Retention and Destruction/Disposal of Private and Confidential Information: Difference between revisions

From University of Nebraska Medical Center
Jump to navigation Jump to search
No edit summary
(add Faculty tab)
(20 intermediate revisions by 2 users not shown)
Line 20: Line 20:
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"  
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"  
width="20">[[Intellectual Property]]</td>
width="20">[[Intellectual Property]]</td>
<td style="border-bottom:2px solid #A3B1BF" width="3">&#160;</td>
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"
width="20">[[Faculty]]</td>
</tr>
</tr>
</table>
</table>
<br />
<br />
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Confidential Information]] | [[Protected Health Information (PHI)]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]]
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Information Security Awareness and Training]]
<br /><br />
<br /><br />
POLICY NO: '''6056'''<br />
Policy No.: '''6056'''<br />
EFFECTIVE DATE: '''03/17/03'''<br />
Effective Date: '''03/17/03'''<br />
<br />
Revised Date: '''05/22/17''' <br />
<big>'''Retention and Destruction/Disposal of Private and Confidential Information Policy'''</big>
Reviewed Date: '''05/22/17'''
NOTE: These guidelines are provided to assist UNMC workforce, including those in the patient treatment areas of the Munroe-Meyer Institute, the College of Medicine Optical Shop, the Lions Eye Bank and the College of Dentistry, as applicable, comply with HIPAA regulations. Those departments and clinics which fall under the jurisdiction of  The Nebraska Medical Center and/or University Medical Associates should consult the policies and procedures of those entities for authoritative guidance.<br />
<br /><br />
<br />  
<big>'''Retention and Destruction/Disposal of Private and Confidential Information Policy'''</big>
=== Basis for Policy ===
== Basis for Policy ==
<br />
<br />
Retention and subsequent destruction/disposal of proprietary and protected health information are governed by federal and state regulations and University policies and procedures. These regulations and guidelines include, but may not be limited to:
Retention and subsequent destruction/disposal of proprietary and protected health information are governed by federal and state regulations and University policies and procedures. These regulations and guidelines include, but may not be limited to:
   
*Health Insurance Portability and Accountability Act of 1996 (HIPAA)
* Health Insurance Portability and Accountability Act of 1996 (HIPAA)
*Executive Memorandum No. 27, HIPAA Compliance Policy
*     Executive Memorandum No. 27, HIPAA Compliance Policy
*Board of Regents Bylaws
*     Board of Regents Bylaws
*Board of Regents Policies
*     Board of Regents Policies
*Privacy, Confidentiality and Information Security Policy
*     Privacy, Confidentiality and Information Security Policy
*Institutional Review Board Guidelines, Retention of Research Records for Non-Exempt Research
*     Institutional Review Board Guidelines, Retention of Research Records for Non-Exempt Research
*Information Technology Services Procedures
*     Information Technology Services Procedures
*[http://www.sos.ne.gov/records-management/schedule_170.html UNMC Record Retention Schedule]
*     [http://www.sos.ne.gov/records-management/schedule_170.html UNMC Record Retention Schedule]<br />
==Policy==
<br />
===Retention===
=== Policy ===
It is the policy of the University of Nebraska Medical Center (UNMC) and its affiliated entities to ensure the privacy and security of confidential information in the maintenance, retention, and eventual destruction/disposal of such media. All destruction/disposal of confidential information media will be done in accordance with federal and state law and pursuant to the UNMC Record Retention Schedule. Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner.
<br />
'''Retention'''


It is the policy of the University of Nebraska Medical Center (UNMC) and its affiliated entities to ensure the privacy and security of proprietary and protected health information in the maintenance, retention, and eventual destruction/disposal of such media. All destruction/disposal of patient health information media will be done in accordance with federal and state law and pursuant to the UNMC Record Retention Schedule. Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner.  
The retention schedule for destruction/disposal shall be suspended for records involved in any open investigation, audit, or litigation, as well as where specific contract provisions specify record retentions requirements.  


The retention schedule for destruction/disposal shall be suspended for records involved in any open investigation, audit, or litigation. Individuals who know or suspect that confidentiality has been breached by another person or persons have a responsibility to report the breach to the respective supervisor or administrator or to the Human Resources Department. Employees should not confront the individual under suspicion or initiate investigations on their own, as such actions could compromise any ensuing investigation. All individuals are to cooperate fully with those performing an investigation pursuant to this policy.  
Individuals who know or suspect that confidentiality has been breached by another person or persons have a responsibility to report the breach to the respective supervisor or administrator or to the Human Resources Department. Employees should not confront the individual under suspicion or initiate investigations on their own, as such actions could compromise any ensuing investigation. All individuals are to cooperate fully with those performing an investigation pursuant to this policy.  


'''Disposal/Destruction'''
If a preservation notice is received, the record retention schedule shall be suspended until the preservation notice terminates.
===Disposal/Destruction===
All paper waste must be placed in a recycling container. UNMC will ensure that all confidential paper waste is secured from the time it is collected until the time it is shredded by the selected vendor. 


Department administration shall determine what information entrusted to their department is private and/or confidential and shall communicate methods of protecting that information through the destruction/disposal process to appropriate persons associated with their department.
Records scheduled for destruction/disposal should be secured against unauthorized or inappropriate access until the destruction/disposal of information is complete.


All paper waste must be placed in a recycling container. Environmental Services (EVS)is responsible for the security, transport and storage of confidential paper waste from internal customer locations.  EVS will secure the confidential waste in locked containers provided by the UNMC Recycling Center.  All confidential waste containers will be secured on the dock areas or at the collection points designated by department policy.  As recycling containers are transported on the trucks to the Recycling Center, they will be the responsibility of the UNMC Recycling Center staff.  The UNMC Recycling Center will be responsible for disposing of the recycled material in a secure manner and ensuring that all documentation necessary for demonstrating compliance with regulations is maintained.Failure to appropriately dispose of/destroy private or confidential information may result in sanctions, civil or criminal prosecution and penalties, scholastic or employment corrective action which could lead to dismissal or, as it relates to health care professionals or others outside of UNMC, suspension or revocation of all access privileges.  
Failure to appropriately dispose of/destroy private or confidential information may result in sanctions, civil or criminal prosecution and penalties, scholastic or employment corrective action which could lead to dismissal or, as it relates to health care professionals or others outside of UNMC, suspension or revocation of all access privileges.  
 
===Definitions===
'''Definitions'''  
'''Information''' is data presented in readily comprehensible form.  (Whether a specific message is informative or not depends in part on the subjective perceptions of the person who receives it.)  Information may be stored or transmitted via electronic media, on paper or other tangible media, or be known by individuals or groups.  Information generated in the course of University operations is a valuable asset of the University and belongs to the University.  
 
Information is data presented in readily comprehensible form.  (Whether a specific message is informative or not depends in part on the subjective perceptions of the person who receives it.)  Information may be stored or transmitted via electronic media, on paper or other tangible media, or be known by individuals or groups.  Information generated in the course of University operations is a valuable asset of the University and belongs to the University.  
 
Proprietary information refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records:
   
* Employee records refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
*    Student education records means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by UNMC, The Nebraska Medical Center, UMA and UDA.  (NOTE: The HIPAA privacy regulation does not apply to education records covered by FERPA.)<br />
 
Protected Health Information (PHI) is individually identifiable health information.  Health information means any information, whether oral or recorded in any medium, that:
<br />
   
* is created or received by UNMC; and
*    relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
<br />
<br />


Records containing PHI, in any form, are the property of UNMC. The PHI contained in the record is the property of the individual who is the subject of the record.  
'''Proprietary information''' refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records: 
*'''Employee records''' refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, §3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
*'''Student education records''' means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). <br />
Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by UNMC, The Nebraska Medical Center, UMA and UDA.  (NOTE: The HIPAA privacy regulation does not apply to education records covered by FERPA.)


For additional information, contact Sheila Wrobel, Privacy Officer, or see Privacy, Confidentiality and Information Security Procedures contained in the following resources:<br />
'''Protected Health Information''' (PHI) is individually identifiable health information.  Health information means any information, whether oral or recorded in any medium, that:  
   
*is created or received by UNMC; and
* UNMC Privacy, Confidentiality and Information Security Procedures
*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
*     UNMC Destruction of Private and Confidential Information Procedures
Records containing PHI, in any form, may not be deleted. PHI contained in the medical record must be accessible at all times.
*    Laboratory Notebook Maintenance Procedures<br />
<br />


This policy contains minor revisions to UNMC Policy #6056, issued on 03/17/03.<br />
==Additional Information==
*Contact the [mailto:infosecurity@unmc.edu Information Security Office]
*Procedure No. 6056, [https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information]
*[http://www.sos.ne.gov/records-management/schedule_170.html UNMC Record Retention Schedule]


This page updated on Monday, February 16, 2004, by dkp.
This page maintained by [mailto:dpanowic@unmc.edu dkp].

Revision as of 12:53, August 2, 2019

Human Resources   Safety/Security   Research Compliance   Compliance   Privacy/Information Security   Business Operations   Intellectual Property   Faculty


Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training

Policy No.: 6056
Effective Date: 03/17/03
Revised Date: 05/22/17
Reviewed Date: 05/22/17

Retention and Destruction/Disposal of Private and Confidential Information Policy

Basis for Policy

Retention and subsequent destruction/disposal of proprietary and protected health information are governed by federal and state regulations and University policies and procedures. These regulations and guidelines include, but may not be limited to:

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  • Executive Memorandum No. 27, HIPAA Compliance Policy
  • Board of Regents Bylaws
  • Board of Regents Policies
  • Privacy, Confidentiality and Information Security Policy
  • Institutional Review Board Guidelines, Retention of Research Records for Non-Exempt Research
  • Information Technology Services Procedures
  • UNMC Record Retention Schedule

Policy

Retention

It is the policy of the University of Nebraska Medical Center (UNMC) and its affiliated entities to ensure the privacy and security of confidential information in the maintenance, retention, and eventual destruction/disposal of such media. All destruction/disposal of confidential information media will be done in accordance with federal and state law and pursuant to the UNMC Record Retention Schedule. Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner.

The retention schedule for destruction/disposal shall be suspended for records involved in any open investigation, audit, or litigation, as well as where specific contract provisions specify record retentions requirements.

Individuals who know or suspect that confidentiality has been breached by another person or persons have a responsibility to report the breach to the respective supervisor or administrator or to the Human Resources Department. Employees should not confront the individual under suspicion or initiate investigations on their own, as such actions could compromise any ensuing investigation. All individuals are to cooperate fully with those performing an investigation pursuant to this policy.

If a preservation notice is received, the record retention schedule shall be suspended until the preservation notice terminates.

Disposal/Destruction

All paper waste must be placed in a recycling container. UNMC will ensure that all confidential paper waste is secured from the time it is collected until the time it is shredded by the selected vendor.

Records scheduled for destruction/disposal should be secured against unauthorized or inappropriate access until the destruction/disposal of information is complete.

Failure to appropriately dispose of/destroy private or confidential information may result in sanctions, civil or criminal prosecution and penalties, scholastic or employment corrective action which could lead to dismissal or, as it relates to health care professionals or others outside of UNMC, suspension or revocation of all access privileges.

Definitions

Information is data presented in readily comprehensible form. (Whether a specific message is informative or not depends in part on the subjective perceptions of the person who receives it.) Information may be stored or transmitted via electronic media, on paper or other tangible media, or be known by individuals or groups. Information generated in the course of University operations is a valuable asset of the University and belongs to the University.

Proprietary information refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records and student records:

  • Employee records refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, §3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
  • Student education records means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution).

Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by UNMC, The Nebraska Medical Center, UMA and UDA. (NOTE: The HIPAA privacy regulation does not apply to education records covered by FERPA.)

Protected Health Information (PHI) is individually identifiable health information. Health information means any information, whether oral or recorded in any medium, that:

  • is created or received by UNMC; and
  • relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

Records containing PHI, in any form, may not be deleted. PHI contained in the medical record must be accessible at all times.

Additional Information

This page maintained by dkp.