Definitions: Policy: Procedure:

Similar documents
Emma Eccles Jones College of Education & Human Services

USE AND DISCLOSURE REQUIRING AUTHORIZATION. Identifies when Facilities may use and disclose PHI of patients pursuant to an Authorization.

BREACH NOTIFICATION POLICY

ACCOUNTING FOR DISCLOSURES OF PROTECTED HEALTH INFORMATION

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule

UNIVERSITY PHYSICIANS OF BROOKLYN MEDICAL CENTER UNIVERSITY PHYSICIANS OF BROOKLYN POLICY AND PROCEDURE

Business Associate Agreement

Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)

MARSHALLTOWN MEDICAL & SURGICAL CENTER Marshalltown Iowa ADMINISTRATIVE POLICY AND PROCEDURE

HIPAA Privacy: PHI Disclosure Accounting (Changes) and Access Report (New)

HIPAA PRIVACY MONITORING REQUIREMENTS

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government

UNIVERSITY POLICY. Access of Individuals to Their Protected Health Information. Adopted: 01/23/2003 Reviewed: 3/11/2016

Business Associate Agreement

Business Associate Agreement For Protected Healthcare Information

RECITALS. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:

Business Associate Agreement

University of Wisconsin Milwaukee

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

HIPAA & HITECH Privacy & Security. Volunteer Annual Review 2017

FACT Business Associate Agreement

Interpreters Associates Inc. Division of Intérpretes Brasil

COBRA Setup Fact Sheet for Oswald agent

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT

UAMS ADMINISTRATIVE GUIDE NUMBER: 2.1

ARTICLE 1. Terms { ;1}

COMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM

HIPAA PRIVACY RULE POLICIES AND PROCEDURES

POLICY REGARDING NOTICE OF PRIVACY PRACTICES

SUBJECT: Disclosure and accounting of protected health information (PHI).

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE ADDENDUM

OVERVIEW OF RECENT CHANGES IN HIPAA AND OHIO PRIVACY LAWS

HIPPA Research Policy

What do you need? Copy of HIPAA Policy on Accounting for Uses or Disclosures of Protected Health Information Department Disclosure Log(s)

HIPAA Notice of Privacy Practices

ACGME BUSINESS ASSOCIATE AGREEMENT

HIPAA s Medical Privacy Standards:

New. To comply with HIPAA notice requirements, all Providence covered entities shall follow, at a minimum, the specifications described below.

University of Wisconsin-Madison Policy and Procedure

OCR Phase II Audit Protocol Breach Notification. HIPAA COW Spring Conference 2017 Page 1 Boerner Consulting, LLC

HIPAA Special Considerations: Individual Right to Request Restriction of Uses and Disclosures of PHI Voluntary and Mandatory

AUTHORIZATION TO RELEASE PROTECTED HEALTH INFORMATION

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)

ALERT. November 20, 2009

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES

BUSINESS ASSOCIATE AGREEMENT

IACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP

SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM

Last Approval Date: April 2017

Emma Eccles Jones College of Education & Human Services. Title: Business Associate Agreements

SUMMARY OF PRIVACY PRACTICES

Compliance Steps for the Final HIPAA Rule

LIMITED DATA SET REQUEST AND DATA USE AGREEMENT

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

HIPAA Privacy Rule. Positive Changes Affecting Hospitals Implementation of the Rule Melinda Hatton -- Oct. 31, 2002

TEXAS SOUTHERN UNIVERSITY HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Texas Tech University Health Sciences Center HIPAA Privacy Policies

COLUMBIA UNIVERSITY INSTITUTIONAL REVIEW BOARD POLICY ON THE PRIVACY RULE AND THE USE OF HEALTH INFORMATION IN RESEARCH

North Shore LIJ Health System, Inc. Facility Name. CATEGORY: Effective Date: 8/15/13

Title: HP-53 Use and Disclosure of Protected Health Information for Purposes of Research. Department: Research

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS

HOW TO COMPLETE A BUSINESS ASSOCIATE AGREEMENT (BAA)

Interim Date: July 21, 2015 Revised: July 1, 2015

Limited Data Set Data Use Agreement For Research

Children s Hospital of Philadelphia SOP 707 Page Effective Date: Title: Requirements for and

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

Texas Tech University Health Sciences Center El Paso HIPAA Privacy Policies

HIPAA ADDENDUM TO SERVICE AGREEMENT

HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES

Terms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in 45 CFR and

Alfred University Effective Date: January 1, 2019

HIPAA Business Associate Agreement Passport to Languages

DEPARTMENT OF VERMONT HEALTH ACCESS GENERAL PROVIDER AGREEMENT

COLUMBIA UNIVERSITY MEDICAL CENTER INSTITUTIONAL REVIEW BOARD (IRB)

STATE OF FLORIDA DEPARTMENT OF. NO TALLAHASSEE, June 2, Chapter 1

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

ELECTRONIC MEDICAL RECORD ACCESS AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

NESNIP PRIVACY WORKGROUP

Effective Date: 08/2013

HIPAA Business Associate Agreement

Florida Health Information Exchange General Participation Terms and Conditions

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

45 CFR Part 164. Interim Final Rule Breach Notification for Unsecured Protected Health Information

Sponsored by Catholic Health Ministries

GUIDE TO PATIENT PRIVACY AND SECURITY RULES

Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Hybrid Entity Policy ISUPP 10010

NOTICE OF PRIVACY PRACTICES SOUTH DAYTON ACUTE CARE CONSULTANTS, INC.

Washington Producer Application

CHAPTER 33 HIPAA PRIVACY REGULATIONS

BUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H:

Transcription:

PRIVACY 23.0 ACCOUNTING OF DISCLOSURES Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have direct or indirect access to patient protected health information (PHI) created, held or maintained by any subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS ), including UHS covered entities ( Facilities ). Identifies and establishes procedures for providing, upon request of a patient or authorized personal representative, as applicable, an accounting of disclosures of PHI made by a Facility. Definitions: Terms not defined in this Policy or the HIPAA Terms and Definitions maintained by the UHS Compliance Office will have the meaning as defined in any related State or Federal privacy law including the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 ( HIPAA ) and regulations promulgated thereunder by the U.S. Department of Health and Human Services ( HHS ) at 45 CFR Part 160 and 164, Subparts A and E ( Privacy Regulations or Privacy Rule ) and Subparts A and C ( Security Regulations or Security Rule ), the Health Information Technology for Economic and Clinical Health Act ( HITECH ) privacy and security provisions of the American Recovery and Reinvestment Act (Stimulus Act) for Long Term Care, Public Law 111-5, the American Recovery and Reinvestment Act of 2009 ( ARRA ), Title XIII and related regulations. Policy: Patients have a right to an accounting of disclosures of PHI made by a Facility in the six years prior to the date on which an accounting is requested. The Facility will provide a requested accounting of disclosures in accordance with the HIPAA Privacy Rule, using the process described in this Policy. Procedure: Upon request, a patient (or his/her authorized personal representative, as applicable) ( individual ), will be provided an accounting of disclosures of PHI made by the Facility in the six (6) years prior to the date on which an accounting is requested. An individual may request a shorter time frame than the maximum six (6) years or may restrict it to a certain time frame (such as the timeframe of a particular admission). Disclosures Not Included in the Accounting

The following are not required to be included in an accounting of disclosures: Disclosures to carry out treatment, payment and health care operations, as described in UHS Privacy 5.0 Use and Disclosure for Treatment, Payment and Health Care Operations Disclosures to individuals of PHI about them Incidental uses and disclosures that occur as a byproduct of a permissible or required use or disclosure, as long as the Facility has applied reasonable safeguards and implemented the minimum necessary standard, where applicable, for the primary use or disclosure. Disclosures made pursuant to an authorization under UHS Privacy 3.0 Use and Disclosure Requiring Authorization Disclosures in the Facility's directory (if applicable) under UHS Privacy 12.0 Patient Directory Policy or to persons involved in the individual's care or other notification purposes Disclosures for national security or intelligence purposes under UHS Privacy 9.0 Disclosures for Armed Services, National Security and Other Government Functions Disclosures to correctional institutions under UHS Privacy 17.0 Disclosures to Correctional Institutions or Law Enforcement with Lawful Custody Disclosures that are part of a limited data under UHS Privacy 7.0 Limited Data Sets and Data Use Agreements Disclosures that occurred more than six years before the individual s request Requirements of the Accounting If an accounting is required, the accounting must include disclosures of PHI that occurred during the six years prior to the date of the request, including disclosures to or by business associates of the Facility. The time frame may be shorter, depending on the request. 1. Content of the Accounting The Facility will provide a written accounting to the individual that includes the following information, for each disclosure made within the applicable timeframe: The date of the disclosure;

The name of the entity or person who received the PHI and, if known, the address of such entity or person; A brief description of the PHI disclosed; and Either a brief statement that describes the purpose and basis for the disclosure or a copy of the written request for the disclosure (applies when a request for disclosure is made by the Secretary of HHS to investigate the Facility or by another entity as described in UHS Privacy 26.0 Use and Disclosure Not Requiring Authorization or Opportunity to Agree/Object. 2. Repeated Disclosures to the same Person/Entity If a Facility has made multiple disclosures to the same person or entity for a single purpose during the requested accounting period, the Facility may provide an accounting that is limited to the following information, in order to avoid repeating the information for each disclosure: The full information required above for the initial disclosure made during the requested accounting period; The frequency, periodicity, or number of the disclosures made during the requested accounting period; and The date of the last disclosure during the requested accounting period. 3. Large Disclosure for Research If a Facility has disclosed PHI for a particular research purpose involving fifty (50) or more individuals, the accounting may be limited to the following information: The name of the protocol or other research activity; A description (in plain language) of the research protocol or other research activity, including the purpose of the research and the criteria for selecting particular records; A brief description of the type of PHI that was disclosed; The date or period of time during which the disclosures occurred, or may have occurred, including the date of the last disclosure made during the requested accounting period; The name, address, and telephone number of the entity that sponsored the research and of the researcher to whom the information was disclosed; and

A statement that the PHI of the individual may or may not have been disclosed for a particular protocol or other research activity. Upon request, the Facility will assist the requester in contacting the entity that sponsored the research and the researcher, if it is reasonably likely that the requestor s PHI was disclosed for the research. Temporary Suspension The Facility is required to temporarily suspend an individual's right to receive an accounting of disclosures that were made to a health oversight agency or law enforcement official, if the agency or official states in writing that the accounting would be reasonably likely to impede the agency's activities. The written request must specify a timeframe for the suspension. If the agency requests a suspension of accounting of disclosures orally, then the Facility must: Document the statement, including the identity of the agency or official making the statement; Temporarily suspend the individual's right to an accounting of disclosures subject to the statement; and Limit the temporary suspension to no longer than thirty (30) days from the date of the oral statement, unless a written request for a suspension is submitted by the agency during the thirty (30) days. Deadline to Provide the Accounting The deadline for providing an accounting of disclosures is sixty (60) days following receipt of the request. If the Facility is not able to provide the accounting within sixty (60) days, the deadline may be extended once by thirty (30) days if, within the original 60-day deadline, the Facility provides the individual with a written statement of the reasons for the delay and the date by which the Facility will provide the accounting. Fees for Accounting The Facility must provide the first accounting of disclosures that an individual requests in any 12-month period without charge. If the same individual requests more than one accounting within a twelve (12) month period, the facility may impose a reasonable, cost-based fee for each subsequent accounting, as long as the Facility: informs the individual in advance of the fee; and

provides the individual with an opportunity to withdraw or modify the request for a subsequent accounting in order to avoid or reduce the fee. Documentation Facilities must document the following, and retain a written or electronic copy of the documentation for six (6) years: The information required to be included in an accounting for disclosures of PHI that are subject to an accounting under this Policy; The written accounting that is provided to the individual under this section; and The titles of the persons or offices responsible for receiving and processing requests for an accounting by individuals. References: 45 C.F.R. 164.502 45 C.F.R. 164.506 45 C.F.R. 164.512 45 C.F.R. 164.528 45 C.F.R. 164.530 45 C.F.R. 164.414 Related UHS Policies: UHS Privacy 9.0 Disclosures for Armed Services, National Security and Other Government Functions UHS Privacy 17.0 Disclosures to Correctional Institutions or Law Enforcement with Lawful Custody UHS Privacy 7.0 Limited Data Sets and Data Use Agreements UHS Privacy 12.0 Patient Directory Policy UHS Privacy 14.0 Use and Disclosure for Research and Reviews Preparatory to Research UHS Privacy 5.0 Use and Disclosure for Treatment, Payment and Health Care Operations UHS Privacy 26.0 Use and Disclosure Not Requiring Authorization or Opportunity to Agree/Object UHS Privacy 3.0 Use and Disclosure Requiring Authorization

Revision Dates: 10-12-2017; 11-16-2015; 07-22-2013 Implementation Date: 07-25-2011 Reviewed and Approved by: UHS Compliance Committee

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback