Honest Broker: Difference between revisions

← Older edit

Honest Broker (view source)

Revision as of 09:22, August 16, 2023

1,256 bytes added , August 16, 2023

m

263

edits

@@ Line 7: / Line 7: @@
 <td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF" width="20">[[Research Compliance]] </td>
 <td style="border-bottom:2px solid #A3B1BF" width="3">&#160;</td>
-<td style="padding:0.5em; background-color:white; line-height:0.95em; border:solid 2px #A3B1BF; border-bottom:0; font-weight:bold;" width="20">[[Compliance]]</td>
+<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF" width="20">[[Compliance]]</td>
 <td style="border-bottom:2px solid #A3B1BF" width="3">&#160;</td>
-<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF" width="20">[[Privacy/Information Security]]</td>
+<td style="padding:0.5em; background-color:white; line-height:0.95em; border:solid 2px #A3B1BF; border-bottom:0; font-weight:bold;" width="20">[[Privacy/Information Security]]</td>
 <td style="border-bottom:2px solid #A3B1BF" width="3">&#160;</td>
 <td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF" width="20">[[Business Operations]]</td>
 <td style="border-bottom:2px solid #A3B1BF" width="3">&#160;</td>
 <td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF" width="20">[[Intellectual Property]]</td>
+<td style="border-bottom:2px solid #A3B1BF" width="3">&#160;</td>
+<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"
+width="20">[[Faculty]]</td>
 </tr>
 </table>
 <br />
-[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]]
+[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Information Security Awareness and Training]]
 <br/><br/>
 Policy No.: '''6074'''<br />
@@ Line 35: / Line 38: @@
 Legally separate covered entities have designated themselves as a single covered entity for the purpose of HIPAA Compliance. Current UNMC ACE members are: UNMC, Nebraska Medicine, UNMC Physicians, University Dental Associates, Bellevue Medical Center, and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The [http://www.unmc.edu/hipaa/about/notice-privacy-practices.html Notice of Privacy Practices] lists current ACE members.
 ===Business Associate===
-A person or entity, other than a member of the workforce of a covered entity, who performs functions on behalf of a covered entity per 45 CFR 160 is a business associate.
+A third party who performs services on behalf of Nebraska Medicine/UNMC that involve the creation, receipt, maintenance or transmission of PHI in any form, even if PHI is not accessed. Some examples of such services include storage, including cloud storage, claims processing, data analysis, data processing, practice management, utilization review, quality assurance, patient safety activities, billing, benefit management and repricing.
 ===De-identification===
 De-identification refers to removal of all eighteen (18) of the HIPAA identifiers or any other identifiers which would allow the reasonable possibility for investigators or others to identify patients directly or indirectly to prevent re-identification of patients.
@@ Line 48: / Line 51: @@
 A Limited Data Set means a set of identifiable patient information, as defined by HIPAA, which has limited identifiable information which may be used solely for the purpose of research, public health, or health care operations. A Limited Data Set should be shared only upon execution of a Data Use Agreement, which is an agreement which addresses HIPAA-mandated conditions related to subsequent uses and disclosures of Limited Data Sets.
 ===Protected Health Information (PHI)===
-Protected Health Information means any information whether oral or recorded in any medium created or received by a health care provider, health plan, employer or health care clearinghouse which relates to past, present or future physical or mental health or condition of an individual, or the past, present, or future payment for the provision of health care to an individual for which there is a reasonable basis to believe the information may be used to identify an individual.
+Individually identifiable health information including demographic information, collected from an Individual, whether oral or recorded in any medium, that:
+* is created or received by UNMC/ACE; and
+* relates to the past, present or future physical or mental health or condition of an Individual; the provision of health care to an Individual; or the past, present or future payment for the provision of health care to an Individual and identifies the Individual or with respect to which there is a reasonable basis to believe the information can be used to identify the Individual.
+PHI includes genetic information, which includes information about:
+* an Individual’s genetic tests;
+* the genetic tests of an Individual’s family members; or
+* the manifestation of a disease or disorder in such Individual’s family members (i.e., family medical history).
+PHI excludes:
+* individually identifiable health information of a person who has been deceased for more than fifty (50) years.
+* education records covered by the Family Educational Rights and Privacy Act (FERPA); and
+* employment records held by UNMC in its role as employer.
 ===IRB Requirements===
 Use of human biological, samples, specimens and data or the like shall be consistent with the requirements, regulations, laws for use of such information and materials.
 ===Workforce Member===
-Workforce member refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct in the performance of work the ACE entities, or are under the direct control of an ACE entity.
+Employees, medical staff, volunteers, trainees and other persons whose conduct, in the performance of work for Nebraska Medicine/UNMC, is under the direct control of Nebraska Medicine/UNMC, whether or not they are paid by Nebraska Medicine/UNMC.
 ==Procedures==
 ===Honest Broker Requirements===
@@ Line 65: / Line 85: @@
 :*Ascertain their interest in study participation; and
 :*Obtain written authorization to share their interest in study participation with the investigators and allow patients to be contacted by researcher. The honest broker would not directly contact the patient.
-:*After secondary review by the Associate Vice Chancellor for Clinical Research, an honest broker may provide the research investigator with a list of potentially eligible patients who have agreed to be contacted for research studies they are eligible for based on their election on the Conditions of Treatment form or consistent with the Human Research Protection Program Policy #3.4 “Use of Protected Health Information in Research and Registries” for further information.
+:*After secondary review by the Associate Vice Chancellor for Clinical Research, an honest broker may provide the research investigator with a list of potentially eligible patients who have agreed to be contacted for research studies they are eligible for based on their election on the Conditions of Treatment form or consistent with the Human Research Protection Program Policy #3.4 “Use of Protected Health Information in Research” for further information.
 *Honest broker Data Requests: Individuals requesting PHI or de-identified data shall complete:
-:*the [https://unmcredcap.unmc.edu/redcap/surveys/?s=9TsTE2UGsM UNMC/Nebraska Medicine Request for Electronic Health Data Form] (research),
+:*the [https://unmcredcap.unmc.edu/redcap/surveys/?s=94TLJCCAAT UNMC/Nebraska Medicine Request for Electronic Health Data Form] (research),
 :*the Nebraska Medicine [http://newintranet.nebraskamed.com/AnalyticsRequest/Login.aspx?ReturnUrl=%2fanalyticsrequest%2f Analytics Request Form] (performance improvement) or
 :*another similar form.
@@ Line 73: / Line 93: @@
 *Appointment: honest brokers shall not be a part of the research team for which they are performing honest broker services, unless approved by the ACE Privacy Officer, the Associate Vice Chancellor for Clinical Research and the Chief, Quality/Outcomes Officer.
 *Education and Training: The proposed honest brokers responsible for a research data source must complete education and training, currently mandated by the IRB for all research investigators, prior to submitting an application.
-*The individual or the organization or team must submit an [http://www.unmc.edu/hipaa/_documents/application-for-honest-broker-certification.pdf Application for Honest Broker Certification Form] to become part of the UNMC Honest Broker System.
+*The individual or the organization or team must submit an [https://www.unmc.edu/hipaa/forms/docs/Honest-Broker-Application.pdf Application for Honest Broker Certification Form] to become part of the UNMC Honest Broker System.
 :*Applications should be submitted to the Privacy Officer for the ACE.
 *Attestation of Agreement: All honest brokers must sign a written agreement that they will abide by all relevant ACE policies including continuing adherence to the ACE honest broker certification criteria section of this policy.
@@ Line 91: / Line 111: @@
 ::*New brokers must first complete the education/certification modules as noted in the honest broker certification section above.
 ::*In accordance with UNMC/Nebraska Medicine policy, applicants who are not UNMC/Nebraska Medicine employees must complete and sign a business associate agreement (BAA).
-::*A complete revision of the each unit’s application must be submitted to the Privacy Office with any brokers to be added reflected in the revision. A copy of any relevant BAAs must accompany the revision documents.
+::*A complete revision of each unit’s application must be submitted to the Privacy Office with any brokers to be added reflected in the revision. A copy of any relevant BAAs must accompany the revision documents.
 :*Removing Brokers:  A complete revision of the application must be submitted to the Privacy Office with any brokers to be removed and the reason for the removal reflected in the revision.
 *Duties and Other Requirements of the Honest Broker: In order for a certified honest broker to work on behalf of investigators to de-identify PHI that is owned/held by UNMC, the honest broker must perform the following UNMC/Nebraska Medicine-defined duties and adhere to the following -defined requirements:
@@ Line 102: / Line 122: @@
 ::*An individual honest broker for the investigator must obtain (and retain) evidence of an appropriately executed Data Use Agreement in order to be granted access to the UNMC/Nebraska Medicine-held PHI.
 ==Additional Information==
-*Contact the [mailto:debrbishop@nebraskamed.com Privacy Officer]
+*Contact the [mailto:debrbishop@nebraskamed.edu Privacy Officer]
 *[http://www.unmc.edu/hipaa/about/notice-privacy-practices.html Notice of Privacy Practices]
-*[http://www.unmc.edu/hipaa/_documents/application-for-honest-broker-certification.pdf Application for Honest Broker Certification Form]
+*[https://www.unmc.edu/hipaa/forms/docs/Honest-Broker-Application.pdf Application for Honest Broker Certification Form]
 *[http://www.unmc.edu/hipaa/_documents/attestation-of-honest-brokers-responsibilites.pdf Attestation of Honest Brokers Responsibilities Form]
-*[https://unmcredcap.unmc.edu/redcap/surveys/?s=9TsTE2UGsM UNMC/Nebraska Medicine Request for Electronic Health Data Form]
+*[https://unmcredcap.unmc.edu/redcap/surveys/?s=94TLJCCAAT UNMC/Nebraska Medicine Request for Electronic Health Data Form]
 *Nebraska Medicine [http://newintranet.nebraskamed.com/AnalyticsRequest/Login.aspx?ReturnUrl=%2fanalyticsrequest%2f Analytics Request Form]
-*[http://www.unmc.edu/its/security/procedures/access-control.html Access Control to Information Technology Resources]
+*[https://info.unmc.edu/its-security/policies/procedures/access-control.html Access Control to Information Technology Resources]
 This page maintained by [mailto:dpanowic@unmc.ed dkp]