity====
When a person or entity outside UNMC, The Nebraska Medical Center, UDA, and UNMC-P performs a function or activity on behalf of UNMC that involves protected student financial information (PSFI), a [https://unebapps01.nebraska.edu/slugo/download.nsf/UNMCWinFile?OpenView&Start=1&Count=50&Expand=2.3 Gramm-Leach-Bliley Act] (GLBA) Addendum must be added to the contract for GLBA compliance.   
When a person or entity outside UNMC, The Nebraska Medical Center, UDA, and UNMC-P performs a function or activity on behalf of UNMC that involves protected student financial information (PSFI), a [http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf Gramm-Leach-Bliley Act](GLBA) Addendum must be added to the contract for GLBA compliance.   
<br />
<br />
<br />
<br />
The GLBA addendum describes the permitted uses of the PSFI and the service provider’s responsibilities regarding it. If a service provider relationship exists with no written contract, a GLBA agreement must be signed.  
The GLBA addendum describes the permitted uses of the PSFI and the service provider’s responsibilities regarding it. If a service provider relationship exists with no written contract, a GLBA agreement must be signed.  
====Use of UNMC Information Systems====
====Use of UNMC Information Systems====
When a person or entity outside UNMC, The Nebraska Medical Center, UDA and UNMC-P (“service provider”) requires electronic access to UNMC private network resources, and is not a business associate, the service provider shall sign a [http://sapphire.nebraska.edu/standard/Business_forms.asp?Campus=UNMC&Want=Forms&Heading=HIPAA Business Partner Agreement or Addendum].
When a person or entity outside UNMC, The Nebraska Medical Center, UDA and UNMC-P (“service provider”) requires electronic access to UNMC private network resources, and is not a business associate, the service provider shall sign a Business Partner Agreement or Addendum.
<br />
<br />
<br />
<br />
[http://sapphire.nebraska.edu/standard/html/wa08_Business_forms.asp?Campus=UNMC&Want=Forms&Heading=HIPAA Academic Affiliation Agreements]. Academic Affiliation agreements are required for all organizations accepting UNMC students and for all students who come to UNMC from other educational institutions for clinical experience. The academic affiliation template shall be used. Any modifications to the academic affiliation template must be approved by the Office of the Vice Chancellor for Academic Affairs. A fully executed original copy of the agreement is kept on file in the Office of the Vice Chancellor for Academic Affairs.
Academic Affiliation agreements are required for all organizations accepting UNMC students and for all students who come to UNMC from other educational institutions for clinical experience. The academic affiliation template shall be used. Any modifications to the academic affiliation template must be approved by the Office of the Vice Chancellor for Academic Affairs. A fully executed original copy of the agreement is kept on file in the Office of the Vice Chancellor for Academic Affairs.
== Definitions ==
== Definitions ==
'''Business Associate''' is defined as a person or entity outside UNMC, The Nebraska Medical Center, University Dental Associates (UDA), and UNMC Physicians (UNMC-P) (the affiliated covered entity) that performs a function or activity on behalf of UNMC that involves the use or disclosure of protected health information (PHI). Health care providers providing treatment are exempt from the business associate requirements.
'''Business Associate''' is defined as a person or entity outside UNMC, The Nebraska Medical Center, University Dental Associates (UDA), and UNMC Physicians (UNMC-P) (the affiliated covered entity) that performs a function or activity on behalf of UNMC that involves the use or disclosure of protected health information (PHI). Health care providers providing treatment are exempt from the business associate requirements.
Line 85: Line 85:
'''Protected Student Financial Information (PSFI)''' is information that UNMC has obtained from a student in the process of offering a financial product or service, or such information provided to UNMC by another financial institution.  Offering a financial product or service includes offering student loans to students, receiving tax information from a student’s parent when offering a financial aid package and other financial services.  Examples of student financial information include addresses, phone numbers, bank and credit account numbers, income and credit histories, and social security numbers in both paper and electronic format.
'''Protected Student Financial Information (PSFI)''' is information that UNMC has obtained from a student in the process of offering a financial product or service, or such information provided to UNMC by another financial institution.  Offering a financial product or service includes offering student loans to students, receiving tax information from a student’s parent when offering a financial aid package and other financial services.  Examples of student financial information include addresses, phone numbers, bank and credit account numbers, income and credit histories, and social security numbers in both paper and electronic format.
==Additional Information==
==Additional Information==
*For additional information, please contact the [mailto:swrobel@unmc.edu Compliance Officer] or the [mailto:kswartsl@unmc.edu Director, Business Services], or see [[Business Associate Agreements and Addendums Procedures]].
*For additional information, please contact the [mailto:swrobel@unmc.edu Compliance Officer] or the [mailto:kswartsl@unmc.edu Director, Business Services]
*[http://wiki.unmc.edu/images/f/f4/ContractSignature.pdf Contract Signature Authority Table]<br />
*See [[Business Associate Agreements and Addendums Procedures]].
*[http://webmedia.unmc.edu/policy/8009IndepContTempl.doc Independent Contractor Agreement Template]*[http://sapphire.nebraska.edu/standard/Business_forms.asp?Campus=UNMC&Want=Forms&Heading=HIPAA Business Partner Agreement or Addendum]  
*[http://www.nebraska.edu/board/bylaws2006.pdf Section 6.4 of the Bylaws of the Board of Regents] (BOR) of the University of Nebraska Board of Regents Policy on Administrative Approval of University Contracts ([http://www.nebraska.edu/docs/board/RegentPolicies.pdf RP – 6.3.1]) 
*[http://sapphire.nebraska.edu/standard/Business_forms.asp?Campus=UNMC&Want=Forms&Heading=HIPAA Business Associate Agreements and Addendums]
*University of Nebraska [http://www.nebraska.edu/docs/president/13%20Delegation%20to%20Approve%20Academic-Admin%20Personnel%20Actions.pdf Executive Memorandum 13], Delegation of Administrative Authority to Approve Academic-Administrative Personnel Actions 
*[http://www.nebraska.edu/docs/president/14%20Authority%20to%20Approve%20Contracts.pdf University of Nebraska Executive Memorandum 14], Delegation of Administrative Authority to Approve Certain Types of University Contracts, and Requirements for Submittal and Execution of Contracts Requiring Approval by the Board of Regents 
*[http://www.nebraska.edu/docs/president/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29.pdf University of Nebraska Executive Memorandum No. 26], Information Security Plan 
*[http://www.nebraska.edu/docs/president/27%20HIPAA%20Compliance.pdf University of Nebraska Executive Memorandum No. 27], HIPAA Compliance Plan 
*[http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf Health Insurance Portability and Accountability Act of 1996] (HIPAA) [45 CFR §164.502(e)(1)] 
*[http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf Gramm-Leach-Bliley Act](GLBA) 12 CFR §225.28] 
*[http://wiki.unmc.edu/images/f/f4/ContractSignature.pdf Contract Signature Authority Table]
*[http://www.irs.ustreas.gov/pub/irs-pdf/p1779.pdf IRS Publications 1779] and [http://www.irs.gov/pub/irs-pdf/p15a.pdf 15-A].
*[http://webmedia.unmc.edu/policy/8009IndepContTempl.doc Independent Contractor Agreement Template]
*UNMC Sapphire for Business Partner and Business Associate Agreements and Addendums


This page maintained by [mailto:dpanowic@unmc.edu dkp].
This page maintained by [mailto:dpanowic@unmc.edu dkp].
Retrieved from "https://wiki.unmc.edu/index.php/Special:MobileDiff/4505"