Privacy/Confidentiality

From University of Nebraska Medical Center
Revision as of 16:07, July 10, 2017 by Dpanowic (Talk | contribs)

Jump to: navigation, search
Human Resources   Safety/Security   Research Compliance   Compliance   Privacy/Information Security   Business Operations   Intellectual Property


Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training

Policy No.: 6045
Effective Date: 11/21/03
Revised Date: DRAFT
Reviewed Date: DRAFT

Privacy, Confidentiality and Information Security Policy

Basis for Policy

To maintain the privacy, confidentiality and security of patient and proprietary information and comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). UNMC workforce and business associates have access to individually identifiable health information (protected health information) and proprietary information. For purposes of this policy, confidential information means protected health information and proprietary information.

Policy

It is the policy of UNMC to maintain strict confidentiality and security of protected health information and proprietary information.

Definitions (as defined by HIPAA 45 CFR 164.501)

  • Affiliated Covered Entity (ACE) means University of Nebraska Medical Center, The Nebraska Medical Center, UNMC Physicians, University Dental Associates, Bellevue Medical Center and The Nebraska Pediatric Practice Plan as one covered entity for the purpose of sharing PHI under HIPAA.
  • Business Associate means a third party who performs services on behalf of UNMC and has access to protected health information (PHI) when performing services; or provides one of the following services for UNMC involving access to PHI: claims processing, data analysis, data processing, practice management, utilization review, quality assurance, billing, benefit management, and repricing.
  • Designated record set is the medical record and billing record.
  • Individual means the person who is the subject of the protected health information (including UNMC employees who are patients).
  • Information Security is the ability to control access and protect information from unauthorized alteration, destruction, loss or accidental or intentional disclosure to unauthorized persons.
  • Protected health information (PHI) is individually identifiable health information. Health information means any information, whether oral or recorded in any medium that:
  • is created or received by UNMC; and
  • relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
  • Proprietary Information is information relating to business practices, including but not limited to financial statements, contracts, and business plans; employee records; and meeting minutes.
  • Workforce means employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC is under the direct control of UNMC, whether or not they are paid by UNMC.
  • Employee records refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
  • Student education records means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by the Affiliated Covered Entity. Student education records are covered by the Family Educational Rights and Privacy Act (FERPA).

Additional Information


This page maintained by dkp.