University of Nebraska Medical Center

Transporting Protected Health Information: Difference between revisions

Page Discussion

Transporting Protected Health Information (view source)

Revision as of 09:28, August 16, 2023

1,214 bytes added ,  August 16, 2023
m
→‎Definitions:
VisualWikitext
No edit summary
 
(7 intermediate revisions by 2 users not shown)
Line 20: Line 20:
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"  
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"  
width="20">[[Intellectual Property]]</td>
width="20">[[Intellectual Property]]</td>
<td style="border-bottom:2px solid #A3B1BF" width="3">&#160;</td>
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"
width="20">[[Faculty]]</td>
</tr>
</tr>
</table>
</table>
<br />
<br />
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Confidential Information]] | [[Protected Health Information (PHI)]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]]
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Information Security Awareness and Training]]
<br /><br />
<br /><br />
Policy No.:  '''6073'''<br />
Policy No.:  '''6073'''<br />
Line 29: Line 32:
Revised Date:<br />
Revised Date:<br />
Reviewed Date: <br />
Reviewed Date: <br />
<br />
<big>'''Transporting Protected Health Information Policy'''</big>
<big>'''Transporting Protected Health Information Policy'''</big>
== Policy: ==
== Policy: ==
Line 37: Line 39:
== Definitions: ==
== Definitions: ==
''Transport'' means to physically move PHI (whether on paper, or on mobile digital devices and electronic storage device such as a laptop computer, smartphone, USB/thumb drive or a disk) from one location to another, by any means including by foot, motor vehicle including courier, airplane or other means of transportation. For example: moving a medical record from one clinic to another, from one department to another, from an external research source back to the facility, or from the office to home.
''Transport'' means to physically move PHI (whether on paper, or on mobile digital devices and electronic storage device such as a laptop computer, smartphone, USB/thumb drive or a disk) from one location to another, by any means including by foot, motor vehicle including courier, airplane or other means of transportation. For example: moving a medical record from one clinic to another, from one department to another, from an external research source back to the facility, or from the office to home.
<br \><br \>
<br \><br \>'''Protected Health Information (PHI)'''
''Protected health information'' means information that relates to past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present or future payment for health care to an individual, which identifies the individual or as to which there is a reasonable basis to believe could be used to identify the individual.
 
Individually identifiable health information including demographic information, collected from an Individual, whether oral or recorded in any medium, that:
 
* is created or received by UNMC/ACE; and
* relates to the past, present or future physical or mental health or condition of an Individual; the provision of health care to an Individual; or the past, present or future payment for the provision of health care to an Individual and identifies the Individual or with respect to which there is a reasonable basis to believe the information can be used to identify the Individual.
 
PHI includes genetic information, which includes information about:
 
* an Individual’s genetic tests;
* the genetic tests of an Individual’s family members; or
* the manifestation of a disease or disorder in such Individual’s family members (i.e., family medical history).
 
PHI excludes:
 
* individually identifiable health information of a person who has been deceased for more than fifty (50) years.
* education records covered by the Family Educational Rights and Privacy Act (FERPA); and
* employment records held by UNMC in its role as employer.


== Procedures: ==
== Procedures: ==
Line 49: Line 67:
## If PHI is being accessed from or taken home to work during off-hours, employees' manager/director should be notified and approve such work at home off-hours.
## If PHI is being accessed from or taken home to work during off-hours, employees' manager/director should be notified and approve such work at home off-hours.
## PHI in the home must be secured from access or view by family members and others. Workforce members shall log out of information systems immediately after use and shall secure their login and password so that others cannot use it.
## PHI in the home must be secured from access or view by family members and others. Workforce members shall log out of information systems immediately after use and shall secure their login and password so that others cannot use it.
# Mobile devices must be password protected and encrypted. For additional information, refer to the [http://www.unmc.edu/its/docs/security_enduserdevice.pdf End User Device Procedure] for security of mobile devices such as laptops, USB/thumb drives, etc.
# Mobile devices must be password protected and encrypted. For additional information, refer to the [https://info.unmc.edu/its-security/policies/procedures/enduser.html End User Device Procedure] for security of mobile devices such as laptops, USB/thumb drives, etc.
# If PHI is lost, stolen or improperly accessed by others, immediately notify the ITS Help Desk, Privacy Officer or Information Security Officer. Immediately notify UNMC Security and file a police report if PHI is stolen.
# If PHI is lost, stolen or improperly accessed by others, immediately notify the ITS Help Desk, Privacy Officer or Information Security Officer. Immediately notify UNMC Security and file a police report if PHI is stolen.
# Contact the HIPAA Privacy Office for additional guidance.
# Contact the HIPAA Privacy Office for additional guidance.
For additional information, please contact the [mailto:swrobel@unmc.edu Privacy Officer] or see UNMC Policy #6051, [[Computer Use/Electronic Information | Computer Use and Electronic Information Security Policy]], or UNMC's [http://www.unmc.edu/hipaa/ HIPAA] information pages.
==Additional Information==
*Contact [mailto:dbishop@unmc.edu Privacy Officer]
*See UNMC Policy #6051, [[Computer Use/Electronic Information | Computer Use and Electronic Information Security Policy]]
*See UNMC's [http://www.unmc.edu/hipaa/ HIPAA] information pages
 


This page maintained by [mailto:dpanowic@unmc.edu dkp].
This page maintained by [mailto:dpanowic@unmc.edu dkp]
Retrieved from "https://wiki.unmc.edu/index.php/Special:MobileDiff/1656...14231"