Privacy/Confidentiality: Difference between revisions

Privacy/Confidentiality (view source)

Revision as of 14:54, November 29, 2022

756 bytes added , November 29, 2022

no edit summary

VisualWikitext

Dpanowic

Administrators

2,654

edits

@@ Line 30: / Line 30: @@
 Policy No.: '''6045'''<br />
 Effective Date: '''11/21/03'''<br />
-Revised Date: '''09/09/22 draft'''<br />
+Revised Date: '''11/29/22 draft'''<br />
 Reviewed Date: ''' '''<br />
 <br />
@@ Line 70: / Line 70: @@
 ##Records signed out to the attending physician's office or other authorized areas shall be returned to the Health Information Management Department as soon as possible (preferably by 5:00 pm each working day).
 #Editing, authenticating and correcting the medical record.
-##Please reference, policy, “Contents of Medical Record”, for editing and authenticating the medical record.'''(Nebraska Medicine Policy number??)'''
+##See Nebraska Medicine Policy, “Contents of Medical Record”, for editing and authenticating the medical record.'''(Nebraska Medicine Policy number??)'''
-#Business Associate agreements/addenda shall be executed with each Business Associate (
+#[https://wiki.unmc.edu/index.php/Business_Associate_Agreements_and_Addendums_Procedures A Business Associate Agreement or Addenda] shall be executed with each Business Associate
 #Human Subjects Research shall be conducted in accordance with UNMC’s [https://guides.unmc.edu/books/hrpp-policies-and-procedures Human Research Protection Program (HRPP) Policies and Procedures], including HRPP Policy 3.4, “Use of Protected Health Information in Research" and UNMC Policy No. 6057, [[Use and Disclosure of Protected Health Information]].
 #Retention of the designated record set and other protected health information shall be in accordance with federal, state and local laws and regulatory association guidelines. Documents required to demonstrate HIPAA compliance shall be retained for a period of six years.
 == Definitions  ==
 ===Affiliated Covered Entity (ACE)===
-Legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members. Access and amendment rights apply to designated record sets throughout the ACE.
+Legally separate covered entities that are affiliated and designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center and Nebraska Pediatric Practice, Inc. d/b/a Children’s Specialty Physicians. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members. Access and amendment rights apply to designated record sets throughout the ACE.
 ===Business Associate===
-A third party that performs services on behalf of Nebraska Medicine/UNMC (that involve the creation, receipt, maintenance or transmission of protected health information). Some examples of such services include claims processing, data analysis, data processing, practice management, utilization review, quality assurance, patient safety activities, billing, benefit management and repricing.
+A third party who performs services on behalf of Nebraska Medicine/UNMC that involve the creation, receipt, maintenance or transmission of PHI. Some examples of such services include claims processing, data analysis, data processing, practice management, utilization review, quality assurance, patient safety activities, billing, benefit management and repricing.
 ===Designated Record Set (DRS)===
 Includes medical records and billing records about Individuals maintained by or for UNMC/ACE and any other record used by an ACE entity to make decisions about Individuals. Exact duplicates of records maintained by business associates are not considered part of the DRS.
 ===Individual===
-The person who is the subject of the PHI. Personal representatives of the patient have the same rights as the Individual under HIPAA (i.e., they “step into the shoes” of the Individual). Personal representatives include the legal guardian and anyone else authorized by law to act on behalf of the Individual. Reference Nebraska Medicine Consents and Permits policy, MS14.
+The person who is the subject of the PHI. Personal representatives of the patient have the same rights as the Individual under HIPAA (i.e., they “step into the shoes” of the Individual). Personal representatives include the legal guardian and anyone else authorized by law to act on behalf of the Individual. (See Nebraska Medicine Consents and Permits policy, MS14).
 ===Protected Health Information (PHI)===
 Individually identifiable health information including demographic information, collected from an Individual, whether oral or recorded in any medium, that:
-*is created or received by UNMC/Nebraska Medicine; and
+*is created or received by UNMC/ACE; and
 *relates to the past, present or future physical or mental health or condition of an Individual; the provision of health care to an Individual; or the past, present or future payment for the provision of health care to an Individual and identifies the Individual or with respect to which there is a reasonable basis to believe the information can be used to identify the Individual.
 PHI includes genetic information, which includes information about the following items (and excludes information about an Individual’s sex or age):
@@ Line 97: / Line 97: @@
 *employment records held by UNMC in its role as employer.
 ===Workforce===
-Employees, medical staff, volunteers, trainees and other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.<br />
+Employees, medical staff, volunteers, trainees and other persons whose conduct, in the performance of work for Nebraska Medicine/UNMC, is under the direct control of Nebraska Medicine/UNMC, whether or not they are paid by Nebraska Medicine/UNMC.<br />
 <br />
 '''''In addition for purposes of this policy.'''''
@@ Line 126: / Line 126: @@
 *UNMC Policy No. 8000, [[Compliance Program]]
 *UNMC Policy No. 8009, [[Contracts]]
+*[https://wiki.unmc.edu/index.php/Business_Associate_Agreements_and_Addendums_Procedures Business Associate Agreements and Addendums Procedures]
 *UNMC’s [https://guides.unmc.edu/books/hrpp-policies-and-procedures Human Research Protection Program (HRPP) Policies and Procedures], including HRPP Policy 3.4, “Use of Protected Health Information in Research
 *Nebraska Medicine Consents and Permits policy, MS14
@@ Line 152: / Line 153: @@
 *[https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/university-of-nebraska-information-security-plan.pdf Executive Memorandum No. 26, Information Security Plan - Gramm Leach Bliley Compliance]
 *[https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/hipaa-compliance-policy.pdf Executive Memorandum No. 27, HIPAA Compliance Policy]
+*Executive Memorandum No. 41, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-on-research-and-data-security.pdf Policy on Research Data and Security]
+*Executive Memorandum No. 42, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-on-risk-classification-and-minimum-security-standards.pdf Policy on Risk Classification and Minimum Security Standards]
 *[https://www.unmc.edu/com/about/gme/housestaffmanual.pdf University of Nebraska Affiliated Hospital House Staff Manual 2022 – 2023]
 *[https://www.unmc.edu/vcr/about/research-handbook-web.pdf Research Handbook]

Privacy/Confidentiality: Difference between revisions

Privacy/Confidentiality (view source)

Revision as of 14:54, November 29, 2022

Navigation menu

Search