2,654
edits
Privacy/Confidentiality: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 30: | Line 30: | ||
Policy No.: '''6045'''<br /> | Policy No.: '''6045'''<br /> | ||
Effective Date: '''11/21/03'''<br /> | Effective Date: '''11/21/03'''<br /> | ||
Revised Date: ''' | Revised Date: '''09/09/22 draft'''<br /> | ||
Reviewed Date: ''' '''<br /> | Reviewed Date: ''' '''<br /> | ||
<br /> | <br /> | ||
| Line 45: | Line 45: | ||
##Right to request an accounting of disclosures (see UNMC Policy No. 6061, [https://wiki.unmc.edu/index.php/Accounting_of_PHI_Disclosures Accounting of Protected Health Information Disclosures]); | ##Right to request an accounting of disclosures (see UNMC Policy No. 6061, [https://wiki.unmc.edu/index.php/Accounting_of_PHI_Disclosures Accounting of Protected Health Information Disclosures]); | ||
##Right to receive a Notice of Privacy Practices (see UNMC Policy No. 6058, [https://wiki.unmc.edu/index.php/Notice_of_Privacy_Practices Notice of Privacy Practices]); and | ##Right to receive a Notice of Privacy Practices (see UNMC Policy No. 6058, [https://wiki.unmc.edu/index.php/Notice_of_Privacy_Practices Notice of Privacy Practices]); and | ||
##Right to file a complaint internally with the Patient Relations Department or with the U.S. Department of Health and Human Services Office for Civil Rights (see UNMC Policy No. 6058, [https://wiki.unmc.edu/index.php/Notice_of_Privacy_Practices Notice of Privacy Practices], | ##Right to file a complaint internally with the Patient Relations Department or with the U.S. Department of Health and Human Services Office for Civil Rights (see UNMC Policy No. 6058, [https://wiki.unmc.edu/index.php/Notice_of_Privacy_Practices Notice of Privacy Practices], UNMC Policy No. 6062, [[Patient/Consumer Complaints]] and '''Nebraska Medicine Patient Complaint and Grievance Management policy''' ''''' needpolicy #'''''<br /> '''Individuals shall not be asked to waive these rights as a condition of receiving treatment.''' | ||
#Nebraska Medicine/UNMC is responsible for safeguarding and protecting confidential information against loss, tampering and use by or disclosure to unauthorized individuals. The safeguarding of confidential information in any form includes when the information is stored and/or being transferred outside the facility (see UNMC Policy No. 6073, [[Transporting Protected Health Information]]). | #Nebraska Medicine/UNMC is responsible for safeguarding and protecting confidential information against loss, tampering and use by or disclosure to unauthorized individuals. The safeguarding of confidential information in any form includes when the information is stored and/or being transferred outside the facility (see UNMC Policy No. 6073, [[Transporting Protected Health Information]]). | ||
#Nebraska Medicine/UNMC workforce has a duty to protect confidential information. Breach of this duty includes but is not limited to the following: | #Nebraska Medicine/UNMC workforce has a duty to protect confidential information. Breach of this duty includes but is not limited to the following: | ||
| Line 76: | Line 76: | ||
== Definitions == | == Definitions == | ||
===Affiliated Covered Entity (ACE)=== | ===Affiliated Covered Entity (ACE)=== | ||
Legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members. Access and amendment rights apply to designated record sets throughout the ACE. | Legally separate covered entities that are affiliated and designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center and Nebraska Pediatric Practice, Inc. d/b/a Children’s Specialty Physicians. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members. Access and amendment rights apply to designated record sets throughout the ACE. | ||
===Business Associate=== | ===Business Associate=== | ||
A third party that performs services on behalf of Nebraska Medicine/UNMC (that involve the creation, receipt, maintenance or transmission of protected health information). Some examples of such services include claims processing, data analysis, data processing, practice management, utilization review, quality assurance, patient safety activities, billing, benefit management and repricing. | A third party that performs services on behalf of Nebraska Medicine/UNMC (that involve the creation, receipt, maintenance or transmission of protected health information). Some examples of such services include claims processing, data analysis, data processing, practice management, utilization review, quality assurance, patient safety activities, billing, benefit management and repricing. | ||
| Line 99: | Line 99: | ||
Employees, medical staff, volunteers, trainees and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.<br /> | Employees, medical staff, volunteers, trainees and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.<br /> | ||
<br /> | <br /> | ||
In addition for purposes of this policy. | '''''In addition for purposes of this policy.''''' | ||
===Information Security=== | ===Information Security=== | ||
The set of policies and practices designed to protect PHI from any unauthorized access, use, disclosure, modification, destruction or loss. | The set of policies and practices designed to protect PHI from any unauthorized access, use, disclosure, modification, destruction or loss. | ||
| Line 126: | Line 126: | ||
*UNMC Policy No. 8000, [[Compliance Program]] | *UNMC Policy No. 8000, [[Compliance Program]] | ||
*UNMC Policy No. 8009, [[Contracts]] | *UNMC Policy No. 8009, [[Contracts]] | ||
*UNMC’s[https://guides.unmc.edu/books/hrpp-policies-and-procedures Human Research Protection Program (HRPP) Policies and Procedures], including HRPP Policy 3.4, “Use of Protected Health Information in Research | *UNMC’s [https://guides.unmc.edu/books/hrpp-policies-and-procedures Human Research Protection Program (HRPP) Policies and Procedures], including HRPP Policy 3.4, “Use of Protected Health Information in Research | ||
*Nebraska Medicine Consents and Permits policy, MS14 | *Nebraska Medicine Consents and Permits policy, MS14 | ||
*UNMC [https://info.unmc.edu/its-security/policies/procedures/data-classification.html Data Classification Procedure] | *UNMC [https://info.unmc.edu/its-security/policies/procedures/data-classification.html Data Classification Procedure] | ||
| Line 141: | Line 141: | ||
*[http://info.unmc.edu/wiki/index.php/Faculty_Handbook UNMC Faculty Handbook: Operating Procedures] | *[http://info.unmc.edu/wiki/index.php/Faculty_Handbook UNMC Faculty Handbook: Operating Procedures] | ||
*[http://catalog.unmc.edu/general-information/ Student Handbook] | *[http://catalog.unmc.edu/general-information/ Student Handbook] | ||
*[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] | |||
*[https://www.cdc.gov/phlp/publications/topic/hipaa.html Health Insurance Portability and Accountability Act of 1996] (HIPAA) | *[https://www.cdc.gov/phlp/publications/topic/hipaa.html Health Insurance Portability and Accountability Act of 1996] (HIPAA) | ||
*[https://www.cdc.gov/phlp/publications/topic/hipaa.html#security-rule HIPAA Security Rule] | *[https://www.cdc.gov/phlp/publications/topic/hipaa.html#security-rule HIPAA Security Rule] | ||
*[http://www.ftc.gov/privacy/privacyinitiatives/glbact.html Gramm-Leach-Bliley Act] (GLBA) | *[http://www.ftc.gov/privacy/privacyinitiatives/glbact.html Gramm-Leach-Bliley Act] (GLBA) | ||
*[http://www.ed.gov/offices/OM/fpco/ferpa/index.html Family Educational Rights and Privacy Act] (FERPA) | *[http://www.ed.gov/offices/OM/fpco/ferpa/index.html Family Educational Rights and Privacy Act] (FERPA) | ||
*University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-bylaws.pdf?la=en Board of Regents Bylaws] | *University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-bylaws.pdf?la=en Board of Regents Bylaws] | ||
*University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-policies.pdf?la=en Board of Regents Policies] | *University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-policies.pdf?la=en Board of Regents Policies] | ||
| Line 156: | Line 155: | ||
*[https://www.unmc.edu/vcr/about/research-handbook-web.pdf Research Handbook] | *[https://www.unmc.edu/vcr/about/research-handbook-web.pdf Research Handbook] | ||
*[http://www.unmc.edu/irb/ Institutional Review Board Guidelines] | *[http://www.unmc.edu/irb/ Institutional Review Board Guidelines] | ||
*[https://csrc.nist.gov/Projects/protecting-controlled-unclassified-information/sp-800-171 Protecting Controlled Unclassified Information (CUI) | *[https://csrc.nist.gov/Projects/protecting-controlled-unclassified-information/sp-800-171 Protecting Controlled Unclassified Information] (CUI) | ||
*[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final Security and Privacy Controls for Information Systems and Organizations] | *[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final Security and Privacy Controls for Information Systems and Organizations] | ||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. | ||