University of Nebraska Medical Center

Use and Disclosure of Protected Health Information: Difference between revisions

Page Discussion

Use and Disclosure of Protected Health Information (view source)

Revision as of 11:07, June 24, 2013

68 bytes removed ,  June 24, 2013
no edit summary
VisualWikitext
No edit summary
Line 41: Line 41:
== Definitions ==
== Definitions ==
<br />  
<br />  
'''Treatment''' means the provision, coordination of management of healthcare and related services by one or more healthcare providers, including the coordination or management of healthcare by a healthcare provider with a third party; consultation between healthcare providers relating to a patient; or the referral of a patient for healthcare from one healthcare provider to another.
'''Treatment''' means the provision, coordination or management of healthcare and related services by one or more healthcare providers, including the coordination or management of healthcare by a healthcare provider with a third party; consultation between healthcare providers relating to a patient; or the referral of a patient for healthcare from one healthcare provider to another.


'''Payment''' means activities undertaken by a healthcare provider or health plan to obtain reimbursement for the provision of healthcare. Activities include determinations of insurance coverage, premiums, provision of benefits under a health plan, adjudication of health benefit claims, billing, collection activities, claims management, medical data processing, medical necessity determinations, utilization review activities including pre-certification and pre-authorization, disclosure to consumer reporting agencies related to collection of premiums or reimbursement, and healthcare data processing related to the above listed activities
'''Payment''' means activities undertaken by a healthcare provider or health plan to obtain reimbursement for the provision of healthcare. Activities include determinations of insurance coverage, premiums, provision of benefits under a health plan, adjudication of health benefit claims, billing, collection activities, claims management, medical data processing, medical necessity determinations, utilization review activities including pre-certification and pre-authorization, disclosure to consumer reporting agencies related to collection of premiums or reimbursement, and healthcare data processing related to the above listed activities


'''Healthcare operations''' means the following activities related to UNMC’s function as an affiliated healthcare provider and sponsor of a self-insured health plan:
'''Healthcare operations''' means the following activities related to UNMC’s function as an affiliated healthcare provider:
      
      
:#Quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any studies resulting from such activities; otherwise these activities may be classified as research if PHI is included
:#Quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any studies resulting from such activities; otherwise these activities may be classified as research if PHI is included
Line 95: Line 95:
Protected Health Information (PHI) may be used and disclosed by the ACE for its own treatment, payment and healthcare operations (as defined above).  These entities may share PHI with one another without patient authorization to conduct business on behalf of the organizations.
Protected Health Information (PHI) may be used and disclosed by the ACE for its own treatment, payment and healthcare operations (as defined above).  These entities may share PHI with one another without patient authorization to conduct business on behalf of the organizations.
:#Care providers may share medical information with the individual and other people that individual would like to be involved in his/her care (i.e. family members, other relatives, friends, etc.).  If possible, care providers should obtain the individual’s permission to share information with others during the course of treatment.  However, care providers may use their professional judgment and reasonably infer from the circumstances that an individual does not object to sharing information with others who may visit or call on the telephone.  Only information relevant to such person’s involvement with the individual’s care should be shared.
:#Care providers may share medical information with the individual and other people that individual would like to be involved in his/her care (i.e. family members, other relatives, friends, etc.).  If possible, care providers should obtain the individual’s permission to share information with others during the course of treatment.  However, care providers may use their professional judgment and reasonably infer from the circumstances that an individual does not object to sharing information with others who may visit or call on the telephone.  Only information relevant to such person’s involvement with the individual’s care should be shared.
:#The ACE may disclose a decedent’s PHI to family member and other who were involved in the care of payment for care of the decedent prior to death, unless doing so is inconsistent with any prior expressed preference of the individual.
:#The ACE may disclose a decedent’s PHI to family members and others who were involved in the care or payment for care of the decedent prior to death, unless doing so is inconsistent with any prior expressed preference of the individual.


The ACE may disclose PHI for the treatment activities of a healthcare provider.
The ACE may disclose PHI for the treatment activities of a healthcare provider.
Line 101: Line 101:
The ACE may disclose PHI to another covered entity or a healthcare provider for the payment activities of the entity that receives the information.
The ACE may disclose PHI to another covered entity or a healthcare provider for the payment activities of the entity that receives the information.


UNMC shall enter into a business associate agreement with outside entities performing services on its behalf that required PHI to perform the services. See [[Contracts|Contracts Policy]].
UNMC shall enter into a business associate agreement with outside entities performing services on its behalf that require PHI to perform the services.


Individuals shall sign an acknowledgement of receipt of the Notice of Privacy Practices when they first access the ACE for direct treatment, explaining how their PHI may be used and disclosed.  See [[Notice_of_Privacy_Practices|Notice of Privacy Practices Policy]].
Individuals shall sign an acknowledgement of receipt of the Notice of Privacy Practices when they first access the ACE for direct treatment, explaining how their PHI may be used and disclosed.  See [[Notice_of_Privacy_Practices|Notice of Privacy Practices Policy]].
Line 121: Line 121:
:#Disclosure required by law
:#Disclosure required by law
:#Disclosures for public health activities when the public health authority is authorized by law to receive reports; (i.e., controlling disease; vital events such as birth/death; public health surveillance; FDA device tracking; requests related to workers’ compensation)
:#Disclosures for public health activities when the public health authority is authorized by law to receive reports; (i.e., controlling disease; vital events such as birth/death; public health surveillance; FDA device tracking; requests related to workers’ compensation)
:##Disclosures to a school, limted to proof of immunization of a student or prospective student, and UNMC has obtained and documented agreement from the parent, legal guardian, or the individual if the individual is an adult or emancipated minor.
:##Disclosures to a school, limited to proof of immunization of a student or prospective student, and UNMC has obtained and documented agreement from the parent, legal guardian, or the individual if the individual is an adult or emancipated minor.
:#Reports of suspected abuse, neglect or domestic violence made by mandatory reporters to governmental agencies authorized by law to receive such reports.
:#Reports of suspected abuse, neglect or domestic violence made by mandatory reporters to governmental agencies authorized by law to receive such reports.
:#Disclosures for law enforcements purposes.  See Use/Disclosure of PHI for Law Enforcement Purposes.
:#Disclosures for law enforcements purposes.  See Use/Disclosure of PHI for Law Enforcement Purposes.
Line 147: Line 147:
Additionally the following activities are not marketing under HIPAA:
Additionally the following activities are not marketing under HIPAA:
:#Communication for treatment of the individual.
:#Communication for treatment of the individual.
:#Communications for case management or care coordinator for the individual, or to direct or recommend alternative treatments, therapies, healthcare providers, or settings of care to the individual.   
:#Communications for case management or care coordination for the individual, or to direct or recommend alternative treatments, therapies, healthcare providers, or settings of care to the individual.   
:#Providing refill reminders or otherwise communication about a drug or biological that is currently being prescribed for the individual, only if any financial remuneration received by UNMC in exchange for making the communication is reasonably related to the covered entity’s cost of making the communication (such as the cost of mailing); and
:#Providing refill reminders or otherwise communicating about a drug or biological that is currently being prescribed for the individual, only if any financial remuneration received by UNMC in exchange for making the communication is reasonably related to the covered entity’s cost of making the communication (such as the cost of mailing); and
:##Communications to describe the health related product or service that is provided by or included in a plan of benefits of UNMC, including communications about (i) the entities participating in a healthcare provider network or health plan network; (ii) replacement of, or enhancements to, a health plan; and (iii) health related products or services available only to a health plan enrollee that add value to, but are not a part of, a plan of benefits
:##Communications to describe the health related product or service that is provided by or included in a plan of benefits of UNMC, including communications about (i) the entities participating in a healthcare provider network or health plan network; (ii) replacement of, or enhancements to, a health plan; and (iii) health related products or services available only to a health plan enrollee that add value to, but are not a part of, a plan of benefits


Line 155: Line 155:
===Use/Disclosure of PHI for Fundraising===
===Use/Disclosure of PHI for Fundraising===
Fundraising using PHI shall be conducted through The Nebraska Medical Center Development Office and/or the NU Foundation, depending on the organizations involved.
Fundraising using PHI shall be conducted through The Nebraska Medical Center Development Office and/or the NU Foundation, depending on the organizations involved.
:#Only the following patient information may be used or disclosed to business associates and institutionally-related foundations for fundraising. Fundraising involving PHI should be coordinated with the NU Foundation. Demographic information relating to an individual, including name, address, other contact information, age, gender and date of birth
 
Only the following patient information may be used or disclosed to business associates and institutionally-related foundations for fundraising.  
:#Demographic information relating to an individual, including name, address, other contact information, age, gender and date of birth
:#Dates of healthcare provided to an individual
:#Dates of healthcare provided to an individual
:#Department of service information
:#Department of service information
Line 201: Line 203:


===Limited Data Set===
===Limited Data Set===
A limited data set of PHI may be used and disclosed for the purposes of research, public healthcare operations that excludes the following direct identifiers of the individual or of relatives, employers or household members of the individual:
A limited data set of PHI may be used and disclosed for the purposes of research, public health or healthcare operations that excludes the following direct identifiers of the individual or of relatives, employers or household members of the individual:
:#Names
:#Names
:#Postal address information, other than town or city, state or zip code
:#Postal address information, other than town or city, state or zip code
Line 222: Line 224:


===De-Identification /Re-Identification of PHI (164.514)===
===De-Identification /Re-Identification of PHI (164.514)===
'''De-Identification of PHI.''' PHI may be used to create information that is not individually identifiable health information (de-identified).  The HIPAA privacy rules do not apply to information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual.  PPHI is de-identified when 18 identifiers of the individual or of relatives, employers or household members of the individual are removed and the organization does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is the subject of the information.  The identifiers are:
'''De-Identification of PHI.''' PHI may be used to create information that is not individually identifiable health information (de-identified).  The HIPAA privacy rules do not apply to information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual.  PHI is de-identified when 18 identifiers of the individual or of relatives, employers or household members of the individual are removed and the organization does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is the subject of the information.  The identifiers are:
:#Names
:#Names
:#All geographic subdivisions smaller than a state
:#All geographic subdivisions smaller than a state
Line 235: Line 237:
:#Certificate/license numbers
:#Certificate/license numbers
:#Vehicle identifiers and serial numbers
:#Vehicle identifiers and serial numbers
:#Device Identifiers and serial numbers
:#Web Universal Resource Locators (URLs)
:#Web Universal Resource Locators (URLs)
:#Internet Protocol (IP) address numbers
:#Internet Protocol (IP) address numbers
Line 241: Line 244:
:#Any other unique identifying number, characteristic/code, except as permitted under the Re-identification section below
:#Any other unique identifying number, characteristic/code, except as permitted under the Re-identification section below


'''Re-Identification of PHI.''' A code or other means of record identification may be assigned to allow information de-identified under VIIA about to be re-identified by UNMC, provided that:
'''Re-Identification of PHI.''' A code or other means of record identification may be assigned to allow information de-identified under De-Identification of PHI (above) about to be re-identified by UNMC, provided that:
:#The code or other means of record identification is not derived from or related to information about the individual and is not otherwise capable of being translated so as to identify the individual; and
:#The code or other means of record identification is not derived from or related to information about the individual and is not otherwise capable of being translated so as to identify the individual; and
:#The code or other means of record identification is not used for other purposes and the mechanism for re-identification is not disclosed.  
:#The code or other means of record identification is not used for other purposes and the mechanism for re-identification is not disclosed.  
Spammer
25

edits

Retrieved from "https://wiki.unmc.edu/index.php/Special:MobileDiff/2064"