Difference between revisions of "Privacy/Confidentiality"

From University of Nebraska Medical Center
Jump to: navigation, search
Line 27: Line 27:
 
Policy No.: '''6045'''<br />
 
Policy No.: '''6045'''<br />
 
Effective Date: '''11/21/03'''<br />
 
Effective Date: '''11/21/03'''<br />
Revised Date: '''08/20/07'''<br />
+
Revised Date: '''DRAFT'''<br />
 
Reviewed Date: '''DRAFT'''<br />
 
Reviewed Date: '''DRAFT'''<br />
 
<br />
 
<br />
Line 48: Line 48:
 
*Employee records refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
 
*Employee records refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
 
*Student education records means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by the Affiliated Covered Entity. Student education records are covered by the Family Educational Rights and Privacy Act (FERPA).
 
*Student education records means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by the Affiliated Covered Entity. Student education records are covered by the Family Educational Rights and Privacy Act (FERPA).
 
 
 
 
==Additional Information==
 
==Additional Information==
<br />
+
* Contact the Privacy or [mailto:swelna@unmc.edu Information Security] Officers  
For more information, contact the Privacy or Information Security Officers, or see the following resources: 
+
* [https://www.unmc.edu/spa/ Privacy, Confidentiality and Information Security Procedures]
* [http://www.unmc.edu/hipaa/_documents/6045-procedure.doc Privacy, Confidentiality and Information Security Procedures]
+
 
* [https://wiki.unmc.edu/index.php/Job_Shadowing_Procedure Job Shadowing Procedures]
 
* [https://wiki.unmc.edu/index.php/Job_Shadowing_Procedure Job Shadowing Procedures]
 
* [https://info.unmc.edu/its-security/policies/plan.html Information Security Plan]
 
* [https://info.unmc.edu/its-security/policies/plan.html Information Security Plan]
* [http://info.unmc.edu/media/its/strohben/HIPAA/UNMCHIPAACompliancePlan_05%20review.pdf HIPAA Compliance Plan]
 
 
* [http://www.unmc.edu/hipaa/_documents/telehealth-final.pdf Telehealth Procedures]
 
* [http://www.unmc.edu/hipaa/_documents/telehealth-final.pdf Telehealth Procedures]
 
* [http://www.unmc.edu/media/compliance/privacy_incident_response_and_breach_notification_procedures.pdf Privacy Incident Response and Breach Notification Procedures]
 
* [http://www.unmc.edu/media/compliance/privacy_incident_response_and_breach_notification_procedures.pdf Privacy Incident Response and Breach Notification Procedures]
Line 66: Line 61:
 
* [http://info.unmc.edu/wiki/index.php/Faculty_Handbook UNMC Faculty Handbook: Operating Procedures]
 
* [http://info.unmc.edu/wiki/index.php/Faculty_Handbook UNMC Faculty Handbook: Operating Procedures]
 
* [http://www.unmc.edu/studentservices/_documents/handbook.pdf UNMC Student Handbook: Academic Policies]
 
* [http://www.unmc.edu/studentservices/_documents/handbook.pdf UNMC Student Handbook: Academic Policies]
 
 
* [http://www.unmc.edu/hipaa Health Insurance Portability and Accountability Act of 1996] (HIPAA)
 
* [http://www.unmc.edu/hipaa Health Insurance Portability and Accountability Act of 1996] (HIPAA)
 
* [http://www.ftc.gov/privacy/privacyinitiatives/glbact.html Gramm-Leach-Bliley Act] (GLBA)
 
* [http://www.ftc.gov/privacy/privacyinitiatives/glbact.html Gramm-Leach-Bliley Act] (GLBA)
 
* [http://www.ed.gov/offices/OM/fpco/ferpa/index.html Family Educational Rights and Privacy Act] (FERPA)
 
* [http://www.ed.gov/offices/OM/fpco/ferpa/index.html Family Educational Rights and Privacy Act] (FERPA)
* Nebraska Free Flow of Information Act (§ 20-144, 20-145, 20-146, 20-147
+
* Nebraska Free Flow of Information Act (§ 20-144, 20-145, 20-146, 20-1470
 
* Nebraska Rev. Statutes § 84-712, 84-712.01, 84-712.02, 84-712.03, 84-712.04, 84-712.05, 84-712.06, 84-712.07, 84-712.08, 84-712.09
 
* Nebraska Rev. Statutes § 84-712, 84-712.01, 84-712.02, 84-712.03, 84-712.04, 84-712.05, 84-712.06, 84-712.07, 84-712.08, 84-712.09
* [http://www.nebraska.edu/bylaws-and-policies.html Board of Regents Bylaws]
+
* [http://www.nebraska.edu/bylaws-and-policies.html Board of Regents Bylaws and Policies]
* [https://nebraska.edu/docs/board/RegentPolicies.pdf Board of Regents Policies]
+
 
* [http://www.nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Executive Memorandum No. 16, Responsible Use of Information Resources, Technology and Networks]
 
* [http://www.nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Executive Memorandum No. 16, Responsible Use of Information Resources, Technology and Networks]
 
* [https://nebraska.edu/docs/president/22%20Public%20Record%20Requests.pdf Executive Memorandum No. 22, Public Record Requests]
 
* [https://nebraska.edu/docs/president/22%20Public%20Record%20Requests.pdf Executive Memorandum No. 22, Public Record Requests]
Line 81: Line 74:
 
* [http://wiki.unmc.edu/index.php?title=Privacy/Information_Security UNMC Privacy and Information Security Policies]
 
* [http://wiki.unmc.edu/index.php?title=Privacy/Information_Security UNMC Privacy and Information Security Policies]
 
* [http://wiki.unmc.edu/index.php?title=Reproducing_Copyrighted_Materials UNMC Policy No. 6036, Reproduction of Copyrighted Materials Policy]
 
* [http://wiki.unmc.edu/index.php?title=Reproducing_Copyrighted_Materials UNMC Policy No. 6036, Reproduction of Copyrighted Materials Policy]
* [http://wiki.unmc.edu/index.php?title=Student_Training_Agreement UNMC Policy No. 6052, Contract or Agreement for Student Training Policy]
+
* [http://wiki.unmc.edu/index.php?title=Student_Training_Agreement UNMC Policy No. 6052, Contract or Agreement for Student Training Policy]* [http://wiki.unmc.edu/index.php?*[title=Human_Resources_-_Procedures UNMC Human Resources Procedures]
* [http://info.unmc.edu/index.php?title=wiki/index.php/Faculty_Handbook UNMC Faculty Handbook]
+
* [http://www.unmc.edu/studentservices/_documents/handbook.pdf UNMC Student Handbook]: Academic Policies
+
* [http://wiki.unmc.edu/index.php?title=Human_Resources_-_Procedures UNMC Human Resources Procedures]
+
* [http://www.unmc.edu/cctr/ Clinical Research Center Guidebook]
+
* Eppley Cancer Center Scientific Review Committee Policies and Procedures
+
 
* [http://www.unmc.edu/com/about/gme/gme-housestaff.pdf University of Nebraska Residency Program Policies and Procedures]
 
* [http://www.unmc.edu/com/about/gme/gme-housestaff.pdf University of Nebraska Residency Program Policies and Procedures]
* [http://www.unmc.edu/spa/ Sponsored Programs Administration Policies and Procedures]
+
* [https://www.unmc.edu/vcr/about/research-handbook-web.pdf Research Handbook]
 
* [http://www.unmc.edu/irb/ Institutional Review Board Guidelines]
 
* [http://www.unmc.edu/irb/ Institutional Review Board Guidelines]
 
* [http://www.unmc.edu/its/ Information Technology Services Procedures]
 
* [http://www.unmc.edu/its/ Information Technology Services Procedures]

Revision as of 16:07, July 10, 2017

Human Resources   Safety/Security   Research Compliance   Compliance   Privacy/Information Security   Business Operations   Intellectual Property


Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training

Policy No.: 6045
Effective Date: 11/21/03
Revised Date: DRAFT
Reviewed Date: DRAFT

Privacy, Confidentiality and Information Security Policy

Basis for Policy

To maintain the privacy, confidentiality and security of patient and proprietary information and comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). UNMC workforce and business associates have access to individually identifiable health information (protected health information) and proprietary information. For purposes of this policy, confidential information means protected health information and proprietary information.

Policy

It is the policy of UNMC to maintain strict confidentiality and security of protected health information and proprietary information.

Definitions (as defined by HIPAA 45 CFR 164.501)

  • Affiliated Covered Entity (ACE) means University of Nebraska Medical Center, The Nebraska Medical Center, UNMC Physicians, University Dental Associates, Bellevue Medical Center and The Nebraska Pediatric Practice Plan as one covered entity for the purpose of sharing PHI under HIPAA.
  • Business Associate means a third party who performs services on behalf of UNMC and has access to protected health information (PHI) when performing services; or provides one of the following services for UNMC involving access to PHI: claims processing, data analysis, data processing, practice management, utilization review, quality assurance, billing, benefit management, and repricing.
  • Designated record set is the medical record and billing record.
  • Individual means the person who is the subject of the protected health information (including UNMC employees who are patients).
  • Information Security is the ability to control access and protect information from unauthorized alteration, destruction, loss or accidental or intentional disclosure to unauthorized persons.
  • Protected health information (PHI) is individually identifiable health information. Health information means any information, whether oral or recorded in any medium that:
  • is created or received by UNMC; and
  • relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
  • Proprietary Information is information relating to business practices, including but not limited to financial statements, contracts, and business plans; employee records; and meeting minutes.
  • Workforce means employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC is under the direct control of UNMC, whether or not they are paid by UNMC.
  • Employee records refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
  • Student education records means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by the Affiliated Covered Entity. Student education records are covered by the Family Educational Rights and Privacy Act (FERPA).

Additional Information


This page maintained by dkp.