2,654
edits
Privacy/Confidentiality: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 27: | Line 27: | ||
Policy No.: '''6045'''<br /> | Policy No.: '''6045'''<br /> | ||
Effective Date: '''11/21/03'''<br /> | Effective Date: '''11/21/03'''<br /> | ||
Revised Date: ''' | Revised Date: '''08/23/18'''<br /> | ||
Reviewed Date: ''' | Reviewed Date: '''08/23/18'''<br /> | ||
<br /> | <br /> | ||
<big>'''Privacy, Confidentiality and Security of Patient and Proprietary Information Policy'''</big><br /><br /> | <big>'''Privacy, Confidentiality and Security of Patient and Proprietary Information Policy'''</big><br /><br /> | ||
| Line 44: | Line 44: | ||
:*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. | :*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. | ||
==Other Definitions== | ==Other Definitions== | ||
*'''Controlled Unclassified Information (CUI)''' is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended. | *'''Controlled Unclassified Information (CUI)''' is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government wide policies but is not classified under U.S. Presidential Executive Order 13526 or the Atomic Energy Act, as amended. | ||
*'''Employee Records''' refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University. | *'''Employee Records''' refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University. | ||
*'''Information Security''' is the ability to control access and protect information from unauthorized alteration, destruction, loss or accidental or intentional disclosure to unauthorized persons. | *'''Information Security''' is the ability to control access and protect information from unauthorized alteration, destruction, loss or accidental or intentional disclosure to unauthorized persons. | ||
*'''Proprietary Information''' is information relating to business practices, including but not limited to financial statements, contracts, and business plans; employee records; student records; and meeting minutes. | *'''Proprietary Information''' is information relating to business practices, including but not limited to financial statements, contracts, and business plans; employee records; student records; and meeting minutes. | ||
*'''Student Education Records''' means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person | *'''Student Education Records''' means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person who is employed by UNMC by virtue of his or her status as a student at UNMC(e.g. work study, assistantships, resident assistants), (iv) alumni record and (v) medical record that is part of the common medical record shared by the Affiliated Covered Entity. Student education records are covered by the Family Educational Rights and Privacy Act (FERPA). | ||
*'''Workforce''' means employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC is under the direct control of UNMC, whether or not they are paid by UNMC. | *'''Workforce''' means employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC is under the direct control of UNMC, whether or not they are paid by UNMC. | ||
==Procedures== | ==Procedures== | ||
| Line 203: | Line 203: | ||
*[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations] | *[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations] | ||
*[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations - Moderate Standards] | *[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations - Moderate Standards] | ||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. | ||