Winthrop-University Hospital
|
|
- Ezra Stokes
- 4 years ago
- Views:
Transcription
1 Winthrop-University Hospital Use of Patient Information in the Conduct of Research Activities In accordance with 45 CFR (i), (a-c) and in connection with the implementation of the HIPAA Compliance Plan, Winthrop-University Hospital has developed and will implement this Policy for the application of HIPAA to all research activities. Winthrop- University Hospital currently relies upon two institutional review boards ( IRB(s) ), the Winthrop-University Hospital Institutional Review Board ( WUH IRB ) and the Western Institutional Review Board ( Western IRB ), to ensure that all human research projects conducted at Winthrop University Hospital are performed in compliance with the federal regulations (e.g., the Common Rule) and will continue to rely upon these two institutional review boards to ensure compliance with HIPAA as well. 1 This Policy is designed to ensure that any such research conducted at Winthrop-University Hospital under the authority of either the WUH IRB or the Western IRB will be conducted in full compliance with HIPAA. A General Application of HIPAA to Research. 2 HIPAA applies to all research studies which involve the use or disclosure of individually identifiable protected health information ( PHI ). HIPAA applies regardless of the source of funding for the research. Research studies affected by HIPAA include: (i) record research (i.e., research using previously existing PHI, such as research involving a review of previously created medical records or previously collected tissue specimens); (ii) research not involving research related treatment; and (iii) research involving treatment 3 of research participants such as clinical trials. 1 Note: The Western IRB reviews all human research studies which are sponsored by pharmaceutical companies and involve out patients of Winthrop-University Hospital. WUH IRB reviews all other human research studies. 2 Note: Research is defined, under HIPAA, as systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge. 3 Note: Treatment is defined, under HIPAA, as the provision, coordination, or management of health care and related services by one or more health care providers, including (i) coordination or management of health care by a health care provider with a third party, (ii) consultation between health care providers relating to a patient, and (iii) the referral of a patient for health care from one health care provider to another.
2 When an investigator conducts a research study that is subject to both HIPAA and the Common Rule, the investigator must comply with the regulations under both laws. Additionally, where applicable, a research study must also comply with the Federal Drug Administration s human subjects regulations. Winthrop-University Hospital requires that any investigator conducting a research study involving the use or disclosure of PHI must ensure the receipt of a HIPAA authorization, approved by either the WUH IRB or the Western IRB, from each research participant prior to using or disclosing PHI for research purposes unless with prior review and approval by either the WUH IRB or the Western IRB one of the following five exceptions under which research can be conducted using PHI without first obtaining an authorization exists: a. the investigator is only conducting a review preparatory to future research; b. the research study uses only PHI of deceased individuals; c. the investigator uses only a limited data set in conducting the research study and obtains a data use agreement from all recipients of the limited data set; d. the investigator uses only de-identified PHI in conducting the research study; or e. the investigator obtains a waiver of the authorization requirement from the WUH IRB prior to commencing the research study. Note: If the research involves treatment of the patient, the patient will also need to receive a privacy notice and sign an acknowledgment, where applicable, as discussed in Section G below. Winthrop-University Hospital requires that, whenever PHI is being used or disclosed for research purposes pursuant to an exception from the authorization requirement by either the WUH IRB or the Western IRB, the investigator shall comply with Winthrop-University Hospital s minimum necessary policies, procedures and requirements. In order to comply with the minimum necessary requirements, the investigator shall make reasonable efforts to limit the uses and disclosures of, and requests for, PHI to the minimum necessary to accomplish the purpose(s) of the research study. (See Minimum Necessary Policy) B Research Authorization. In those instances where an investigator s research study does not fit into one of the exceptions to obtaining an authorization (as discussed in Section C through G below) and the investigator intends to use or disclose PHI during the conduct of his/her research study, the investigator should ensure that a valid, executed authorization is obtained from each research participant or his/her legally authorized representative. All research authorizations shall be reviewed and approved by either the WUH IRB or the Western IRB during the appropriate IRB s initial review of the investigator s research request (as discussed in Section H below) unless the investigator complies with one of the above-mentioned exceptions.
3 1 Requirements for All Authorizations. All research authorizations shall be written in plain language and contain at least the following: a. A meaningful and specific description of the individually identifiable health information to be used in the research study; b. A list of all persons (or classes of persons) who may use or disclose the individually identifiable health information; c. A list of the persons (or classes of persons) to whom the individually identifiable health information may be disclosed; d. The expiration date or event of the authorization. For research purposes this statement can be end of the research or none (especially with respect to research data bases, repositories); e. A statement that the research participant has a right to revoke the authorization at any time and a description of how to revoke the authorization; f. A statement noting that used or disclosed individually identifiable health information may be subject to re-disclosure and no longer protected by the law; g. The signature and date of the research participant or his/her authorized representative. If signed by an authorized representative, a statement of such representative s authority to act for the research participant; h. A statement of each purpose of the use or disclosure of the individually identifiable health information; and i. For research not involving research-related treatment: A statement that the research subject has right to refuse to sign the authorization without being denied treatment and that participation is conditioned on the research participant executing the authorization. The authorization should be witnessed by any competent adult, included in the research participant s medical record and each research participant should be provided with an executed copy. For a discussion of authorizations where Winthrop-University Hospital seeks an individual s written legal permission to obtain PHI about the individual from another covered entity that maintains the PHI to make a disclosure of the PHI, see Winthrop-University Hospital Policy on Authorizations for Uses and Disclosures of Patient Information. 2 For Studies which Include Treatment. Where the research study is, however, being conducted in connection with research-related treatment of the research participant, the research
4 authorization may contain a statement that provision of the research-related treatment is conditioned on the research participant executing the authorization. Where a research study that includes treatment is being conducted as part of a clinical trial, the research participant can be denied the right to access the individually identifiable health information obtained in the course of that clinical trial (the Research Information ). In order to deny the research participant access to Research Information: a. The research authorization must contain a statement informing the research participant that he/she will be denied access to the Research Information during the course of the clinical trial. b. The research participant must agree to the denial of access to Research Information when he/she consents to participation in the clinical trial. c. The clinical trial must be ongoing when the request for access is made. The research participant must also be advised of his/her right to be provided access to the Research Information once the clinical trial is completed. The investigation must, however, maintain a high level of ethical consideration for the welfare of the research participants and provide access in the appropriate circumstances. While conducting a clinical trial, the investigator shall comply with the limited scope of permissible uses and disclosures for the Research Information. Additionally, the investigator shall be allowed certain disclosures of PHI relevant to a clinical trial, including disclosures to public health agencies, health oversight agencies and persons required or directed to report information to the Federal Drug Administration and the Office of Human Research Protection. Any such parties should be identified in the HIPAA authorization. Unless an investigator is conducting a review preparatory to a research study (discussed below), he/she must obtain an authorization prior to reviewing previously collected PHI in connection with treatment, to determine an individual s eligibility for participation in research. Since, however, Winthrop-University Hospital can disclose PHI to the individual who is the subject of the PHI, a Winthrop-University Hospital physician may discuss the option of enrolling in a research study without first obtaining a research authorization or waiver of the authorization requirement by either the WUH IRB or Western IRB. Once the PHI needs to be disclosed to a third-party investigator for the purposes of recruitment into the research study, Winthrop- University Hospital must obtain an authorization or waiver of authorization (as discussed in Section G below). Compound Authorizations. Generally, both the WUH IRB and Western IRB will require an authorization for the use or disclosure of PHI in a research study (e.g., research authorization) be combined with an informed consent document for the same research to create a compound authorization.
5 At times and only when approved by the WUH IRB or Western IRB, as appropriate, a research authorization may be separate from the Informed Consent document or an authorization combined with an authorization for a different purpose, except for an authorization for the disclosure of psychotherapy notes; provided, however, that with such a compound authorization, the provision of treatment of the research participant cannot be conditioned on the signing of authorization. For further discussion of compound authorizations, see Winthrop-University Hospital Policy on Authorizations for Uses and Disclosures of Patient Information. For Winthrop-University Hospital purposes, a research authorization should only be separate from an Informed Consent document in special circumstances as specifically approved by the WUH IRB or Western IRB, as appropriate, in connection with their review of the proposed research study, as discussed in Section I below. C Review Preparatory to Future Research. An investigator can conduct a review of PHI in preparation for future research without first obtaining a research authorization. Before conducting any such preparatory review, however, the investigator shall obtain approval from the WUH IRB, as described in this Section C. All such preparatory review requests shall be made in writing to the WUH IRB. Before approving any preparatory review request, the WUH IRB shall obtain from the investigator written and signed documentation of the following representations: 1 The use and disclosure of the individually identifiable health information is necessary to the future research. 2 The individually identifiable health information will be reviewed solely for the narrow purpose of preparing for the future research. 3 No individually identifiable health information will be removed from its source by the investigator in the course of the preparatory review (although information can be recorded in de-identified form). The purpose of each preparatory review shall be either to aid in the development of a research hypothesis and/or to aid the recruitment of research participants. All approvals of preparatory research shall be documented and if the preparatory review results in a disclosure of an individual s individually identifiable health information, it shall be tracked and documented as a disclosure. The WUH IRB shall rely on representations of the investigator that the review is being conduct solely in preparation for a research study. D Research Involving a Deceased Individual. An investigator can use and disclose PHI of a deceased person for research purposes without first obtaining a research authorization. Before conducting any such research study, however, the investigator must obtain approval from the WUH IRB. All such research requests shall be made in writing to the WUH IRB. Before approving any such research request, the WUH IRB shall obtain in writing from and signed by the investigator the following representations: 1 The use and disclosure of the individually identifiable health information contained in the medical records is necessary for research purposes.
6 2 The use or disclosure is sought solely for research of individually identifiable health information of deceased persons. Before approving any such research request, the WUH IRB may request documentation of the death of each research subject from the investigator. All approvals of research studies involving deceased persons shall be documented and each disclosure of an individual s PHI shall be tracked and documented. The WUH IRB may rely on representations of the investigator that the research solely involves deceased person(s). E Limited Data Sets. Where, in conducting a research study, an investigator uses health information to create a limited data set, the investigator will not be required to obtain a research authorization provided the investigator obtains a data use agreement from any intended recipient of the limited data set. Before utilizing a limited data set in connection with a research study, the investigator should consult Winthrop-University Hospital Policy on Deidentifying and Re-identifying Patient Health Information and Creation of a Limited Data Sets regarding the method and means he/she intends to employ in creating the limited data set. The investigator must also utilize only a Winthrop-University Hospital approved form of data use agreement in connection with the disclosure of the limited data set and must obtain approval of the WUH IRB prior to using the limited data set. 1 A limited data set is a set of protected health information from which all of the following direct identifiers of the individual and relatives, employers, or household members of the individual have been removed: a. Names; b. Postal address information, other than town or city, State, and zip code; c. Telephone numbers; d. Fax number; e. Electronic mail addresses; f. Social security numbers; g. Medical records numbers; h. Health plan beneficiary numbers; i. Account numbers; j. Certificate or license numbers; k. Vehicle identifiers or serial numbers, including license plate numbers; l. Device identifier or serial number;
7 m. Web universal resource locators (URL s); n. Internet protocol (IP) address numbers; o. Biometric identifiers, including finger and voice prints; and p. Full face photographic images. 2 The data use agreement will list the purposes for which the recipient of the limited data set can use the patient information and provide the WUH IRB and Winthrop-University Hospital with satisfactory assurance that the recipient of the limited data set will only use or disclose the patient information for the purposes listed. Each data use agreement must contain the following: a. A statement indicating whether the limited data set was created for research, public health or health care operations; b. A statement of the purposes for which the recipient can use or disclose the patient information being provided in the limited data set. These purposes must be consistent with the reason the data use set was originally created in (1); c. A list of the names of all individuals or entities being provided permission to receive the limited data set under the data use agreement; d. A statement that the recipient agrees not to use or further disclose the patient information in the limited data set other than as agreed to in the data use agreement or as requirement by the law; e. A statement that the recipient agrees to use appropriate safeguards to prevent the use or disclosure of the patient information in the limited data set in any manner other than as agreed to in the data use agreement; f. A statement that the recipient agrees to report to the WUH IRB if it becomes aware of any use or disclosure of the patient information in the limited data set outside of the agreed upon uses in the limited data set; g. A statement that the recipient agrees to ensure any agents, including any subcontractors, who it provides the limited data set to will follow the same restrictions and conditions with respect to the use, disclosure and protection of the data use set; h. A statement that the recipient agrees to not identify the information in the limited data set or attempt to contact the individuals; and i. A statement that Winthrop-University Hospital can terminate the data use agreement and use of the limited data set by the recipient if it becomes aware of any pattern of behavior or activity or practice of the recipient which materially breaches or violates the data use agreement. The statement should further indicate Winthrop-University
8 Hospital will report any such breach or violation to the Secretary of the Department of Health and Human Services. Winthrop-University Hospital requires that the investigator continue to comply with the Hospital's minimum necessary policies, procedures and requirements in using and disclosing the patient information included in the limited data set. F De-identified Information. Where, in conducting a research study, an investigator uses health information that has been rendered not individually identifiable or de-identified, the investigator will not be required to obtain a research authorization. The goal of de-identification of health information is to reduce the possibility that the de-identified information can be cross-referenced with other identifiable information in order to link a de-identified health record with an individual. 1 Health information may be determined to not be individually identifiable or deidentified health information if the investigator removes the identifiers of the individual or the relatives, employers, or household members of the individual that are specified below from the health information. 2 In order to de-identify health information, all of the following specified information must be removed from the research records: a. Names; b. All geographic subdivisions small than a state, except for 3-digit zip codes (e.g., address); c. All elements of dates except the year (e.g. birth date, admission date, discharge date, date of death and all ages over 89); d. Telephone numbers; e. Fax numbers; f. Electronic mail addresses; g. Social security numbers; h. Medical records numbers; i. Health plan beneficiary numbers; j. Account numbers; k. Certificate or license numbers; l. Vehicle identifiers or serial numbers, including license plate numbers;
9 m. Device identifier or serial number; n. Web universal resource locators (URL s); o. Internet protocol (IP) address numbers; p. Biometric identifiers, including finger and voice prints; q. Full face photographic images; and r. Other unique identifying number, characteristics, or code (e.g. tissue or DNA samples), excluding a re-identification code created as provided below. Other identifying information which the investigator should also consider removing includes family information, employment information, race, religion and ethnic information, and medical diagnosis that directly or indirectly identifies an individual. Before deciding to deidentify health information in connection with a research study, the investigator should consult Winthrop-University Hospital Policy on De-identifying and Re-identifying Patient s Health Information and Creation of Limited Data Sets regarding the method and means he/she intends to employ in performing the de-identification and obtain the approval of the WUH IRB. Additionally, the investigator may create a code that allows him/her to re-identify health information, provided that: The code is not derived from or related to information about the individual; The code is not capable of being translated so as to identify the individual; and The code or mechanism for re-identification is not used for any other purpose than reidentification of the health information. Before deciding to re-identify health information in connection with a research study, the investigator should consult Winthrop-University Hospital Policy on De-identifying and Re-identifying Patient s Health Information and Creation of Limited Data Sets regarding the method and means he/she intends to employ in performing the reidentification and obtain the approval of the WUH IRB. Any re-identification code should comply with Winthrop-University Hospital Policy on De-identifying and Reidentifying Patient s Health Information and Creation of Limited Data Sets and should be approved by the WUH IRB. G Alteration or Waiver of Authorization. An investigator may obtain an alteration or waiver of the authorization requirement for the use and disclosure of individually identifiable health information. The investigator must obtain either the WUH IRB or the Western IRB approval of any such alteration or waiver request. All such alteration or waiver requests shall be made in writing to the WUH IRB or the Western IRB. In connection with a request for approval of an alteration or a waiver of the authorization requirement for proposed research, the WUH IRB or
10 the Western IRB shall consider whether the proposed research study satisfies the following criteria: 1 The use or disclosure of individually identifiable health information will involve no more than a minimal risk to the privacy of the research participants based on the presence of the following elements: a. An adequate plan exists to protect the identifiers from improper use and disclosure; b. An adequate plan exists to destroy the identifiers at the earliest opportunity consistent with conduct of the research unless there is a health or research justification that makes retention necessary or such retention is otherwise required by law; and c. There are adequate written assurances that the individually identifiable health information will not be reused or disclosed to any other person or entity, except as required by law, for authorized oversight of the proposed research, or for other research for which use or disclosure of individually identifiable health information is permitted by HIPAA. 2 The proposed research study could not practicably be conducted without waiver or alteration of authorization. 3 The proposed research study could not practicably be conducted without access to and use of the individually identifiable health information. 4 Upon any approval of an alteration or waiver request, the WUH IRB shall prepare a written approval statement which: a. Identifies the WUH IRB or the Western IRB, as appropriate; b. Indicates the date on which the alteration or waiver of authorization was approved; c. States that the WUH IRB or the Western IRB, as appropriate has determined the alteration or waiver of authorization for the proposed research study satisfies all the criteria listed above; d. provides a brief description of the individually identifiable health information for which use or access has been determined by the WUH IRB or the Western IRB, as appropriate, to be necessary; and e. specifies whether action was taken by the WUH IRB or Western IRB under normal or expedited review procedures. This written approval statement will be signed by Chairman of the WUH IRB or Western IRB or his/her designee. The WUH IRB and Western IRB regularly approve conducting research through the waiver of the authorization requirement. As a result, Winthrop University Hospital routinely
11 uses and discloses individually identifiable health information for research purposes without obtaining an authorization and Winthrop-University Hospital is required to include a statement in its general HIPAA Notice advising patients of this practice. H HIPAA Notice. HIPAA requires that each patient receive a written notice that describes Winthrop University Hospital s privacy practices, the patient s individual rights under HIPAA, and the types of uses of PHI that may be made. Where a patient participating in a research study is receiving treatment, investigators shall use the appropriate Winthrop-University Hospitaldesignated HIPAA Privacy Notice form for healthcare services provided by Winthrop University Hospital personnel and/or, as applicable, the privacy notice developed for any facility or organized healthcare arrangement involved in the treatment of the patient (e.g., a hospital, clinic or physician office). Each investigator shall also make a good faith attempt to obtain an acknowledgment of the privacy notice from the research participant prior to commencing treatment. If this acknowledgment does not cover the investigator or the investigator is providing healthcare services outside of Winthrop University Hospital, the investigator should obtain a separate acknowledgment as well. In either case, where the investigator cannot obtain an acknowledgment executed by the participant in the clinical trial, such failure shall be documented by the investigator in the appropriate medical record, along with the reason for the failure (e.g., the research participant refused to execute the acknowledgment). I WUH IRB Review. As a Privacy Board for Winthrop University Hospital under HIPAA, the WUH IRB meets the composition requirements under the Common Rule. The WUH IRB will also follow the voting requirements of the Common Rule or the expedited review procedures of the Common Rule. Under Winthrop University Hospital policy, all investigators interested in conducting human research studies, except those human research studies sponsored by pharmaceutical companies and involving outpatients of Winthrop University Hospital, are required to submit their research requests to the WUH IRB for review and approval. In connection with HIPAA, the WUH IRB shall include in its review of each research request or proposed research study, which already includes a review of the protocol and informed consent form to be used in connection with the proposed research study, a review of each of the following, where applicable, (i) the research authorization, (ii) the HIPAA notice and acknowledgment, (iii) requests for the alteration or waiver of authorization, (iv) requests to conduct preparatory research reviews; (v) methods of creating a limited data set or de-identifying information; (vi) a data use agreement; and (vii) requests to conduct research involving a deceased individual s health information. In any event however, all, requests to (i) conduct preparatory research reviews; (ii) review methods of creating a limited data set or de-identifying information; (iii) review a data use agreement; and (iv) conduct research involving a deceased individual s health information shall be reviewed by the WUH IRB and not the Western IRB. Whenever possible, the WUH IRB shall ensure that an investigator use the standard WUH IRB Consent form language which includes the information required by HIPAA and the HIPAA compliant notice and acknowledgment approved by Winthrop University Hospital. For HIPAA purposes, Winthrop University Hospital shall rely on the WUH IRB s representation that a research protocol meets HIPAA documentation and minimum necessary requirements (where applicable).
12 J Western IRB Review. As a Privacy Board for Winthrop University Hospital under HIPAA, the Western IRB meets the composition requirements under the Common Rule. The Western IRB will also follow the voting requirements of the Common Rule or the expedited review procedures of the Common Rule. Under Winthrop University Hospital policy, all investigators interested in conducting human research studies, which involve outpatients of Winthrop University Hospital and are sponsored by pharmaceutical companies, are required to submit their research requests to the Western IRB for review and approval. In connection with HIPAA, the Western IRB shall include in its review of each research request or proposed research study, which already includes a review of the protocol and informed consent form to be used in connection with the proposed research study, a review of each of the following, where applicable, (i) the research authorization, (ii) the HIPAA notice and acknowledgment, and (iii) requests for the alteration or waiver of authorization. Whenever possible, the Western IRB shall ensure that an investigator use the standard Winthrop University Hospital Consent form language, which includes the information required by HIPAA. The Western IRB shall always ensure the investigator utilizes the HIPAA compliant notice and acknowledgment approved by Winthrop University Hospital. For HIPAA purposes, Winthrop University Hospital shall rely on the Western IRB s representation that a research protocol meets HIPAA documentation and minimum necessary requirements (where applicable). K Training. All members of the research workforce of Winthrop University Hospital shall participate in a HIPAA training program. The HIPAA training program for members of the research workforce of Winthrop University Hospital shall include both HIPAA basics training and research specific training. HIPAA basics training shall cover general privacy and general security requirements under HIPAA and shall be conducted as described in [Insert Name of Winthrop University Hospital Policy on Training]. 1 Research Specific Training. The research specific portion of the HIPAA training for the research workforce shall include: a. The research specific HIPAA rules and processes discussed under this Policy; b. Policies and procedures for the management of information collected by the research workforce when conducting research; c. Compliance procedures; d. Policies and procedure for the maintenance of research information, including both paper and computer electronic records; and e. Policies and procedures regarding computer security. 2 WUH IRB. Members of the WUH IRB shall undergo the same training as the researchers. In addition, they shall be trained in their specific responsibilities under HIPAA including: a. The specific elements of a HIPAA authorization;
13 b. The necessary additions to consents and notices under HIPAA; c. The elements to be reviewed when considering an alteration or waiver of authorization; d. The other exceptions to authorization including reviews preparatory to research and research involving deceased individuals; e. The steps necessary to de-identify information under HIPAA; and f. The steps necessary to create a limited data set for research purpose and the requirements of a data use agreement. 3 Western IRB. Members of the Western IRB shall conduct training sufficient to ensure they are competent to perform these specific responsibilities under HIPAA and meet the nursing requirements of HIPAA.
University of Mississippi Medical Center Office of Integrity and Compliance
Office of Integrity and Effective Date: 2005 By: Committee 1.0 PURPOSE The purpose of this policy is to guide (UMMC) employees, who are involved with research, in obtaining an authorization for the use
HIPAA COMPLIANCE. What is HIPAA?
HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used
HIPAA COMPLIANCE INFORMATION. HIPAA Policy
HIPAA COMPLIANCE INFORMATION HIPAA Policy Use of Protected Health Information for Research Policy University of North Texas Health Science Center at Fort Worth Applicability: All University of North Texas
HIPAA-Compliant Research Access to PHI
HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for
4. No accounting of disclosures is required with respect to disclosures of PHI within a Limited Data Set.
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Limited Data Sets and Data Use Agreements 10200 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel
HIPAA Medical Billing Requirements For Research
The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy June 2008 Table of Contents PART V: The Health Insurance Portability and Accountability Act (HIPAA)...
HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS
HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS SCOPE OF POLICY: What Units Are Covered by this Policy?: This policy applies to the following units
HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets
HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information
What is Covered under the Privacy Rule? Protected Health Information (PHI)
HIPAA & RESEARCH What is Covered under the Privacy Rule? Protected Health Information (PHI) Health information + Identifier = PHI Transmitted or maintained in any form (paper, electronic, forms, web-based,
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy
Health Insurance Portability & Accountability Act (HIPAA) Compliance Application
Health Insurance Portability & Accountability Act (HIPAA) Compliance Application IRB Office 101 - Altru Psychiatry Center 860 S. Columbia Rd, Grand Forks, North Dakota 58201 Phone: (701) 780-6161 PROJECT
What is Covered by HIPAA at VCU?
What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,
The HIPAA privacy rule and long-term care : a quick guide for researchers
Scholarly Commons at Miami University http://sc.lib.miamioh.edu Scripps Gerontology Center Scripps Gerontology Center Publications The HIPAA privacy rule and long-term care : a quick guide for researchers
Administrative Services
Policy Title: Administrative Services De-identification of Client Information and Use of Limited Data Sets Policy Number: DHS-100-007 Version: 2.0 Effective Date: Upon Approval Signature on File in the
Health Insurance Portability and Accountability Policy 1.8.4
Health Insurance Portability and Accountability Policy 1.8.4 Appendix C Uses and Disclosures of PHI Procedures This Appendix covers procedures related to Uses and Disclosures of PHI. Disclosures to Law
Children's Hospital, Boston (Draft Edition)
Children's Hospital, Boston (Draft Edition) The Researcher's Guide to HIPAA Evervthing You Alwavs Wanted to Know About HIPAA But Were Afraid to Ask 1. What is HIPAA? 2. What is the Privacy Rule? 3. What
UPMC POLICY AND PROCEDURE MANUAL
UPMC POLICY AND PROCEDURE MANUAL POLICY: INDEX TITLE: HS-EC1807 Ethics & Compliance SUBJECT: Honest Broker Certification Process Related to the De-identification of Health Information for Research and
HIPAA Privacy Compliance Plan for Research. University of South Alabama IRB Guidance and Procedures
HIPAA Privacy Compliance Plan for Research University of South Alabama IRB Guidance and Procedures Office of Research Compliance and Assurance CSAB 140 460-6625 Adopted: 4/2/2003 2 HIPAA PRIVACY COMPLIANCE
Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule
AA Privacy RuleP DEPARTMENT OF HE ALTH & HUMAN SERVICES USA Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule NIH Publication Number 03-5388 The HI Protecting Personal
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association DISCLAIMER This general information fact sheet is made available
Limited Data Set Background Information
Limited Data Set Background Information 1. A limited data set is protected health information that excludes certain identifiers but permits the use and disclosure of more identifiers than in a de-identified
HIPAA-G04 Limited Data Set and Data Use Agreement Guidance
HIPAA-G04 Limited Data Set and Data Use Agreement Guidance GUIDANCE CONTENTS Scope Reason for the Guidance Guidance Statement Definitions ADDITIONAL DETAILS Additional Contacts Web Address Forms Related
IRB Application for Medical Records Review Request
Office of Regulatory Research Compliance Institutional Review Board FORM B1 : Medial Records Review Application FORM B1 IRB Application for Medical Records Review Request Principal Investigator: Email:
HIPAA and Research Ethics
[B3] How IRBs are Implementing HIPAA: Finding the Best Fit for Your Institution The 18 th Annual Meeting of the Applied Research Ethics National Association 1 Faculty John Falletta, MD Duke University
SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training
SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative
UPMC POLICY AND PROCEDURE MANUAL
UPMC POLICY AND PROCEDURE MANUAL POLICY: INDEX TITLE: HS-EC1611 Ethics & Compliance SUBJECT: Use and Disclosure of Protected Health Information (PHI) For Research Purposes Pursuant to the HIPAA Privacy
HIPAA Basics for Clinical Research
HIPAA Basics for Clinical Research Audio options: Built-in audio on your computer OR Separate audio dial-in: 415-930-5229 Toll-free: 1-877-309-2074 Access Code: 960-353-248 Audio PIN: Shown after joining
HIPAA OVERVIEW ETSU 1
HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health
How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008
How to De-identify Data Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 1 Outline The problem Brief history The solutions Examples with SAS and R code 2 Background The adoption
HIPAA Privacy Officer Sonya Middleton. HIPAA Security Officer Joan Kellner
HIPAA Privacy Officer Sonya Middleton HIPAA Security Officer Joan Kellner Humboldt Workshop & Residential Services, Inc., mc, INC. POLICIES FOR PROTECTION OF THE PRIVACY OF PROTECTED HEALTH INFORMATION
January 2003. Employers must be prepared for their obligations under the HIPAA Privacy Rules
Employer Sponsored Group Health Plans and the HIPAA Privacy Rules Employers must be prepared for their obligations under the HIPAA Privacy Rules January 2003 Bob Radecki KnowHIPAA.com HIPAA-COBRA-FMLA
Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT
Section C: Data Use Agreement Illinois Department of Healthcare and Family Services And DATA USE AGREEMENT This Data Use Agreement (the Agreement ) is effective as of (the Agreement Effective Date ) by
Standard Operating Procedures for Research Involving Human Subjects
Section I: Introduction v07/2015 Standard Operating Procedures Indiana University and its affiliates are dedicated to protecting the rights and welfare of human participants recruited to participate in
Memorandum. Factual Background
Memorandum TO: FROM: SUBJECT: Chris Ianelli and Jill Mullan, ispecimen, Inc. Kristen Rosati and Ana Christian, Polsinelli, PC ispecimen Regulatory Compliance DATE: January 26, 2014 You have asked us to
[Insert Name and Address of Data Recipient] Data Use Agreement. Dear :
[Insert Name and Address of Data Recipient] Re: Data Use Agreement Dear : The federal Health Insurance Portability and Accountability Act and the regulations promulgated thereunder (collectively referred
Gaston County HIPAA Manual
Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.
HIPAA Policies and Procedures
HIPAA Policies and Procedures William T. Chen, MD, Inc. General Rule 164.502 A Covered Entity may not use or disclose PHI except as permitted or required by the privacy regulations. Permitted Disclosures:
HIPAA Privacy Rule Primer for the College or University Administrator
HIPAA Privacy Rule Primer for the College or University Administrator On August 14, 2002, the Department of Health and Human Services ( HHS ) issued final medical privacy regulations (the Privacy Rule
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.
Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy Use and Disclosure of Psychotherapy Notes 10130
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy Use and Disclosure of Psychotherapy Notes 10130 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel &
SOP Number: OCR-HIP-001 Effective Date: August 2013 Page 1 of 5
Title: HIPAA Research Policy: General Nova Southeastern University Standard Operating Procedure for GCP Version # 1 SOP Number: OCR-HIP-001 Effective Date: August 2013 Page 1 of 5 PURPOSE: Federal privacy
Business Associate Agreement
Business Associate Agreement This Agreement is entered into as of ("Effective Date"), between ( Covered Entity ), and ( Business Associate ). RECITALS WHEREAS, Business Associate provides services on behalf
Legal Insight. Big Data Analytics Under HIPAA. Kevin Coy and Neil W. Hoffman, Ph.D. Applicability of HIPAA
Big Data Analytics Under HIPAA Kevin Coy and Neil W. Hoffman, Ph.D. Privacy laws and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule can have a significant
Statement of Policy. Reason for Policy
Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions
De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "
De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " " D even McGraw " Director, Health Privacy Project January 15, 201311 HIPAA Scope Does not cover all health data Applies
UCSF and Data Contributor are hereinafter also referred to individually as Party and collectively as Parties.
DATA USE AGREEMENT This Data Use Agreement ( Agreement ) is entered into by and between The Regents of the University of California, on behalf if its San Francisco campus ( UCSF or Data User ), and [full
HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES
SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):
BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information
BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements
BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE
BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE Lewis & Clark College and Allegiance Benefit Plan Management, Inc., (jointly the Parties
HIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS. Exhibit B Notice of Privacy Practices pages B-1 to B-4
HIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS HIPAA Privacy Policy pages 2 to 12 Exhibit A HIPAA Privacy Regulations pages A-1 to A-89 Exhibit B Notice of Privacy Practices pages B-1 to B-4 Exhibit
HIPAA: Open Research Issues Michael L. Blau, Esq. McDermott, Will & Emery
HIPAA: Open Research Issues Michael L. Blau, Esq. McDermott, Will & Emery Research A. General Rules. There are four pathways for covered entities ( CEs ) to obtain permission under the Health Insurance
HIPAA POLICY PROCEDURE GUIDE
HIPAA POLICY & PROCEDURE GUIDE HEALTH INFORMATION MANAGEMENT DEPARTMENT Office of Compliance & Audit Services - 1 - Table of Contents I. Patient Requests for Medical Records: Page 3 II. Other Requests
DATA USE AGREEMENT RECITALS
DATA USE AGREEMENT This Data Use Agreement (the Agreement ), effective as of the day of, 20, is by and between ( Covered Entity ) and ( Limited Data Set Recipient or Recipient ) (collectively, the Parties
Application for an Off-Site Tissue Banking Waiver at a Non-Profit or Academic Institution
Application for an Off-Site Tissue Banking Waiver at a Non-Profit or Academic Institution INSTRUCTIONS This form may be filled in and saved using Adobe Reader version 7.0 or higher. The full version of
HIPAA Data Use Agreement Policy R&G Template Updated for Omnibus Rule HIPAA DATE USE AGREEMENT 1
HIPAA DATE USE AGREEMENT 1 This Data Use Agreement (the "Agreement") is effective as of (the "Agreement Effective Date") by and between ("Covered Entity") and ("Data User"). RECITALS WHEREAS, Covered Entity
PROTECTED HEALTH INFORMATION AND THE JHSPH
PROTECTED HEALTH INFORMATION AND THE JHSPH The Health Insurance Portability and Accountability Act (HIPAA) protects individually identifiable health information, or Protected Health Information ( PHI ),
YALE UNIVERSITY RESEARCHER S GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996 Handbook
YALE UNIVERSITY RESEARCHER S GUIDE TO HIPAA Health Insurance Portability and Accountability Act of 1996 Handbook Table of Contents I. INTRODUCTION... 2 What is HIPAA?... 2 What is PHI?... 2 II. HIPAA s
HENRY COUNTY POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA
HENRY COUNTY POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA 1 Amended January 23, 2014 This HIPAA compliance manual was prepared for the
A. HIPAA Privacy Authorizations and Exceptions for Use of Identifiable Protected Health Information
Protected Health Information and the JHSPH The Health Insurance Portability and Accountability Act (HIPAA) protects individually identifiable health information, or Protected Health Information ( PHI ),
LIMITED DATA USE AGREEMENT
LIMITED DATA USE AGREEMENT THIS LIMITED DATA USE AGREEMENT ("LDU Agreement") is made and entered into as of this day of, (the "Effective Date") by and between University of South Alabama Hospitals (hereinafter
Health Insurance Portability and Accountability Act (HIPAA) Privacy Compliance Plan
POLICY # : 90 AREA: Agency AFFECTED DIVISION: All Divisions EFFECTIVE DATE OF BOARD APPROVAL: September 25, 2013 Executive Director Board President Health Insurance Portability and Accountability Act (HIPAA)
DALLAS ALLERGY & ASTHMA CENTER
DALLAS ALLERGY & ASTHMA CENTER Gary N. Gross, MD Michael E. Ruff, MD 5499 Glen Lakes Dr., Suite 100 Dallas, TX 75231 Dania A. Wierzbicki, MD Phone: (214) 691-1330 Jane Zepeda, PA-C FAX: (214) 691-6405
HIPAA and You The Basics
HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information
PEPPERDINE UNIVERSITY HIPAA Policies Procedures and Forms Manual
PEPPERDINE UNIVERSITY HIPAA Policies Procedures and Forms Manual 1 Table of Contents I. INTRODUCTION... 4 A. GENERAL POLICY... 4 B. SCOPE... 4 II. DEFINITIONS... 5 III. GENERAL POLICIES AND PROCEDURES...
Burn Model Systems National Data and Statistical Center STANDARD OPERATING PROCEDURE 601. Data Use Agreement
Data Use Agreement This Data Use Agreement (the Agreement ) is effective as of [month, day, year] (the Agreement Effective Date ) until [month, day, year] (the Agreement Termination Date ) by and between
HIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc.
2013 HIPAA Privacy and Security Frequently Asked Questions for Employers Gallagher Benefit Services, Inc. Disclaimer We share this information with our clients and friends for general informational purposes
State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual
State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual Updated 9/17/13 1 Overview As of April 14, 2003, the State of Connecticut Department of Social Services (DSS) is
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION
HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION HILLSDALE COLLEGE HEALTH AND WELLNESS CENTER Policy Preamble This privacy policy ( Policy ) is designed to address the Use and Disclosure
North Shore LIJ Health System, Inc. Facility Name
North Shore LIJ Health System, Inc. Facility Name POLICY TITLE: The Medical Record POLICY #: 200.10 Approval Date: 2/14/13 Effective Date: Prepared by: Elizabeth Lotito, HIM Project Manager ADMINISTRATIVE
APPENDIX 1: Frequently Asked Questions
APPENDIX 1: Frequently Asked Questions Practice Name Q: What is the HIPAA Privacy Rule? A: The HIPAA Privacy Rule controls the use and disclosure of what is known as Protected Health Information (PHI).
HIPAA means the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191.
HIPAA Data Use Agreement 1 Revision Date: This Data Use Agreement (the Agreement ) is entered into by and between Yale University ( Covered Entity ) and ( Data User ), collectively, the Parties, and shall
HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant
HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability
2010 i2b2/va Challenge Rules of Conduct
2010i2b2/VAChallengeRulesofConduct The2010i2b2/VAChallengeisasharedtask.Theformatofthesharedtaskandtheprinciples whichbindtheparticipantsofthissharedtaskareasfollows: 1.Inordertosupportthesharedtask,i2b2andVAwillprovidetheparticipantswithdatafrom
Texas A&M School of Public Health HIPAA Privacy Compliance Manual For Researchers
Texas A&M School of Public Health HIPAA Privacy Compliance Manual For Researchers Final: Approved by the SPH Executive Committee, 01/12/2016 1 Table of Contents INTRODUCTION... 3 PURPOSE... 4 LEGAL STATUS
HIPAA-P01 Uses and Disclosures of Protected Health Information Policy
HIPAA-P01 Uses and Disclosures of Protected Health Information Policy FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions Sanctions ADDITIONAL DETAILS Additional Contacts Web Address
Extracting value from HIPAA Data James Yaple Jackson-Hannah LLC
Extracting value from HIPAA Data James Yaple Jackson-Hannah LLC Session Objectives Examine the value of realistic information in research and software testing Explore the challenges of de-identifying health
CancerLinQ Data Quality Management Policies
CancerLinQ Data Quality Management Policies I. Introduction CancerLinQ is committed to conquering cancer through appropriate, secure and ethical usage of health information entrusted to the CancerLinQ
UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE. No: Supersedes Date: Distribution: Issued by:
UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE Subject: ALCOHOL & SUBSTANCE ABUSE INFORMATION Page 1 of 10 No: Prepared by: Shoshana Milstein Original Issue Date: NEW Reviewed by: HIPAA Policy
The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices
The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL
SOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX 76092 www.southlakedermatology.com Main 817-251-6500 Fax 817-442-0550
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. EFFECTIVE September 15, 2014 This Notice of
VENDOR / CONTRACTOR. Privacy Basics
VENDOR / CONTRACTOR Privacy Basics Introduction Premera s mission is to provide our customers with peace of mind about their healthcare. This requires that everyone who works with or for Premera (the Company
THE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY
THE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY Table of Contents I. Overview... 3 II. Legal Authority for NHCS... 3 III. Requirements of the HIPAA Privacy Rule... 3 IV. Extra Safeguards and
Model Business Associate Agreement
Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model
Northwest Cardiology Associates 400 W. Northwest Hwy Barrington, IL 60010 847.382.4600 Fax 847.382.1771. HIPAA Notice of Privacy Practices ( Notice )
Northwest Cardiology Associates 400 W. Northwest Hwy Barrington, IL 60010 847.382.4600 Fax 847.382.1771 HIPAA Notice of Privacy Practices ( Notice ) THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY
HIPAA Compliance Issues and Mobile App Design
HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies
HIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
HIPAA Privacy Policies & Procedures
HIPAA Privacy Policies & Procedures This sample HIPAA Privacy Policies & Procedures document will help you with your HIPAA Privacy compliance efforts. This document addresses the basics of HIPAA Privacy
Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development
Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health Pam Jager, GRMEP Director of Education & Development To understand the requirements of the federal Health Information Portability
Virginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES
NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT
NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019
Effective Date: 5/18/15 NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
HIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
BUSINESS ASSOCIATE AGREEMENT FOR ATTORNEYS
BUSINESS ASSOCIATE AGREEMENT FOR ATTORNEYS This Business Associate Agreement (this Agreement ), is made as of the day of, 20 (the Effective Date ), by and between ( Business Associate ) and ( Covered Entity
MCDONOUGH CENTER FOR FAMILY DENTISTRY, LLC
MCDONOUGH CENTER FOR FAMILY DENTISTRY, LLC HIPAA Privacy Policies & Procedures & HIPAA Security Policies & Procedures TABLE OF CONTENTS 1. PROTECTED HEALTH INFORMATION (PHI) 2. HIPAA PRIVACY POLICIES &
Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031
The Health Insurance Portability and Accountability Act (HIPAA) and Client Privacy Statement This notice describes how your medical information may be used and disclosed and how you can get access to this
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
HIPAA SELF STUDY TRAINING GUIDE
HIPAA SELF STUDY TRAINING GUIDE I have received the LifeWays HIPAA SELF STUDY TRAINING GUIDE. I understand that I will be accountable for the information contained in the guide. If I have questions I may