Privacy/Confidentiality: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 28: | Line 28: | ||
Effective Date: '''11/21/03'''<br /> | Effective Date: '''11/21/03'''<br /> | ||
Revised Date: '''08/20/07'''<br /> | Revised Date: '''08/20/07'''<br /> | ||
Reviewed Date: ''' | Reviewed Date: '''DRAFT'''<br /> | ||
<br /> | <br /> | ||
<big>'''Privacy, Confidentiality and Information Security Policy'''</big><br /><br /> | <big>'''Privacy, Confidentiality and Information Security Policy'''</big><br /><br /> | ||
== Basis for Policy == | |||
To maintain the privacy, confidentiality and security of patient and proprietary information and comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). UNMC workforce and business associates have access to individually identifiable health information (protected health information) and proprietary information. For purposes of this policy, confidential information means protected health information and proprietary information. | |||
== Policy == | |||
It is the policy of UNMC to maintain strict confidentiality and security of protected health information and proprietary information. | |||
== Definitions (as defined by HIPAA 45 CFR 164.501) == | |||
*Affiliated Covered Entity (ACE) means University of Nebraska Medical Center, The Nebraska Medical Center, UNMC Physicians, University Dental Associates, Bellevue Medical Center and The Nebraska Pediatric Practice Plan as one covered entity for the purpose of sharing PHI under HIPAA. | |||
*Business Associate means a third party who performs services on behalf of UNMC and has access to protected health information (PHI) when performing services; or provides one of the following services for UNMC involving access to PHI: claims processing, data analysis, data processing, practice management, utilization review, quality assurance, billing, benefit management, and repricing. | |||
*Designated record set is the medical record and billing record. | |||
*Individual means the person who is the subject of the protected health information (including UNMC employees who are patients). | |||
*Information Security is the ability to control access and protect information from unauthorized alteration, destruction, loss or accidental or intentional disclosure to unauthorized persons. | |||
*Protected health information (PHI) is individually identifiable health information. Health information means any information, whether oral or recorded in any medium that: | |||
:*is created or received by UNMC; and | |||
:*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. | |||
*Proprietary Information is information relating to business practices, including but not limited to financial statements, contracts, and business plans; employee records; and meeting minutes. | |||
*Workforce means employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC is under the direct control of UNMC, whether or not they are paid by UNMC. | |||
*Employee records refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University. | |||
*Student education records means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by the Affiliated Covered Entity. Student education records are covered by the Family Educational Rights and Privacy Act (FERPA). | |||
==Additional Information== | |||
<br /> | |||
For more information, contact the Privacy or Information Security Officers, or see the following resources: | |||
* [http://www.unmc.edu/hipaa/_documents/6045-procedure.doc Privacy, Confidentiality and Information Security Procedures] | |||
* [https://wiki.unmc.edu/index.php/Job_Shadowing_Procedure Job Shadowing Procedures] | |||
* [https://info.unmc.edu/its-security/policies/plan.html Information Security Plan] | |||
* [http://info.unmc.edu/media/its/strohben/HIPAA/UNMCHIPAACompliancePlan_05%20review.pdf HIPAA Compliance Plan] | |||
* [http://www.unmc.edu/hipaa/_documents/telehealth-final.pdf Telehealth Procedures] | |||
* [http://www.unmc.edu/media/compliance/privacy_incident_response_and_breach_notification_procedures.pdf Privacy Incident Response and Breach Notification Procedures] | |||
* [https://nebraska.edu/site-information.html?redirect=true Copyright and Disclaimer] | |||
* [https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information Procedures] | |||
* [http://wiki.unmc.edu/index.php?title=Informed_Consent_for_UNMC_Media_Production_and_Distribution_Procedures Procedures for Obtaining Informed Consent for UNMC Audio-Visual Media Production and Distribution] | |||
* [http://www.unmc.edu/hr/Proc/Procedures1097.pdf Human Resources Performance Management Procedures] | |||
* [http://info.unmc.edu/wiki/index.php/Faculty_Handbook UNMC Faculty Handbook: Operating Procedures] | |||
* [http://www.unmc.edu/studentservices/_documents/handbook.pdf UNMC Student Handbook: Academic Policies] | |||
* [http://www.unmc.edu/hipaa Health Insurance Portability and Accountability Act of 1996] (HIPAA) | * [http://www.unmc.edu/hipaa Health Insurance Portability and Accountability Act of 1996] (HIPAA) | ||
* [http://www.ftc.gov/privacy/privacyinitiatives/glbact.html Gramm-Leach-Bliley Act] (GLBA) | * [http://www.ftc.gov/privacy/privacyinitiatives/glbact.html Gramm-Leach-Bliley Act] (GLBA) | ||
Line 76: | Line 92: | ||
* [http://www.unmc.edu/its/ Information Technology Services Procedures] | * [http://www.unmc.edu/its/ Information Technology Services Procedures] | ||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. |