Third Party Registry: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 33: Line 33:
<big>'''Third Party Registry Selection Policy'''</big><br /><br />
<big>'''Third Party Registry Selection Policy'''</big><br /><br />
==Purpose of Policy==
==Purpose of Policy==
The purpose of this policy is to describe the organization’s requirements for selecting a third party registry to securely and efficiently submit data to in order to achieve organizational goals.   
A third party registry is an external entity that collects electronic medical record (EMR) data for quality or research objectives. The purpose of this policy is to describe the requirements for selecting a third party registry to securely and efficiently submit data while achieving organizational goals.
==Basis for Policy==
In order to ensure that the benefits of participating with submitting data to a third party registry outweigh the risks.   
==Policy==
==Policy==
The following serve as the guiding principles to follow when selecting a vendor:
The following serve as the guiding principles to follow when selecting a vendor:
Line 49: Line 51:
Quantifiable benefits due to specified research goals is the research objective.
Quantifiable benefits due to specified research goals is the research objective.
===Data Collection===
===Data Collection===
Data is efficiently collected.
====Data Quality====
===Secure Storage===
*The third party vendor will provide a quality assurance process to ensure that the collected data is accurate prior to submission.
*The third party vendor will provide a data dictionary that clearly documents that data elements collected and how they will use those data elements
====Workflow====
*The data elements documented within the data dictionary will need to be collected as part of a clinical workflow within OneChart
====Data is secure====
*All vendors and sub-contractors that transfer or store PHI need to be covered under a business associate agreement (BAA)
====Secure Storage====
All vendors and sub-contractors that transfer or store PHI need to be covered under a business associate agreement (BAA).
All vendors and sub-contractors that transfer or store PHI need to be covered under a business associate agreement (BAA).
===Data Policy Committee===
====Data Policy Committee====
The Data Policy Committee will review requests and determines if the benefits of participating within the submission outweighs the risk.
The Data Policy and Governance Committee (Subcommittee of IM Governance Cabinet Research Committee) will review requests and determine if the benefits of participating within the submission outweighs the risk  
==Definitions==
==Definitions==
'''Affiliated Covered Entity (ACE)''' - legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current Nebraska Medical ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center, and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members.
'''Affiliated Covered Entity (ACE)''' - legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current Nebraska Medical ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center, and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members.
Line 72: Line 80:
*UNMC Policy No. 6051, [http://wiki.unmc.edu/index.php?title=Computer_Use/Electronic_Information Computer Use and Electronic Information Security]
*UNMC Policy No. 6051, [http://wiki.unmc.edu/index.php?title=Computer_Use/Electronic_Information Computer Use and Electronic Information Security]
*[http://www.unmc.edu/its/security/procedures/thirdparty.html Third Party Registry Procedure]
*[http://www.unmc.edu/its/security/procedures/thirdparty.html Third Party Registry Procedure]
*[http://www.unmc.edu/its/security/forms.html Third Party Registry Form]
*[http://app1.unmc.edu/forms/its/third_party_registry.cfm Third Party Registry Form]


This page maintained by [mailto:dpanowic@unmc.edu dkp].
This page maintained by [mailto:dpanowic@unmc.edu dkp].