HIPPA Research Policy
|
|
- Avice Waters
- 5 years ago
- Views:
Transcription
1 I. Purpose The purpose of this policy is to clearly define the circumstances under which protected health information (PHI) may and may not be used internally or disclosed externally in connection with research activities. This policy will specify how the covered entity, Ochsner, delegates its research related Health Insurance Portability and Accountability Act (HIPAA) responsibilities. II. III. Scope This policy covers all PHI that is or may be created, used, or disclosed by, through, or during research activities. This policy applies to all Ochsner employees and nonemployees (including visiting faculty, students, non-ochsner residents, industrial personnel, etc...) who conduct research, assist in the performance of research, or otherwise use or disclose PHI in connection with research activities at Ochsner. In many cases, the prior review and approval of the Institutional Review Board () will be required in the implementation of this Policy. Definitions A. Data Use Agreement- a legally binding agreement required by the Privacy Rule between a covered entity and a person or entity that receives a limited data set. The DUA serves as both a means of informing data users of these requirements and a means of obtaining their agreement to abide by these requirements. B. Designated Record Set- A group of records maintained by or for Ochsner that is the medical and billing records about individuals. It includes PHI that is maintained, collected, used, or disseminated by, or for, a covered entity for each individual. The designated record set includes: 1. The medical records and billing records about individuals maintained by or for a covered health care provider (can be in a business associate s records); 2. The enrollment, payment, claims adjudication and case or medical management records systems maintained by or for a health plan; or 3. The information used, in part or in whole, to make decisions about individuals. C. Minimum Necessary Standard: When using or disclosing PHI or when requesting PHI from another covered entity, a covered entity must make reasonable efforts to limit PHI to the least amount necessary to accomplish the intended purpose of the request. D. Protected Health Information: individually identifiable information, including demographic information, related to the past, present, or future physical or mental Page 1 of 9
2 health or condition, the provision of health care to an individual, or the past, present, or future payment for such health care, which is created or received by a covered entity. IV. Policy Statements A. Ochsner Health System (Ochsner) will comply with all applicable laws, including the (HIPAA) Privacy & Security Rule (HIPAA Privacy Rule). The purpose of the HIPAA Privacy Rule is to protect the privacy rights of individuals regarding their PHI. V. Procedures/Standards and Roles & Responsibilities A. Research Use or Disclosure of PHI With Authorization 1. As a general rule, a researcher must obtain an authorization for research (authorization) from all participants in research prior to the internal use or external disclosure of PHI for any research-related purpose that is not otherwise permitted or required under this policy. 2. The researcher may incorporate the authorization within the consent form for approval by the or use a separate authorization form, which is available on the website. 3. The individual must be provided with a copy of the signed authorization. 4. The authorization need not be study-specific, provided the authorization effectively describes the future uses and disclosures to enable the individual to understand that their PHI may be used or disclosed for future research. B. Waiver of Authorization by the 1. Research authorizations otherwise required under this policy may be waived or altered by the, provided the determines that: a. The use or disclosure of PHI involves no more than a minimal risk to the privacy of individuals, based on, at least, the presence of the following elements: i. An adequate plan to protect the identifiers from improper use and disclosure; ii. An adequate plan to destroy the identifiers at the earliest opportunity consistent with conduct of the research, unless there is a health or research justification for retaining the identifiers or such retention is otherwise required by law; and Page 2 of 9
3 iii. Adequate written assurances that the PHI will not be reused or disclosed to any other person or entity, except as required by law, for authorized oversight of the research study, or for other research for which the use or disclosure of PHI would be permitted by this subpart. b. The research could not practicably be conducted without the waiver or alteration; and c. The research could not practicably be conducted without access to and use of the protected health information. 2. A request for a Waiver of Authorization ( waiver) must be completed by the researcher and submitted to the for review and approval prior to initiation of the study. 3. The shall maintain the following documentation about the waiver: i) a statement identifying the and the date on which the waiver request was approved; ii) a statement that the determined that the waiver satisfied the criteria for waiver; iii) a statement that the waiver has been reviewed and approved under either normal or expedited review procedures; and iv) the documentation is signed by the chair or their designee. 4. Uses or disclosures of PHI made pursuant to an waiver are subject to the minimum necessary standard of HIPAA. C. Use and Disclosure of PHI for the Purpose of Contacting and/or Recruiting Potential Research Participants 1. Physicians, and other health care providers, may contact their own patients for purposes of recruiting them to participate in a research study without either an authorization or waiver. If approved by the, a treating physician and researcher within Ochsner may co-sign a recruitment letter to patients with no new HIPAA Privacy Rule requirements. 2. Ochsner employees may use Ochsner PHI to contact prospective research subjects, provided all the requirements of Section D below, Use and Disclosure of PHI Without Authorization Preparatory to Research, are satisfied. 3. An individual may contact a researcher about a study with no new HIPAA Privacy Rule requirements. 4. Ochsner must obtain an authorization from an individual who has indicated interest in participating in a research study prior to asking the individual any screening questions that involve PHI, unless an waiver was obtained. Page 3 of 9
4 5. All other uses and disclosures of PHI for the purpose of contacting and/or recruiting potential research participants may require either an authorization or waiver. Contact the for guidance. D. Use and Disclosure of PHI Without Authorization Preparatory to Research 1. Researchers may use or disclose PHI without an authorization or waiver for the development of a research protocol, provided that the obtains from the researcher representations that: a. Use or disclosure is sought solely to review PHI as necessary to prepare a research protocol or for similar purposes preparatory to research; b. No PHI is to be removed from the covered entity by the researcher in the course of the review; and c. The PHI for which use or access is sought is necessary for the research purposes. 2. Uses or Disclosures of PHI preparatory to research are subject to the minimum necessary standard of HIPAA. E. Use and Disclosure of a Decedent s PHI Without Authorization 1. Researchers may use and disclose a decedent s PHI for research without an authorization or waiver, provided that the researcher documents that all the following criteria are satisfied: i) the use of the decedent s PHI will be solely for research; ii) the researcher has documentation of the death of the decedent about whom information is being sought, and iii) the PHI sought is necessary for the purposes of the research. 2. The researcher must provide documentation that all of the above criteria are satisfied. This will be provided to the via an 3. Uses or disclosures of a decedent s PHI for research purposes are subject to the minimum necessary standard of HIPAA. F. Use or Disclosure of De-Identified Health Information 1. De-identified health information is exempt from HIPAA and may be used or disclosed for research purposes without an authorization or waiver. 2. The researcher must provide documentation to the that the health information has been de-identified by one of the following two methods: Page 4 of 9
5 a. Statistical Method. The may determine that health information is deidentified for purposes of this policy, if an independent, qualified statistician or similar expert: i. Determines that the risk of re-identification of the data, alone or in combination with other data, is very small; and ii. The researcher documents the methods and results by which the health information is de-identified, and the expert makes his/her determination of risk. The expert may not be anyone directly involved in the research study. b. Removal of All Identifiers. Identifiers concerning the individual and the individual s employer, relatives, and household members must be removed pursuant to the HIPAA Privacy Rule. c. The de-identified information may be assigned a code (re-identification code) that can be affixed to the research record that will permit the information to be re-identified if necessary, provided that (1) the code is not derived from or related to information about the individual, and (2) the key to such a code is not accessible to the researcher requesting to use or disclose the deidentified health information. G. Limited Data Set 1. An Ochsner researcher may use or disclose a limited data set for any research purpose without an authorization or Waiver if either the or HIPAA Compliance Office confirms that the researchers has met the requirements of this. a. A limited data set may be used or disclosed only if there is a Data Use Agreement between Ochsner and the recipient of the limited data set. The HIPAA Compliance Office acts on behalf of Ochsner to develop the written agreement. It establishes the permitted uses and disclosures of such information by the limited data set recipient. The data use agreement may not authorize the limited data set recipient to use or further disclose the information in a manner that would violate the requirements of this subpart, if done by the covered entity; b. Establish who is permitted to use or receive the limited data set; and c. Provide that the limited data set recipient will: i. Not use or further disclose the information other than as permitted by the data use agreement or as otherwise required by law; Page 5 of 9
6 ii. iii. iv. Use appropriate safeguards to prevent use or disclosure of the information other than as provided for by the data use agreement; Report to the covered entity any use or disclosure of the information not provided for by its data use agreement of which it becomes aware; Ensure that any agents to whom it provides the limited data set agree to the same restrictions and conditions that apply to the limited data set recipient with respect to such information; and v. Not identify the information or contact the individuals. H. Individual s Access to Research Information 1. As a general rule, individuals who participate in research have a right to access their own PHI that is maintained in a designated record set. 2. An individual's access to PHI created or obtained by a covered health care provider in the course of research that includes treatment may be temporarily suspended for as long as the research is in progress, provided that the individual has agreed to the denial of access when consenting to participate in the research that includes treatment, and the covered health care provider has informed the individual that the right of access will be reinstated upon completion of the research. I. Individual s Revocation of Research Authorization 1. An individual may revoke an authorization at any time, provided that the revocation is in writing, except to the extent that the covered entity [e.g., researcher] has taken action in reliance thereon. 2. The researcher may continue to use and disclose, for research integrity and reporting purposes, any PHI collected about the individual pursuant to a valid authorization before it was revoked, unless the authorization or consent form specifically limited this use or disclosure. 3. The principal investigator shall keep copies of all revocations of authorizations for a specific protocol, and report them to the at the time of continuing review. J. Accounting of Disclosures 1. An individual has a right to receive an accounting of disclosures of PHI made by a covered entity in the six years prior to the date on which the accounting is requested, except for disclosures where an authorization has been signed, a limited data set disclosed, or totally de-identified information was disclosed. Page 6 of 9
7 2. The HIPAA Compliance Office must keep records of all disclosures of PHI in the following circumstances: a. Disclosures pursuant to an waiver; b. Disclosures of PHI used in preparation of a research protocol; and c. Disclosure of a decedent s PHI used for research. The who acts on behalf of the covered entity to confirm requirements are met for these three types of disclosures must instruct the researcher to utilize whatever disclosure tracking system the HIPAA Compliance Office uses to account for these disclosures. 3. A simplified accounting procedure may be used if the research use or disclosure involves the PHI of more than 50 people. Under the simplified accounting procedure: a. The individual must be provided a list of research protocols in which the individual s PHI may have been used. b. The list must provide the following: i. The name of the protocol or other research activity; ii. iii. iv. A description of the purpose of the study and the type of PHI disclosed; The timeframe during which such disclosures occurred; and The name, address, and telephone number of the entity that sponsored the research and of the researcher to whom the information was disclosed. c. Upon request, Health Information Management will assist the individual in contacting those researchers to whom it is likely that the individual s PHI was actually disclosed. VI. VII. Enforcement and Exceptions A. Failure to comply with this policy may result in disciplinary action up to and including termination of employment for employees or termination of contract or service for third-party personnel, students or volunteers. Internal References OHS.CI.010 Page 7 of 9
8 OHS.CI.011 OHS.CI.021 OHS.HIM.046 VIII. External References 45 CFR CFR CFR CFR CFR CFR CFR CFR Fed. Reg IX. Policy History Former Policy # [Remainder of page intentionally left blank, approval signatures and reviewers listed on next page] Page 8 of 9
9 X. Approved Warner Thomas, President and Chief Executive Officer Michael Hulefeld, Executive Vice President and System Chief Operating Officer William W. Pinsky, M.D., Executive Vice President and Chief Academic Officer Page 9 of 9
UAMS ADMINISTRATIVE GUIDE NUMBER: 2.1
UAMS ADMINISTRATIVE GUIDE NUMBER: 2.1.12 DATE: 04/01/2003 REVISION: 3/1/2004; 12/28/2010; 01/02/2013 PAGE: 1 of 18 SECTION: HIPAA AREA: HIPAA PRIVACY/SECURITY POLICIES SUBJECT: HIPAA RESEARCH POLICY PURPOSE
More informationEVMS Medical Group A. RESEARCH USE AND OR DISCLOSURE WITHOUT AUTHORIZATION:
Page 1 of 8 Definitions: Research Research is defined as systematic investigation, including the research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge
More informationTitle: HP-53 Use and Disclosure of Protected Health Information for Purposes of Research. Department: Research
Title: HP-53 Use and Disclosure of Protected Health Information for Purposes of Research Department: Research I. STATEMENT OF POLICY In order for an investigator to use or disclose protected health information
More informationCOLUMBIA UNIVERSITY MEDICAL CENTER INSTITUTIONAL REVIEW BOARD (IRB)
COLUMBIA UNIVERSITY MEDICAL CENTER INSTITUTIONAL REVIEW BOARD (IRB) PROCEDURES TO COMPLY WITH PRIVACY LAWS THAT AFFECT USE AND DISCLOSURE OF PROTECTED HEALTH INFORMATION FOR RESEARCH PURPOSES Procedures
More informationUNIVERSITY OF TENNESSEE HEALTH SCIENCE CENTER INSTITUTIONAL REVIEW BOARD USE OF PROTECTED HEALTH INFORMATION WITHOUT SUBJECT AUTHORIZATION
UNIVERSITY OF TENNESSEE HEALTH SCIENCE CENTER INSTITUTIONAL REVIEW BOARD USE OF PROTECTED HEALTH INFORMATION WITHOUT SUBJECT AUTHORIZATION I. PURPOSE To provide guidance to investigators regarding the
More information7 ATLzr UNIVERSITY OF CALIFORNIA. January 30, 2014
UNIVERSITY OF CALIFORNIA BEPKELEY DAVIS IRVINE LOS ANGELES MERCED RIVERSIDE SAN DIEGO SAN FRANCISCO 4 SANTA BAREARA SANTA CRUZ CHANCELLORS MEDICAL CENTER CHIEF EXECUTIVE OFFICERS LAWRENCE BERKELEY NATIONAL
More informationHuman Research Protection Program (HRPP) HIPAA and Research at Brown
Human Research Protection Program (HRPP) and Research at Brown Version Date: 12/03/2018 I. and Research at Brown A. The Health Insurance Portability and Accountability Act of 1996 () and its regulations,
More informationHIPAA Basics For Clinical Research
HIPAA Basics For Clinical Research Presented by Marilyn Windschiegl d.b.a. PFS Clinical, all rights reserved Caution HIPAA is huge State laws may trump or stand side by side with federal law, so your state
More informationCOLUMBIA UNIVERSITY INSTITUTIONAL REVIEW BOARD POLICY ON THE PRIVACY RULE AND THE USE OF HEALTH INFORMATION IN RESEARCH
COLUMBIA UNIVERSITY INSTITUTIONAL REVIEW BOARD POLICY ON THE PRIVACY RULE AND THE USE OF HEALTH INFORMATION IN RESEARCH I. Background The Health Insurance Portability and Accountability Act of 1996 (as
More informationStandards for Privacy of Individually Identifiable Health Information
Standards for Privacy of Individually Identifiable Health Information 45 CFR 160 and164 as amended: August 14, 2002 Eddie González-Vázquez, MD Research Privacy Officer Suite 622C Main Building PO Box 365067
More informationHIPAA Insurance Portability Act HIPAA. HIPAA Privacy Rule - Education Module for Institutional Review Boards
HIPAA Insurance Portability Act HIPAA HIPAA Privacy Rule - Education Module for Institutional Review Boards The HIPAA Privacy Rule protects the privacy and security of an individual s health information
More informationChildren s Hospital of Philadelphia SOP 707 Page Effective Date: Title: Requirements for and
Page: 1 of 6 I. PURPOSE II. III. IV. The purpose of this SOP is to describe the general requirements for documentation of HIPAA authorization and to enumerate the situations where an authorization or waiver
More informationThis form is to be used in conjunction with the Application for IRB Review
This form is to be used in conjunction with the Application for IRB Review Study Title: Sponsor/Funding Agency (if funded): Principal Investigator Name: A. What is the purpose of this form? The HIPAA Privacy
More informationHIPAA: What Researchers Need to Know
HIPAA: What Researchers Need to Know The Health Insurance Portability and Accountability Act (HIPAA) protects individuals medical records from unauthorized use. Medical records, however, are often integral
More informationCity and County of San Francisco Department of Public Health DPH Health Information Data Use Agreement
This form,, must be completed by researchers who propose to perform research using datasets generated from DPH sources. This Agreement is entered into by and between the City and County of San Francisco
More informationUBMD Policy for HIPAA Compliant Subject Recruitment
UBMD Policy for HIPAA Compliant Subject Recruitment Approved by Executive Committee on December 5, 2016 I. Statement of Purpose This policy is applicable in the situation where the Principle Researcher
More informationProject Number Application D-2 Page 1 of 8
Page 1 of 8 Privacy Board The Johns Hopkins Medical Institutions Health System/School of Medicine/School of Nursing/Bloomberg School of Public Health 5801 Smith Avenue, Suite 235, Baltimore, MD 21209 410-735-6800,
More informationHIPAA Privacy Compliance Plan for Research. University of South Alabama IRB Guidance and Procedures
HIPAA Privacy Compliance Plan for Research University of South Alabama IRB Guidance and Procedures Office of Research Compliance and Assurance CSAB 140 460-6625 Adopted: 4/2/2003 2 HIPAA PRIVACY COMPLIANCE
More informationHIPAA GUIDANCE: ALTERATION OR WAIVER OF AUTHORIZATION (AWA) Revised: July 9, 2004
HIPAA GUIDANCE: ALTERATION OR WAIVER OF AUTHORIZATION (AWA) Revised: July 9, 2004 This guidance addresses: 1. Criteria a covered function should employ for evaluating an IRB issued AWA to determine its
More informationHIPAA and Research at UB
HIPAA and Research at UB Brian Murphy, MS Director, University at Buffalo HIPAA Compliance Office of the President Director, Health Professions IT Partnership Office of the VP for Health Affairs bwmurphy@buffalo.edu
More informationState Data Requests Memo Introduction Defining research
Introduction The (CMS) is committed to better care, better health, and lower costs. As trusted partners in achieving these goals, we believe states should have access to Medicare data for research that
More informationRELEASE OF PROTECTED HEALTH INFORMATION ( PHI ) FOR RESEARCH PURPOSES
RELEASE OF PROTECTED HEALTH INFORMATION ( PHI ) FOR RESEARCH PURPOSES PURPOSE The purpose of this policy is to establish guidelines for the release of Protected Health Information ( PHI ) for research
More informationUniversity of Mississippi Medical Center Data Use Agreement Protected Health Information
Data Use Agreement Protected Health Information This Data Use Agreement ( DUA ) is effective on the day of, 20, ( Effective Date ) by and between University of Mississippi Medical Center (UMMC) ( Data
More informationPOLICY REGARDING NOTICE OF PRIVACY PRACTICES
Purpose: Standard: Policy: To set forth the policy and procedures of West Virginia University Physicians of Charleston ( WVUPC ) regarding the preparation and dissemination of its Notice of Privacy Practices.
More informationBusiness Associate Agreement
Business Associate Agreement This Business Associate Agreement (this Agreement ) is entered into on the Effective Date of the Azalea Health Software as a Service Agreement and/or Billing Service Provider
More informationHIPAA Policy 5032 Statement of Policy on Use and Disclosure of Protected Health Information for Research Purposes
HIPAA Policy 5032 Statement of Policy on Use and Disclosure of Protected Health Information for Research Purposes Responsible Office Provost Effective Date 04/14/03 Responsible Official Privacy Officer
More informationLast Approval Date: April 2017
Page 1 of 6 I. PURPOSE The purpose of this policy is to explain how workforce members of the Stanford University HIPAA Components (SUHC) must make reasonable efforts to limit their use or disclosure of
More informationHHS Proposed Rule Modification for the HIPAA Standards for Privacy of Individually Identifiable Health Information (NPRM)
HHS Proposed Rule Modification for the HIPAA Standards for Privacy of Individually Identifiable Health Information (NPRM) PART 160--GENERAL ADMINISTRATIVE REQUIREMENTS 1. The authority citation for part
More informationUPMC POLICY AND PROCEDURE MANUAL
UPMC POLICY AND PROCEDURE MANUAL POLICY: HS-EC1602 * INDEX TITLE: Ethics & Compliance SUBJECT: Use & Disclosure of Protected Health Information (PHI) Including: Fundraising, Marketing and Research DATE:
More informationHIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE
HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE Policy Preamble This privacy policy ( Policy ) is designed to
More informationHEALTH INFORMATION PRIVACY POLICIES & PROCEDURES
Drs. Hammond and von Roenn HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES These Health Information Privacy Policies & Procedures implement our obligations to protect the privacy of individually identifiable
More informationHIPAA s Medical Privacy Standards:
HIPAA s Medical Privacy Standards: The Long and Really Winding Road Michael D. Bell, Esq. Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. Washington, D.C. (202) 434-7481 mbell@mintz.com The Health
More informationDefinitions: Policy: Procedure:
PRIVACY 23.0 ACCOUNTING OF DISCLOSURES Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have direct or indirect access to
More informationCHAPTER 33 HIPAA PRIVACY REGULATIONS
CHAPTER 33 HIPAA PRIVACY REGULATIONS I. INTRODUCTION The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress and signed into law by President Clinton in 1996. Most people
More informationCentral Florida Regional Transportation Authority Table of Contents A. Introduction...1 B. Plan s General Policies...4
Table of Contents A. Introduction...1 1. Purpose...1 2. No Third Party Rights...1 3. Right to Amend without Notice...1 4. Definitions...1 B. Plan s General Policies...4 1. Plan s General Responsibilities...4
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Agreement dated as of is made by and between, on behalf of its (School/Department/Division) (hereinafter referred to as Covered Entity ) and, (hereinafter Business Associate
More informationTHE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES
THE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES Effective: November 8, 2012 Terms used, but not otherwise defined, in this Policy and Procedure have
More informationUSE AND DISCLOSURE REQUIRING AUTHORIZATION. Identifies when Facilities may use and disclose PHI of patients pursuant to an Authorization.
PRIVACY 3.0 USE AND DISCLOSURE REQUIRING AUTHORIZATION Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have direct or indirect
More informationPOLICY FOR THE PROTECTION OF HUMAN SUBJECTS IN RESEARCH
PURPOSE: 1.01 The purpose of this policy is to formalize Oklahoma State University s (hereinafter referred to as OSU or the University) obligation to protect human subjects and confirm the University s
More information~Cityof. ~~Corpu~ ~.--=.;: ChnstI City Policies HR29.0 NO.
~Cityof ~~Corpu~ ~.--=.;: ChnstI City Policies SUBJECT: Health Insurance Portability & Accountability Act (HIPPA) Privacy Policies & Procedures NO. HR29.0 Effective: 04/14/2003 Revised: 01117/2005 APPROVED:
More informationTEXAS SOUTHERN UNIVERSITY HIPAA BUSINESS ASSOCIATE AGREEMENT
This HIPAA Business Associate Agreement (this BA Agreement ) is made and entered into by ( Provider ), a, located at, and Texas Southern University, an agency and institution of higher education established
More informationHIPAA PRIVACY RULE POLICIES AND PROCEDURES
HIPAA PRIVACY RULE POLICIES AND PROCEDURES Purpose: The purpose of this document is to educate, and identify the need to formally create and implement policies and procedures for Hudson Community School
More informationSTATE OF FLORIDA DEPARTMENT OF. NO TALLAHASSEE, June 2, Chapter 1
CFOP 60-17 STATE OF FLORIDA DEPARTMENT OF CF OPERATING PROCEDURE CHILDREN AND FAMILIES NO. 60-17 TALLAHASSEE, June 2, 2008 Chapter 1 NOTICE OF PRIVACY POLICY AND MANAGEMENT AND PROTECTION OF PERSONAL HEALTH
More informationSUBJECT: Disclosure and accounting of protected health information (PHI).
QUALITY IMPROVEMENT IMPLEMENTATION GUIDE EXERCISE 44, 9/2009 SUBJECT: Disclosure and accounting of protected health information (PHI). REFERENCES: DoD 6025.18-R, DoD Health Information Privacy Regulation
More informationPrivacy Regulations HIPAA-Administrative Simplification Internal Assessment
Privacy Regulations HIPAA-Administrative Simplification Internal Regulation/Standard Use and Disclosure 164.502 Uses and disclosures of protected health information: general rules. (a) Standard. A covered
More informationHEALTH REIMBURSEMENT ARRANGEMENT PLAN DOCUMENT. City of Colorado Springs
HEALTH REIMBURSEMENT ARRANGEMENT PLAN DOCUMENT City of Colorado Springs Established January 1, 2011 Restated January 1, 2013 i TABLE OF CONTENTS ARTICLE I ADOPTION AGREEMENT... 1 1.1 Name of Plan:... 1
More informationCity and County of San Francisco Section 125 Cafeteria Plan. Plan Year January December
City and County of San Francisco Section 125 Cafeteria Plan Plan Year January December 20132014 TABLE OF CONTENTS Page INTRODUCTION... 1 ARTICLE I DEFINITIONS... 3 Annual Open Enrollment Election Period...
More informationRECITALS. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:
This Business Associate Agreement ( BAA ) is entered into by and between NORCAL Mutual Insurance Company ( NORCAL ) and Insured/Applicant ( Covered Entity ) and is effective as of September 23 rd, 2013
More informationSUNY DOWNSTATE MEDICAL CENTER UNIVERSITY HOSPITAL OF BROOKLYN POLICY AND PROCEDURE
SUNY DOWNSTATE MEDICAL CENTER UNIVERSITY HOSPITAL OF BROOKLYN POLICY AND PROCEDURE Subject: USE OF LIMITED DATA SETS Page 1 of 3 No. HIPAA-27 Original Issue Date: 12/2003 Prepared by: Shoshana Milstein
More informationE-Protocol Document Checklist and GPS IRB Guide - Students
and GPS IRB Guide - Students Please use this checklist as a guide for the submission of your Exempt, Expedited, or Full Review IRB Applications through the e-protocol system. The following documents are
More informationNorth Shore LIJ Health System, Inc. Facility Name. CATEGORY: Effective Date: 8/15/13
North Shore LIJ Health System, Inc. Facility Name POLICY TITLE: HIPAA Marketing and Sale of Protected Health Information Policy ADMINISTRATIVE POLICY AND PROCEDURE MANUAL POLICY #: 800.43 System Approval
More informationNESNIP PRIVACY WORKGROUP
NESNIP PRIVACY WORKGROUP HIPAA s Minimum Necessary Standard August 10, 2001 Presented by: GENERAL RULE Implement reasonable procedures to ensure that only the minimum necessary of protected health information
More informationHIPAA Policy Minimum Necessary Use December 1, 2015
HIPAA Policy Minimum Necessary Use December 1, 2015 SCOPE This policy applies to Florida Atlantic University s Covered Components and those working on behalf of the Covered Components for purposes of complying
More informationTo inform the UAMS workforce about the requirements for a patient s request to amend medical records or Protected Health Information (PHI).
UAMS ADMINISTRATIVE GUIDE NUMBER: 2.1.17 DATE: 4/1/2003 REVISION: 10/1/2007; 8/4/2010; 08/01/2012; 04/16/2014 PAGE: 1 of 6 SECTION: HIPAA AREA: HIPAA PRIVACY/SECURITY POLICIES SUBJECT: PATIENT S REQUEST
More information39. PROTECTED HEALTH INFORMATION POLICY
39. PROTECTED HEALTH INFORMATION POLICY POLICY Scott County employs a "minimum necessary" standard that prohibits the use or disclosure of more than the minimum amount of protected health information (PHI)
More informationMERANI CONSTRUCTION LLC CAFETERIA PLAN BASIC PLAN DOCUMENT #125
MERANI CONSTRUCTION LLC CAFETERIA PLAN BASIC PLAN DOCUMENT #125 MERANI CONSTRUCTION LLC CAFETERIA PLAN BASIC PLAN DOCUMENT TABLE OF CONTENTS ARTICLE 1 INTRODUCTION Section 1.01 Plan... 1 Section 1.02 Application
More informationTexas Tech University Health Sciences Center HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 Reviewed Date: August 7, 2017 References: http://www.hhs.gov/ocr/hippa HSC HIPAA website http://www.ttuhsc.edu/hipaa/policies_procedures.aspx
More informationHealth Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates
Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates I. OVERVIEW/DEFINITIONS The Health Insurance Portability and Accountability Act (HIPAA) is a federal
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS
COVERYS RRG, INC. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS WHEREAS, the Administrative Simplification section of the Health Insurance Portability and
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 9 I. Policy The HIPAA Privacy Rule requires that, in most situations, patients provide written authorization prior to uses or disclosures of their protected health information. This policy is
More informationUSE OF PROTECTED HEALTH INFORMATION ( PHI ) FOR MARKETING PURPOSES
USE OF PROTECTED HEALTH INFORMATION ( PHI ) FOR MARKETING PURPOSES PURPOSE The purpose of this policy is to establish guidelines for the release of Protected Health Information( PHI ) for marketing purposes
More informationLimited Data Set Data Use Agreement For Research
Limited Data Set Data Use Agreement For Research This Data Use Agreement is dated,, and is between the ( Recipient ) and University of Miami, ( Covered Entity ). This Data Use Agreement is made in accordance
More informationOMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS
OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT Effective Date: September 23, 2013 RECITALS WHEREAS a relationship exists between the Covered Entity and the Business Associate that performs certain functions
More informationMemorandum of Understanding Institutional Review Board (IRB) Agreement Between University of Southern California and Children s Hospital Los Angeles
Memorandum of Understanding Institutional Review Board (IRB) Agreement Between University of Southern California and Children s Hospital Los Angeles Effective January 30, 2014 1) Agreement Children s Hospital
More informationNotice of Privacy Practices
Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. PURPOSE STATEMENT
More informationSUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT
SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (Revised on March 1, 2016) THIS HIPAA SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into on (the Effective Date ), by and between ( EMR ),
More informationSUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM
SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM This Subcontractor Business Associate Addendum (the Addendum ) is entered into this day of, 20, by and between the University of Maine System, acting through the
More informationEmma Eccles Jones College of Education & Human Services
POLICY INFORMATION Document # 106 Revision # 1.0 Safeguard: HIPAA Privacy Title: Patient Right to Request an Accounting of s of PHI Prepared by: J. Black Approved by: Dean Beth E. Foley Print Date: 9/20/2016
More informationACGME BUSINESS ASSOCIATE AGREEMENT
ACGME Business Associate Agreement Template Clinical Site 8/1/2014 Institution Number (Insert name of sponsoring institution, co-sponsor, participating institution or clinical site and institution number
More informationHIPAA FUNDAMENTALS For Substance abuse Treatment Industry
HIPAA FUNDAMENTALS For Substance abuse Treatment Industry (c)firststepcounselingonline2014 1 At the conclusion of the course/unit/study the student will... ANALYZE THE EFFECTS OF TRANSFERING INFORMATION
More informationKay Concrete Materials, Inc.
Kay Concrete Materials, Inc. Protecting Your Health Information Privacy Rights April 18 th, 2016 Kay Concrete Materials, Inc. is committed to the privacy of your health information. The Company uses strict
More informationBUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H:
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( this Agreement ) is made and entered into as of this day of 2015, by and between TIDEWELL HOSPICE, INC., a Florida not-for-profit corporation,
More informationARTICLE 1. Terms { ;1}
The parties agree that the following terms and conditions apply to the performance of their obligations under the Service Contract into which this Exhibit is being incorporated. Contractor is providing
More informationSecurity and Privacy Policies
Security and Privacy Policies HEALTHeLINK 2008-2017 Table of Contents Security and Privacy Policies Privacy Policies Policy Name Policy # Page Amendment of Data P02 4 Authorized User Access P03 6 Patient
More informationTerms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in 45 CFR and
This Business Associate Addendum, effective April 1, 2003, is entered into by and between Guilford County and/or Guilford County Department of Social Services and/or Guilford County Department of Public
More informationTexas Tech University Health Sciences Center El Paso HIPAA Privacy Policies
Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 References: http://www.hhs.gov/ocr/hipaa TTUHSC El Paso HIPAA website: http://elpaso.ttuhsc.edu/hipaa/ Policy Statement
More informationELECTRONIC MEDICAL RECORD ACCESS AGREEMENT
ELECTRONIC MEDICAL RECORD ACCESS AGREEMENT This Agreement is made this day of, 2018 ( Effective Date ), by and between Saint Elizabeth Medical Center, Inc. dba St. Elizabeth Healthcare, a Kentucky non-profit
More informationAUTHORIZATION TO RELEASE PROTECTED HEALTH INFORMATION
AUTHORIZATION TO RELEASE PROTECTED HEALTH INFORMATION Policy: Rationale: The University of Connecticut will disclose protected health information (PHI) in accordance with the consent, authorization, or
More informationUniversity of Wisconsin-Madison Policy and Procedure
Effective Date: March 12, 2003 Page 1 of 6 I. Policy The HIPAA Privacy Rule and HITECH regulations permits a covered entity to disclose protected health information to a business associate, and may allow
More informationNATIONAL RURAL ELECTRIC COOPERATIVE ASSOCIATION GROUP BENEFITS PROGRAM
NATIONAL RURAL ELECTRIC COOPERATIVE ASSOCIATION GROUP BENEFITS PROGRAM Medical Plan Dental Plan Vision Plan Long Term Disability Plan Short Term Disability Plan Group Term Life and AD&D Insurance Plan
More informationGive you this notice of our legal duties and privacy practices related to the use and disclosure of your protected health information
Notice Of Privacy Practices - Effective Date: October 17, 2017 You may exercise the following rights by submitting a written request to the Student Health Center Privacy Contact (Director of Health Services).
More informationEffective Date: 08/2013
POLICY/GUIDELINE TITLE: HIPAA Marketing and Sale of Protected Health Information Policy POLICY #: 800.43 System Approval Date: 5/18/18 Site Implementation Date: 6/17/18 Prepared by: ADMINISTRATIVE POLICY
More informationUNIVERSITY POLICY. Access of Individuals to Their Protected Health Information. Adopted: 01/23/2003 Reviewed: 3/11/2016
UNIVERSITY POLICY Policy Name: Access of Individuals to Their Protected Health Information Section #: 100.1.4 Section Title: HIPAA Policies Approval Authority: Responsible Executive: Responsible Office:
More informationNETWORK PARTICIPATION AGREEMENT
NETWORK PARTICIPATION AGREEMENT THIS NETWORK PARTICIPATION AGREEMENT ( Agreement ) is entered into on the date(s) indicated below, by and between the undersigned physician (hereinafter Physician ; and
More informationPursuing Research with an External Collaborator. June 6, 2018
Pursuing Research with an External Collaborator June 6, 2018 Course Objectives How to foster/ initiate collaborations with an external partner The necessary contracts to initiate working with an external
More informationALAMEDA COUNTY CAFETERIA PLAN FOR ELIGIBLE EMPLOYEES. Amended and Restated Plan Document. January 1, 2014
ALAMEDA COUNTY CAFETERIA PLAN FOR ELIGIBLE EMPLOYEES Amended and Restated Plan Document January 1, 2014 TABLE OF CONTENTS Page INTRODUCTION...1 ARTICLE I DEFINITIONS... 2 1.1 Applicable Law... 2 1.2 Benefit
More informationUNIVERSITY PHYSICIANS OF BROOKLYN MEDICAL CENTER UNIVERSITY PHYSICIANS OF BROOKLYN POLICY AND PROCEDURE
UNIVERSITY PHYSICIANS OF BROOKLYN MEDICAL CENTER UNIVERSITY PHYSICIANS OF BROOKLYN POLICY AND PROCEDURE Subject: ACCOUNTING OF DISCLOSURES Page 1 of 5 No. HIPAA-1 Prepared by: Shoshana Milstein RHIA, CHP,
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into this 22 nd day of September, 2014 ( Effective Date ), by and between Customer_Name with a place of business
More informationCentral Susquehanna Region School Employees Health and Welfare Trust
Central Susquehanna Region School Employees Health and Welfare Trust NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
More informationHand & Microsurgery Medical Group, Inc. HIPAA NOTICE AND ACKNOWLEDGEMENT
Hand & Microsurgery Medical Group, Inc. HIPAA NOTICE AND ACKNOWLEDGEMENT Acknowledgement: I acknowledge that I have received the attached Notice of Privacy Practice. Patient or Personal Representative
More informationDuPont Company HIPAA Privacy Policies and Procedures
DuPont Company HIPAA Privacy Policies and Procedures Originally Effective April 10, 2003 (Amended as of June 1, 2017) These Policies and Procedures have been created in order for the DuPont Health Plans*
More informationRobert E. Parker, Ph.D., P.C st Ave S. #101 Normandy Park, WA (206)
Robert E. Parker, Ph.D., P.C. 19987 1 st Ave S. #101 Normandy Park, WA 98148 (206) 824-7275 HIPAA - WASHINGTON NOTICE FORM Notice of Psychologists Policies and Practices to Protect the Privacy of Your
More informationPRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
1NovaMed Surgery Center of Maryville, LLC PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
More informationPsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN Telephone: (952) Facsimile: (952)
PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 Updated 1/28/2016 PSYBAR, L. L. C. INDEPENDENT CONTRACTOR AGREEMENT PsyBar attempts to
More informationNEW YORK STATE EMPLOYEE CAFETERIA PLAN
NEW YORK STATE EMPLOYEE CAFETERIA PLAN Amended and Restated as of January 1, 2012 New York State Employee Cafeteria Plan Table of Contents Introduction... 1 Article I Definitions... 2 Article II Participation...
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into this day of, 20, by and between the University of Maine System ( University ), and ( Business Associate ).
More informationFACT Business Associate Agreement
Policy Document #: 2.1.003 Revision: 3 Valid Date: 27June2012 Page 1 of 2 Effective Date: 27Jun2012 FACT Business Associate Agreement 1.0 Purpose The purpose of this document is to establish terms for
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the Agreement ) is entered into this day of, 20, by and between the University of Maine System acting through the University of ( University
More informationDefinitions. Except as otherwise provided, the following definitions apply to this subchapter:
HIPPA REGULATIONS (SELECTED SECTIONS FROM 45 C.F.R. PARTS 160 & 164) 160.101 Statutory basis and purpose. The requirements of this subchapter implement sections 1171 through 1179 of the Social Security
More informationUniversity of Wisconsin Milwaukee
University of Wisconsin Milwaukee Policies and Procedures for the Protection of Patient Health Information Under the Health Insurance Portability and Accountability Act ( HIPAA ) Published April 14, 2003
More information