Privacy/Confidentiality: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 72: Line 72:
:*Transferring confidential information in any form without both parties having a need to know.
:*Transferring confidential information in any form without both parties having a need to know.
*The ACE shall reasonably mitigate or reduce any harmful effects that may result from privacy breaches.
*The ACE shall reasonably mitigate or reduce any harmful effects that may result from privacy breaches.
*All employees, medical staff, allied health practitioners and members of the workforce with access to confidential information shall sign a[https://www.unmc.edu/hipaa/policies/6045-exhibit-a-statement-of-understanding.pdf Statement of Understanding, Exhibit A] upon initial employment/work/appointment/credentialing.
*All employees, medical staff, allied health practitioners and members of the workforce with access to confidential information shall sign a [https://www.unmc.edu/hipaa/policies/6045-exhibit-a-statement-of-understanding.pdf Statement of Understanding, Exhibit A] upon initial employment/work/appointment/credentialing.
*Workforce members who suspect a privacy or information security violation must report it immediately to their respective manager and the Privacy and/or Information Security Office. A full investigation of the suspected violation shall be conducted. Staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 866-568-5430. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations. The Medical Staff and allied health practitioners shall report suspected violations to the System Chief Medical Officer.
*Workforce members who suspect a privacy or information security violation must report it immediately to their respective manager and the Privacy and/or Information Security Office. A full investigation of the suspected violation shall be conducted. Staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 866-568-5430. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations. The Medical Staff and allied health practitioners shall report suspected violations to the System Chief Medical Officer.
*Sanctions for violations of privacy or information security may include revocation of medical staff privileges, allied health credentials, or employee corrective action up to and including termination of employment (see UNMC Policy No. 1098, [https://wiki.unmc.edu/index.php/Corrective/Disciplinary_Action Corrective and Disciplinary Action]). Civil and criminal fines and penalties can also be levied under HIPAA.
*Sanctions for violations of privacy or information security may include revocation of medical staff privileges, allied health credentials, or employee corrective action up to and including termination of employment (see UNMC Policy No. 1098, [https://wiki.unmc.edu/index.php/Corrective/Disciplinary_Action Corrective and Disciplinary Action]). Civil and criminal fines and penalties can also be levied under HIPAA.