|Human Resources||Safety/Security||Research Compliance||Compliance||Privacy/Information Security||Business Operations||Intellectual Property|
Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training
Policy No.: 6045
Effective Date: 11/21/03
Revised Date: DRAFT
Reviewed Date: DRAFT
Privacy, Confidentiality and Information Security Policy
Basis for Policy
To maintain the privacy, confidentiality and security of patient and proprietary information and comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). UNMC workforce and business associates have access to individually identifiable health information (protected health information) and proprietary information. For purposes of this policy, confidential information means protected health information and proprietary information.
It is the policy of UNMC to maintain strict confidentiality and security of protected health information and proprietary information.
Definitions (as defined by HIPAA 45 CFR 164.501)
- Affiliated Covered Entity (ACE) means University of Nebraska Medical Center, The Nebraska Medical Center, UNMC Physicians, University Dental Associates, Bellevue Medical Center and The Nebraska Pediatric Practice Plan as one covered entity for the purpose of sharing PHI under HIPAA.
- Business Associate means a third party who performs services on behalf of UNMC and has access to protected health information (PHI) when performing services; or provides one of the following services for UNMC involving access to PHI: claims processing, data analysis, data processing, practice management, utilization review, quality assurance, billing, benefit management, and repricing.
- Designated record set is the medical record and billing record.
- Individual means the person who is the subject of the protected health information (including UNMC employees who are patients).
- Information Security is the ability to control access and protect information from unauthorized alteration, destruction, loss or accidental or intentional disclosure to unauthorized persons.
- Protected health information (PHI) is individually identifiable health information. Health information means any information, whether oral or recorded in any medium that:
- is created or received by UNMC; and
- relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
- Proprietary Information is information relating to business practices, including but not limited to financial statements, contracts, and business plans; employee records; and meeting minutes.
- Workforce means employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC is under the direct control of UNMC, whether or not they are paid by UNMC.
- Employee records refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
- Student education records means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by the Affiliated Covered Entity. Student education records are covered by the Family Educational Rights and Privacy Act (FERPA).
- Contact the Privacy or Information Security Officers
- Privacy, Confidentiality and Information Security Procedures
- Job Shadowing Procedures
- Information Security Plan
- Telehealth Procedures
- Privacy Incident Response and Breach Notification Procedures
- Copyright and Disclaimer
- Destruction of Private and Confidential Information Procedures
- Procedures for Obtaining Informed Consent for UNMC Audio-Visual Media Production and Distribution
- Human Resources Performance Management Procedures
- UNMC Faculty Handbook: Operating Procedures
- UNMC Student Handbook: Academic Policies
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Gramm-Leach-Bliley Act (GLBA)
- Family Educational Rights and Privacy Act (FERPA)
- Nebraska Free Flow of Information Act (§ 20-144, 20-145, 20-146, 20-1470
- Nebraska Rev. Statutes § 84-712, 84-712.01, 84-712.02, 84-712.03, 84-712.04, 84-712.05, 84-712.06, 84-712.07, 84-712.08, 84-712.09
- Board of Regents Bylaws and Policies
- Executive Memorandum No. 16, Responsible Use of Information Resources, Technology and Networks
- Executive Memorandum No. 22, Public Record Requests
- Executive Memorandum No. 26, Information Security Plan
- Executive Memorandum No. 27, HIPAA Compliance Policy
- UNMC Policy No. 8000, Compliance Program
- UNMC Privacy and Information Security Policies
- UNMC Policy No. 6036, Reproduction of Copyrighted Materials Policy
- UNMC Policy No. 6052, Contract or Agreement for Student Training Policy
- UNMC Human Resources Procedures
- University of Nebraska Residency Program Policies and Procedures
- Research Handbook
- Institutional Review Board Guidelines
- Information Technology Services Procedures
This page maintained by dkp.