2,654
edits
Privacy/Confidentiality: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 43: | Line 43: | ||
:*is created or received by ACE; and | :*is created or received by ACE; and | ||
:*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. | :*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. | ||
==Definitions== | ==Other Definitions== | ||
*'''Controlled Unclassified Information (CUI)''' is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended. | *'''Controlled Unclassified Information (CUI)''' is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended. | ||
*'''Employee Records''' refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University. | *'''Employee Records''' refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University. | ||
| Line 60: | Line 60: | ||
:*Right to file a complaint internally with the Nebraska Medicine Patient Relations Department, the Office of the Assistant Dean for Patient Services (College of Dentistry), or with the U.S. Department of Health and Human Services Office for Civil Rights. (See UNMC Policy Nos. 6058, [[Notice of Privacy Practices]] and 6062, [[Patient/Consumer Complaints]]). | :*Right to file a complaint internally with the Nebraska Medicine Patient Relations Department, the Office of the Assistant Dean for Patient Services (College of Dentistry), or with the U.S. Department of Health and Human Services Office for Civil Rights. (See UNMC Policy Nos. 6058, [[Notice of Privacy Practices]] and 6062, [[Patient/Consumer Complaints]]). | ||
*Individuals shall not be asked to waive these rights as a condition of receiving treatment. | *Individuals shall not be asked to waive these rights as a condition of receiving treatment. | ||
*The ACE is responsible for safeguarding and protecting | *The ACE is responsible for safeguarding and protecting PHI against loss, tampering, and disclosure to unauthorized individuals. The safeguarding of PHI in any form includes when the information is stored and/or being transferred outside the facility (see UNMC Policy No. 6073, [[Transporting Protected Health Information]]). | ||
*ACE workforce have a duty to protect PHI. Breach of this duty includes the following: | *ACE workforce have a duty to protect PHI. Breach of this duty includes the following: | ||
:*Accessing PHI, in any form, without a "need to know" to perform assigned duties. Workforce members with medical information system access may view their own individual medical records. Workforce members may not print copies of their own records nor access records of family members (including children), relatives, friends and others, unless access is necessary to perform assigned duties. Workforce members may obtain a copy of their medical records from the Health Information Management Department. Workforce may not alter their own medical record. | :*Accessing PHI, in any form, without a "need to know" to perform assigned duties. Workforce members with medical information system access may view their own individual medical records. Workforce members may not print copies of their own records nor access records of family members (including children), relatives, friends and others, unless access is necessary to perform assigned duties. Workforce members may obtain a copy of their medical records from the Health Information Management Department. Workforce may not alter their own medical record. | ||
| Line 146: | Line 146: | ||
*Workforce members who suspect a breach of confidentiality regarding controlled unclassified information shall report the breach to the Privacy Office and/or Information Security Office. | *Workforce members who suspect a breach of confidentiality regarding controlled unclassified information shall report the breach to the Privacy Office and/or Information Security Office. | ||
===Research Information=== | ===Research Information=== | ||
*Members of the workforce have a duty to protect confidential information produced while performing research. Breach of | *PHI and other sensitive data, such as student information or business information, may be elements of authorized research. Members of the workforce have a duty to protect confidential information produced while performing research. | ||
:*Disclosure of PHI to unauthorized persons or entities not included in the Authorization for Release of Information | *Health outcomes and quality improvement projects performed with data from the Nebraska Medicine enterprise may be exempt from IRB review and approval but publication of those results will require IRB approval. Any questions should be directed to the IRB, and questions of ethical access to the data to specific individuals or groups can be referred to the privacy officer or IRB. | ||
*Research with PHI generated within Nebraska Medicine or other UNMC affiliated entities or received by UNMC from other entities. Research personnel need to follow all relevant policies for use of those records, including restrictions on sharing with any individuals that have not received human subjects training and/or authorization by IRB protocol. | |||
*De-identified data used for research is proprietary information and should still be stored and shared safely. | |||
*Research PHI generated by other entities and sent to UNMC. When UNMC receives data containing PHI from another or a group of institutions for the purposes of analysis or storage, such as when UNMC serves as a coordinating center for a collaboration, a multicenter trial, or UNMC conducts data analysis, PHI received should be stored securely and shared only with those individuals approved by the IRB protocol and in accordance with the business contract. | |||
*Breach of confidentiality includes the following: | |||
:*Disclosure of PHI to unauthorized persons or entities not included in the Authorization for Release of Information, if requested for specific data sets OR | |||
:*Disclosure of research results linked to human subjects to persons or entities not authorized in the Institutional Review Board (IRB) approved protocol | :*Disclosure of research results linked to human subjects to persons or entities not authorized in the Institutional Review Board (IRB) approved protocol | ||
*Workforce members who suspect a breach of confidentiality regarding human | *Workforce members who suspect a breach of confidentiality regarding human subjects’ research information shall report the breach to the IRB office for research data sets sent to UNMC from outside entities and/or the Privacy Office for data sets generated within Nebraska Medicine or affiliated entities. | ||
==Additional Information== | ==Additional Information== | ||
* | *Note: Corresponds to Nebraska Medicine Policy IM06 | ||
*Contact the [mailto:sarah.glodencarlson@unmc.edu Chief Compliance Officer], 402-559-9576, or the UNMC Compliance Office at 402-559-6767 | |||
*Contact the [mailto:debrbishop@nebraskamed.com Privacy] or [mailto:libazis@nebraskamed.com Information Security] Officers | *Contact the [mailto:debrbishop@nebraskamed.com Privacy] or [mailto:libazis@nebraskamed.com Information Security] Officers | ||
*Contact Human Resources – Records at 402-559-8962 or Human Resources - Employee Relations | *Contact Human Resources – Records at 402-559-8962 or Human Resources - Employee Relations | ||