Date Revised: January 25, 2008; January 23, 2009; March 17, 2010; January 7, 2011; February 27, 2012; July 30, 2013 Date of Last Cyclic Review:
|
|
- Damon Pitts
- 8 years ago
- Views:
Transcription
1 Policy Level: Policy Title: Policy Number: UW Medicine Compliance PP-20a - Access Management 20a Date Established: September 28, 2007 Date Revised: January 25, 2008; January 23, 2009; March 17, 2010; January 7, 2011; February 27, 2012; July 30, 2013 Date of Last Cyclic Review: Purpose To meet minimum necessary requirements, UW Medicine uses role-based access to enterprise-wide information systems that contain Protected Health Information (PHI). This document outlines: Making decisions for appropriate user access (including clearly defined PHI-sharing relationships with partners, external healthcare professionals, referrals, contractors, regulators, and insurers) The roles and responsibilities of groups and individuals within UW Medicine; Maintenance of documentation of user roles and privileges Definitions Access: The ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource. Allscripts: Generic term used for the suite of applications used by Northwest Hospital employed Physicians for their ambulatory electronic health records from the vendor Allscripts, LLC. Amalga: UW Medicine's name for our clinical data repository using Microsoft s Amalga Unified Intelligence System, a data aggregation platform which integrates data from many unrelated medical systems designed to retrieve and display patient information from many sources in one enterprise platform in order to provide an immediate, updated composite portrait of the patient s healthcare information Amalga Collection: A group of data, applications, databases or reports defined to allow a single rule for access privileges to all elements in the group. Amalga Collection Operator: The Collection Owner may designate a Collection Operator as the individual who will add or subtract users from the Collection s authorization list. 1
2 Amalga Collection Owner: Individual authorized by CDROC to be responsible for of the management of a collection of data, applications, databases or reports based on data from Amalga. Amalga System Level User - Affiliated Developer: Expert database developers who have been authorized by an Amalga System Owner to create reports and applications in the Amalga system or in one of the report distribution mechanisms. Each Affiliated Developer will be trained in use of the Amalga system and in compliance issues Consolidated Decision Support: A coordinated effort between UWMC, HMC & UW Medicine IT Services to create demographic and distribution databases using a common approach which consolidates various source data. (System examples include: Horizon Business Insight (HBI), Horizon Performance Manager (HPM), Cost Manager) Data Repositories (Clinical and Business): A Clinical or Business Data Repository is a near real-time or retrospective suite of databases that consolidates data from a variety of clinical and financial sources to present a unified view of patient information. (Clinical Examples: Amalga, MAP; Business Example HPM, Decision Support) Epic: Generic term used for the suite of applications used by UW Medicine from the vendor Epic (Examples: ASAP, Cadence, EpicCare, EpicWeb, Kaleidoscope Ophthalmology, Prelude, Resolute, and Stork OB) MAP: MasterMIND Access Program was developed at UW Medicine to query the data stored in the MIND database. MINDscape: Web-based application developed at UW Medicine to view of patient information. ORCA: Online Record of Clinical Activity (ORCA) is a UW Medicine EMR that uses Powerchart by the vendor Cerner. PulseCheck: Northwest Hospital Emergency Department information system from vendor PICIS/Ingenix. Soarian: Generic term used for the suite of applications used by Northwest Hospital from the vendor Siemens (includes Clinical Access, Common Clinicals, Charting, and Medication Reconciliation; also includes Soarian E-HIM, Physician Module and Medication Administration Check). System Operator: System operators are formally appointed by and report to system owners. Where required for information systems involving national security information, a system operator shall be an authorized person. The responsibilities of the system operator includes: o Making and being accountable for operational decisions about the use and management of an information system; and o Responsibilities as delegated by system owners. System Owner: System owners are formally appointed by and report to the executive heads of major University organizations or their designee(s). 2
3 The responsibilities of the system owners include: o Manage the confidentiality, integrity, and availability of the information systems for which they are responsible. This shall include developing and implementing a process for managing access to information systems for which they are responsible, and other processes or controls in compliance with University policies on information security and privacy; o Advise executive heads of major University organizations on the financial resources necessary to develop and implement information systems and controls, including those specifically required by grants or contracts; o Maintain critical information system documentation; and o Formally appoint and delegate responsibility to system operators. Workforce: Workforce means faculty, employees, volunteers, trainees, students, and other persons whose conduct, in the performance of work for UW Medicine, is under the direct control of UW Medicine, whether or not they are paid by UW Medicine. Policy I. Roles & Responsibilities for Access to Enterprise Clinical Information Systems A. UW Medicine Patient Privacy Advisory Committee (PPAC) Approves Agreements for Electronic Access to PHI for outside organizations. B. UW Medicine IT Services Security Program Develops and implements policies and guidance related to identification, authentication, and administration of UW Medicine systems. C. UW Technology Establishes and maintains the UW NetID. D. IT Services User Access Administration (UAA) 1. Maintains the user records in the Provider User Maintenance Authority (PUMA). The PUMA database provides the information to most enterprisewide clinical systems for the provisioning of access. 2. Maintains the clinician record in UW Technology Person Registration. 3. Maintains the process ( that Managers or their delegates use to create, modify, or deactivate user privileges. E. IT Services Epic Systems Group 3
4 Maintains the user records in the Epic database. F. IT Services Provider Maintenance Group (PMG) 1. Responsible for maintaining, administering and providing data quality and integrity of healthcare professionals information which is used to determine access to the clinical, financial and administrative systems of UW Medicine. 2. Maintains healthcare professionals signatures for ORCA and MINDscape. G. System Owners System Owners are responsible for identification, authentication, and access administration for their system and for maintaining records of the associated privileges for each role defined within their system. H. Managers 1. Request activations, modifications, and deactivations for approved accounts for workforce members under their supervision. Submit the request for job-related access to IT Services User Access Administration (UAA) or appropriate departmental system access administrators. Promptly report changes in end-user duties or employment status to IT Services User Access Administration ( and any departmental system access administrators to keep system privileges up-to-date and restricted to current job requirements. Examples of reportable changes include promotion, extended leave and separation. 2. Managers are required to maintain documentation on the systems to which workforce members has access. This documentation must be maintained in their personnel/academic file. The UW Medicine Document IT Systems Access for a Member of the Workforce form can be used to document this access. (See Attachment PP-20a Attachment C Document IT Systems Access for a Member of the Workforce) II. Authorizing Users for UW Medicine Clinical Information Systems (Examples: Allscripts, Epic, MINDscape, ORCA, PulseCheck, and Sorian) A. UW Medicine Workforce Access UW Medicine workforce members are provided access to ephi for the purposes of Treatment, Payment, and Healthcare Operations or IRB approved research based on location, department, and job function as 4
5 authorized by their Manager. Requests for access may be made by an authorized delegate, but the authorization responsibility remains with the Manager. Healthcare Professionals (i.e. professionally licensed or certified individuals who provide patient care such as MDs, DOs, DPMs, optometrists, ARNPs, CRNAs, PA-Cs) who are credentialed by UW Medicine Office of Medical Staff Appointments (OMSA), Northwest Hospital Medical Staff Office, or Valley Medical Center Medical Staff Office must be appointed to the medical staff before electronic access to clinical systems is granted. The access provided is based on job title, location, department and medical staff appointment criteria. Accreditation Council of Graduate Medical Education (ACGME) Residents and Fellows must be entered into UW Medicine's Graduate Medical Education's database (currently the Graduate Medical Education Tracking and Billing System - GMETABS) before electronic access to clinical systems is granted. The access provided is based on job title, location, department and medical appointment criteria. B. Organized Healthcare Arrangement (OHCA) Privacy Policy PP-01 Designation of Healthcare Components at the University of Washington, describes the organizations that have entered into an OHCA with UW Medicine. This arrangement allows the workforce members of those organizations to have access to the UW Medicine enterprise clinical information systems for the purposes of joint treatment, payment, and healthcare operations or IRB approved research. These organizations designate individuals that manage user access accounts for their respective workforce. C. Business Associates Contracts for services that require third parties to use and disclose PHI on behalf of UW Medicine must include Business Associate Agreement language (See UW Medicine Privacy Policy: PP-12 Use & Disclosure of Protected Health Information by Business Associates). When a contract requires that individuals from third parties need electronic access to enterprise clinical information systems these individuals are required to follow the terms of the Business Associate Agreement and sign the Business Associate Privacy, Confidentiality, and Information Security Agreement. (Please see PP20A- Attachment E Non-UW Medicine Workforce Privacy, Confidentiality, and Information Security Agreement). The UW Medicine Administrator/Director/Manager who holds the contract and oversees the work is responsible for documentation maintenance and access authorization. 5
6 D. Contractual Agreements for Access to Electronic PHI Under certain criteria, the Patient Privacy Advisory Committee (PPAC) may approve other healthcare organizations to have access to enterprise clinical information systems. Users privileges are granted according to the contractual agreement. (Please see PP20A-Attachment B Privacy, Confidentiality and Information Security Agreement - Pursuant to an Agreement for Electronic Access to PHI). E. Referring Healthcare Professionals UW Medicine may provide access through U-Link to enterprise clinical information systems to healthcare professionals for purposes of treatment. Each community healthcare professional is required to sign an agreement with the Physician Liaison Office. (See UW Medicine Privacy Policy: PP-20a Attachment D UW Medicine U-Link Program Account Enrollment and Agreement Form) F. External Healthcare Professionals for Continuity of Care UW Medicine may provide access to the enterprise clinical information systems through U-Link or Just-In-Time to healthcare professionals for purposes of continuity of care. These healthcare professionals must sign an agreement with the Physician Liaison Office. (See UW Medicine Privacy Policy: PP-20a Attachment D UW Medicine U-Link Program Account Enrollment and Agreement Form) G. Other Non-UW Medicine Workforce All other non-uw Medicine workforce member (i.e. auditors, insurers, regulators) access to enterprise clinical information systems must be authorized by a Director or Administrator. The non-uw Medicine workforce member must review & sign the Non-UW Medicine workforce Privacy, Confidentiality and Information Security Agreement (Please see PP20A- Attachment E: Non-UW Medicine Workforce Privacy, Confidentiality, and Information Security Agreement). This agreement must be maintained on file in the department. III. Authorizing Users for UW Medicine Clinical or Business Data Repositories (Examples: Amalga, Consolidated Decision Support, and MAP). Access to Clinical or Business Data Repositories is the responsibility of the System Owner. If the data from the Clinical or Business Data Repository is to be used for research, then the requirements of the Human Subjects Division must be met. o System Level Access (Example: Amalga Affiliate developer): Documented process with System Owner approval required. 6
7 o Collection: (Examples: uzcce the Center for Clinical Excellence; uzcbr Cancer Biospecimen Repository) Documented process authorized by the Clinical Data Repository Oversight Committee. IV. Non-Enterprise UW Medicine Systems. Systems not included in this document are provisioned by individual departments. Please contact the individual department to request user accounts. References 45 CFR Definitions. 45 CFR (3)(i) Standard: Workforce security. 45 CFR (3)(ii) Implementation specifications. 45 CFR (4)(i) Standard: Information access management. 45 CFR (a)(1) Permitted uses and disclosures. 45 CFR (b) Uses & Disclosure of Protected Health Information Minimum Necessary. 45 CFR (d) Other Requirements Relating To Uses & Disclosures Of Protected Health Information Minimum Necessary. Cross References PP-00 Glossary of Terms: Approvals UW Privacy Official Date Johnese M. Spisso, Chief Health System Officer, UW Medicine & Vice President for Medical Affairs, UW Related Procedures 7
8 UW Medicine Account UW Medicine Account Activation, Deactivation, Change Request Forms: Forms/Instructions PP-04 Attachment A: Privacy, Confidentiality, and Information Security Agreement: PP-20a Attachment A: Agreement for Electronic Access to Protected Health Information PP-20a Attachment B: Privacy, Confidentiality and Information Security Agreement Pursuant to an Agreement for Electronic Access to PHI PP-20a Attachment C: Workforce Member Documentation of IT System Access PP-20a Attachment D: UW Medicine U-Link Program Account Enrollment and Agreement PP-20a Attachment E: Non-UW Medicine Workforce Privacy, Confidentiality and Information Security Agreement Additional Contacts UW Medicine Compliance
Use & Disclosure of Protected Health Information by Business Associates
Applicability: Policy Title: Policy Number: Use & Disclosure of Protected Health Information by Business Associates PP-12 Superseded Policy(ies) or Entity Policy: N/A Date Established: January 31, 2003
More informationUW Medicine Definition, Retention, and Disclosure of the Legal Medical Record
Policy Level: Policy Title: Harborview Medical, rthwest Hospital & Medical,, UW Medical including Seattle Cancer Care Alliance, UW Neighborhood Clinics, Airlift rthwest and Hall Health UW Medicine Definition,
More informationPOLICY PRINCIPLES/STATEMENT
Applicability: Policy Title: Policy Number: Identity Theft Prevention PP-31 Superseded Policy(ies) or Entity Policy: N/A Date Established: August 1, 2009 Date Effective: March 1, 2015 Dates Revised: December
More informationPRIVACY AND INFORMATION SECURITY WORKFORCE TRAINING
PRIVACY AND INFORMATION SECURITY WORKFORCE TRAINING PURPOSE The federal Health Insurance Portability and Accountability Act (referred to as HIPAA or the Privacy Rule ) requires that a covered entity must
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 5 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: October 19, 2006 Contact for More Information: Chief Privacy Officer 1303 A West Campus
More informationShared EMR Access Administrator (AA) Guide ~ External
Shared EMR Access Administrator (AA) Guide ~ External Developed and maintained by: Information Stewardship Office (ISO) Information Sharing Framework Governance Committee (ISF GC) TABLE OF CONTENTS Purpose
More informationDEPARTMENTAL POLICY. Northwestern Memorial Hospital
Northwestern Memorial Hospital DEPARTMENTAL POLICY Subject: DEPARTMENTAL ADMINISTRATION Title: 1 of 11 Revision of: NEW Effective Date: 01/09/03 I. PURPOSE: This policy defines general behavioral guidelines
More informationPhysician-Centered Hospital network EHR Implementation It Can be DOne. Charles Watson DO, CMIO
Physician-Centered Hospital network EHR Implementation It Can be DOne Charles Watson DO, CMIO Kettering Health Network Hospital Facilities Ambulatory Sites Kettering 522 Beds Sycamore 181 Beds Kettering
More informationRUTGERS POLICY. Policy Name: Standards for Privacy of Individually Identifiable Health Information
RUTGERS POLICY Section: 100.1.9 Section Title: HIPAA Policies Policy Name: Standards for Privacy of Individually Identifiable Health Information Formerly Book: 00-01-15-05:00 Approval Authority: RBHS Chancellor
More informationUse & Disclosure of Protected Health Information Related to Inpatient Facility Directories & for Disaster Relief Purposes
Applicability: Policy Title: Policy Number: Use & Disclosure of Protected Health Information Related to Inpatient Facility Directories & for Disaster Relief Purposes PP-13 Superseded Policy(ies) or Entity
More informationPURPOSE AND SCOPE This table is applicable to all UW Medicine Compliance Policies governing privacy.
Applicability: Policy Title: Policy Number: Glossary of s PP-00 Superseded Policy(ies) or Entity Policy: N/A Date Established: October 27, 2003 Date Effective: September 21, 2015 Dates Revised: November
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS GENERAL What is the Information Sharing Framework (ISF)? The ISF is a set of legal agreements designed to allow physicians to fulfill College of Physicians and Surgeons of Alberta
More informationAuthorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
More informationPolicy. Marshall University Joan C. Edwards School of Medicine Marshall Health, Inc.
Policy Marshall University Joan C. Edwards School of Medicine Marshall Health, Inc. Non-employee Presence in the Medical School and Practice Environments Purpose: 1) To protect the primary educational
More informationResident/Fellow Moonlighting Policy
University of Washington School of Medicine Effective: 02/08/2007; Revised: 7/2009, 8/08/2013 Graduate Medical Education Page 1 of 7 Resident/Fellow Moonlighting Policy Scope: This policy applies to Residents
More informationINTRODUCTION. The HIPAA Privacy Rule and Electronic Health Information Exchange in a Networked Environment
INTRODUCTION This guidance is composed of a series of fact sheets that clarify how the HIPAA Privacy Rule applies to, and can be used to help structure the privacy policies behind, electronic health information
More informationHealthcare Compliance and Hybrid Entity Designation
[New OP initial posting 8/28/14] Operating Policy and Procedure : Healthcare Compliance and Hybrid Entity Designation DATE: August 28, 2014 PURPOSE: The purpose of this Texas Tech Operating Policy and
More informationCMS ehealth Summit UW Medicine
CMS ehealth Summit UW Medicine David Chou, MD, MS CTO, IT Services, UW Medicine Professor, Lab Medicine, University of Washington Meaningful Use Executive Co-Chair Baltimore, December 6. 2013 UW Medicine
More informationAdministrative Policies and Procedures POLICY FOR USE AND ACCESS TO ENTERPRISE DATA CENTER FACILITIES
Administrative Policies and Procedures POLICY FOR USE AND ACCESS TO ENTERPRISE DATA CENTER FACILITIES Department: Information Technology Services Policy Number: Effective Date: Revision Date: June 11,
More informationUNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE. No: Supersedes Date: Distribution: Issued by:
UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE Subject: ACCOUNTING OF DISCLOSURES Page 1 of 4 No: Prepared by: Shoshana Milstein Original Issue Date: NEW Reviewed by: HIPAA Policy & Procedure
More informationKECK SCHOOL OF MEDICINE GOVERNANCE DOCUMENT June 20, 2011
I. EXECUTIVE AUTHORITY KECK SCHOOL OF MEDICINE GOVERNANCE DOCUMENT June 20, 2011 As a non-profit public benefit corporation, the University of Southern California (USC) is governed by the Board of Trustees.
More informationBUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)]
BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] Background By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses, and certain
More informationMONTANA PROFESSIONAL ASSISTANCE PROGRAM, INC. POSITION DESCRIPTION:
MONTANA PROFESSIONAL ASSISTANCE PROGRAM, INC. POSITION DESCRIPTION POSITION DESCRIPTION: REPORTS TO: CLINICAL COORDINATOR CLINICAL DIRECTOR SUPERVISES: SUMMARIES OF DUTIES Reports to the Clinical Director.
More informationEMR Outcomes Self-Assessment Contents
Contents Introduction... How does it work?... Select Purpose... Patient Care Processes... Registration and Attachment... Scheduler... Referral/Consult... 4 Assessment and Treatment... 5 Assessment-Ordering
More informationPrincipal Investigator Responsibilities for Education and Social/Behavioral Researchers
Principal Investigator Responsibilities for Education and Social/Behavioral Researchers Introduction The purpose of this module is to provide a basic understanding of the responsibilities of the principal
More informationWashington State Immunization Information System. Information Sharing Agreement for Healthcare Providers or Local Health Jurisdictions
Every age. Every vaccination. Washington State Immunization Information System Information Sharing Agreement for Healthcare Providers or Local Health Jurisdictions I. This is an Agreement (agreement) between
More informationUMDNJ COMPLIANCE PLAN
UMDNJ COMPLIANCE PLAN INTRODUCTION...2 COMPLIANCE OVERSIGHT 3 COMPLIANCE COMMITTEE STRUCTURE...4 CHIEF COMPLIANCE OFFICER S RESPONSIBILITIES...5 RESEARCH COMPLIANCE.5 UNIT IMPLEMENTATION.6 COMPLIANCE POLICIES
More informationUNIVERSITY HOSPITAL POLICY
SUBJECT: COMPLIANCE AND PRIVACY UNIVERSITY HOSPITAL POLICY TITLE: CODING: 831-200-958 ADOPTED: July 1, 2013 DISCLOSURES OF PERSONALLY IDENTIFIABLE HEALTH INFORMATION TO BUSINESS ASSOCIATES AMENDED/ REVIEWED:
More informationHIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER
HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information
More informationDelaware Valley Dermatology Group, LLC 3411 Silverside Road Suite 107, Webster Building Wilmington, DE 19810 Phone: 302-478-8532 Fax: 302-478-8536
Delaware Valley Dermatology Group, LLC 3411 Silverside Road Suite 107, Webster Building Wilmington, DE 19810 Phone: 302-478-8532 Fax: 302-478-8536 Notice of Privacy Practices THIS NOTICE DESCRIBES HOW
More informationProtection of Clients' Personal Health Information G & G LIVING CENTERS, INC.'s Privacy Practices
Protection of Clients' Personal Health Information G & G LIVING CENTERS, INC.'s Privacy Practices G & G Living Centers, Inc. has had a longstanding commitment to protecting the privacy of its clients'
More informationfor Training of Residents in
University of Maryland Medical Center Department of and University of Maryland School of Medicine Agreement with for Training of Residents in This Agreement, entered into as of the day of, 200, is between
More informationamericanehr.com A Report by AmericanEHR Partners October 2011
Market Share and Top 10 Rated Ambulatory EHR Products by Practice Size A Report by AmericanEHR Partners October 2011 americanehr.com Copyright AmericanEHR Partners 2011 Market Share and Top 10 Rated Ambulatory
More informationService Learning Resource Center
Service Learning Resource Center Is open in the Academic Affairs Office in A-300 Post your events on the new Service Learning Web Site! http://depts.washington.edu/iserv Volunteering Advocacy Service Learning
More informationHIPAA Minimum Necessary Grasp the Concept. Tara Scrogin, J.D. Privacy Officer
HIPAA Minimum Necessary Grasp the Concept Tara Scrogin, J.D. Privacy Officer Purpose Who can I share PHI with? What are the rules of the road?? Minimum Necessary General Standard: 45 CFR 164.502(b) When
More informationGeneral Support System
PRIVACY IMPACT ASSESSMENT JUNE 30, 2015 General Support System Does the CFPB use the information to benefit or make a determination about an individual? No. What is the purpose? Store and Transmit all
More informationReceipt of the BAA constitutes acceptance thereof, provided that you do not provide a written objection within fourteen (14) days of receipt.
Re: Notice of Business Associate Agreement This Notice concerns the mutual obligations arising from the COBRA Administration Contract ( Contract ) between your company ( Covered Entity ) and Small Business
More informationIDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Minimum Necessary Standard for Use and Disclosure of PHI 10190
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Minimum Necessary Standard for Use and Disclosure of PHI 10190 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 14 I. Policy II. A. The, the units of the UW-Madison Health Care Component and each individual or unit within UW-Madison that is a Business Associate of a covered entity (hereafter collectively
More informationElectronic Medical Records: Legal and Ethical Implications for Patients
Electronic Medical Records: Legal and Ethical Implications for Patients Linda A. Simunek, RN, PhD, JD Executive Director, Doctoral Success Grant and Adjunct Professor in Law in Healthcare Education, Fischler
More informationTABLE OF CONTENTS. University of Northern Colorado
TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...
More informationHEALTH INFORMATION TECHNOLOGY EXCHANGE OF CONNECTICUT
HEALTH INFORMATION TECHNOLOGY EXCHANGE OF CONNECTICUT POLICY AND PROCEDURE 5 10 15 20 25 30 35 40 Policy Name/Subject: Policy Number: POLICY V1.0 2 Approval Date: 11-21-2011 Effective Date: 11-21- 2011
More informationBUSINESS ASSOCIATE AGREEMENT. Recitals
BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More information2013 Desktop Virtualization Trends in Healthcare
2013 Desktop Virtualization Trends in Healthcare Imprivata, Inc. 10 Maguire Road Lexington, MA 02421 Executive Summary Imprivata, a leading global provider of healthcare IT security solutions, recently
More informationNew York University UNIVERSITY POLICIES
New York University UNIVERSITY POLICIES Title: Bank and Securities Account Policy Supersedes: Policy dated December 1, 2007 Effective Date: September 1, 2013 Issuing Authority: Chief Financial Officer
More informationUSES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS [45 CFR 164.506]
USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS [45 CFR 164.506] Background The HIPAA Privacy Rule establishes a foundation of Federal protection for personal health information,
More informationHelen M. Simpson Rehabilitation Hospital Leveraging IT to Coordinate Care Transitions
Helen M. Simpson Rehabilitation Hospital Leveraging IT to Coordinate Care Transitions All speakers have completed commercial bias disclosure forms and do not have any conflicts of interest Disclosures
More informationCounty of San Mateo Health System
County of San Mateo Health System Request for Information Unified Patient Portal for the Health System Issue Date: Thursday, April 25, 2013 Submit Information Packets to: County of San Mateo San Mateo
More informationNOTICE OF PRIVACY PRACTICES. The University of North Carolina at Chapel Hill. UNC-CH School of Nursing Faculty Practice Carolina Nursing Associates
NOTICE OF PRIVACY PRACTICES The University of North Carolina at Chapel Hill UNC-CH School of Nursing Faculty Practice Carolina Nursing Associates THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU
More informationHIPAA Privacy Rule Policies
DRAFT - Policies and Procedures PRIVACY OFFICE ASSIGNMENT AND RESPONSIBILITIES APPROVED BY: SUPERCEDES POLICY: Policy #1 ADOPTED: REVISED: REVIEWED: Purpose This policy is designed to assure the establishment
More informationUniversity Specialty Clinics and Palmetto Health Billing Compliance Plan
Introduction The University of South Carolina School of Medicine Educational Trust d/b/a University Specialty Clinics (USC) manages the clinical faculty practice plan of the University of South Carolina
More informationActive AnAlytics: Driving informed Decisions leading to Better clinical AnD financial outcomes
Active AnAlytics: Driving informed Decisions leading to Better clinical AnD financial outcomes An InterSystems White Paper for Healthcare IT Executives Active AnAlytics: Driving informed Decisions leading
More informationAccess to Electronic Health Records Policy Franciscan Health System
Access to Electronic Health Records Policy Franciscan Health System PURPOSE: The purpose of the Access to Electronic Health Records Policy ( EHR Policy ) is to establish processes and procedures for permitting
More informationUW Medicine Case Study
Learn Serve Lead April 2013 Association of American Medical Colleges ABOUT THE BEST PRACTICES FOR BETTER CARE CASE STUDY SERIES Better performers from the Best Practices for Better Care initiative, identified
More informationOhio Health Information Partnership/CliniSync HIE
Ohio Health Information Partnership/CliniSync HIE Cathy Costello, JD Regional Extension Center/MU ccostello@ohiponline.org Andrea Perry, MPA Privacy Officer aperry@ohiponline.org 63 Ohio s HIE Landscape
More informationMEDICAL OFFICE SERIES
MEDICAL OFFICE SERIES Occ. Work Prob. Effective Last Code No. Class Title Area Area Period Date Action 4960 Medical Office Assistant 04 445 6 mo. 07/15/12 New 4961 Medical Office Associate 04 445 6 mo.
More informationBusiness Associate Agreements and Similar Arrangements
Business Associate Agreements and Similar Arrangements As a covered entity under the HIPAA Privacy Rule, the Indian Health Service (IHS) is required to have a written contract with each of its business
More informationArizona Physicians Group To Pay $100,000 To Settle HIPAA Charges
Cynthia Marcotte Stamer Board Certified Labor and Employment Law Texas Board of Legal Specialization Primary Telephone: (214) 452-8297 24-Hour Telephone (469) 767.8872 Addison Telephone (972) 588.1860
More informationHealth Information Exchange Use Cases and Best Practices
Health Information Exchange Use Cases and Best Practices Keely Benson, ehealth Community Manager at MeHI Dr. Larry Garber, MD, Director of Clinical Informatics at Reliant Medical Group Jay Caturia, Project
More informationUNH Policy on Compliance with the Health Insurance Portability and Accountability Act (HIPAA)
UNH Policy on Compliance with the Health Insurance Portability and Accountability Act (HIPAA) 1 Preamble Approved August 5, 2014 1.1 The Health Insurance Portability and Accountability Act of 1996 (Public
More informationTHE PAIN AND GAIN OF ELECTRONIC MEDICAL RECORDS AND IMAGE CAPTURE IN OPHTHALMOLOGY
THE PAIN AND GAIN OF ELECTRONIC MEDICAL RECORDS AND IMAGE CAPTURE IN OPHTHALMOLOGY Ann Koval Baylor College of Medicine THE ADMINISTRATORS ROLE CHANGE DENIAL FEAR WE WERE THE SMARTEST IN OUR CLASS WECAN
More informationUniversity of California Policy
University of California Policy HIPAA Uses and Disclosures Responsible Officer: Senior Vice President/Chief Compliance and Audit Officer Responsible Office: Ethics, Compliance and Audit Services Effective
More informationHIPAA POLICY REGARDING BUSINESS ASSOCIATES
HIPAA POLICY REGARDING BUSINESS ASSOCIATES SCOPE OF POLICY: What Units Are Covered by this Policy?: This policy applies to the following units of Emory University: School of Medicine; School of Nursing;
More informationALLINA HOSPITALS & CLINICS System-wide Policy
ALLINA HOSPITALS & CLINICS System-wide Policy Department: Allina Hospitals & Clinics Corporate Compliance Privacy & Security Compliance Page: 1 of 6 Approved by: Ethics & Compliance Oversight Committee
More informationUNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE. No: Supersedes Date: Distribution: Issued by:
UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE Subject: ALCOHOL & SUBSTANCE ABUSE INFORMATION Page 1 of 10 No: Prepared by: Shoshana Milstein Original Issue Date: NEW Reviewed by: HIPAA Policy
More informationSecurity Awareness Training
CALIFORNIA DEPARTMENT OF AGING The CDA Information Security Office Security Awareness Training Presents California Department of Aging (CDA), 1300 National Drive, Suite 200, Sacramento, CA 95834 www.aging.ca.gov
More informationPersonal Health Information Privacy Policy
Personal Health Information Privacy Policy Privacy Office Document ID: 2478 Version: 6.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights
More informationThe Interoperable Electronic Health Record Understanding and Addressing the Legal and Regulatory Risks
The Interoperable Electronic Health Record Understanding and Addressing the Legal and Regulatory Risks HCCA Physician Immersion Session April 2006 Judy S. Ireland, Esq. Vice-President, Ethics and Compliance
More informationHow To Protect Your Health Care From Being Hacked
HIPAA SECURITY COMPLIANCE GUIDE May 9, 2005 FOR PIONEER EDUCATORS HEALTH TRUST. PIONEER EDUCATORS HEALTH TRUST HIPAA Security Introduction Various sponsoring employers (referred to collectively as the
More informationMeaningful Use Qualification Plan
Meaningful Use Qualification Plan Overview Certified EHR technology used in a meaningful way is one piece of a broader Health Information Technology infrastructure intended to reform the health care system
More informationAccreditation Standards for Pharmacy Technician Education and Training Programs
Accreditation Standards for Pharmacy Technician Education and Training Programs Introduction These standards have been developed to: protect the public, serve as a guide for pharmacy technician education
More informationCo-Pay Assistance Program for CUBICIN (daptomycin for injection) for Intravenous Use Enrollment Form
1. PATIENT INFORMATION Name Gender: o Male o Female Date of Birth: / / Address City State ZIP Email Home Phone Cell Phone Work Phone Alternate Contact Person (Optional) Alternate Phone Number (Optional)
More informationBusiness Associates Agreement
Business Associates Agreement This Business Associate Agreement (the Agreement ) between Customer,( Covered Entity ) and Kareo ( Business Associate ) will be in effect during any such time period that
More informationHIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationWho is looking at your electronic health record?
Who is looking at your electronic health record? A practical guide to building an audit plan. April 22, 2013 Sandy Gilmore Audit Plan April 2013 2 1 Audit Plan April 2013 3 Who is looking at your EHR Objectives
More informationUNIVERSITY POLICY ON SIGNING UNIVERSITY CONTRACTS
Responsible University Officer Vice Chancellor and General Counsel Responsible Office Office of University Counsel UNIVERSITY POLICY ON SIGNING UNIVERSITY CONTRACTS The purpose of this policy is to establish
More informationMEDICAL STAFF BYLAWS FOR CHILDREN'S & WOMEN'S HEALTH CENTRE OF BRITISH COLUMBIA AN AGENCY OF THE PROVINICAL HEALTH SERVICES AUTHORITY
MEDICAL STAFF BYLAWS FOR CHILDREN'S & WOMEN'S HEALTH CENTRE OF BRITISH COLUMBIA AN AGENCY OF THE PROVINICAL HEALTH SERVICES AUTHORITY SEPTEMBER 1, 2004 Board Approved June 24, 2004 Ministry of Health Approved
More informationSARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY
SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY Purpose: The following privacy policy is adopted to ensure that the Sarasota County Government Employee Medical Benefit Plan
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ("Agreement") is made and is effective as of the date of electronic signature("effective Date") between Name of Organization ("Covered
More informationINDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.
More informationApproved by the Audit and Compliance Committee of the Providence Health & Services Board of Directors
Integrity and Compliance Description Approved by the Audit Committee of the Providence Health & Services Board of Directors December 7, 2009 Contents: Introduction Page 1 Purpose Page 2 Compliance Administration
More informationRowan University Data Governance Policy
Rowan University Data Governance Policy Effective: January 2014 Table of Contents 1. Introduction... 3 2. Regulations, Statutes, and Policies... 4 3. Policy Scope... 4 4. Governance Roles... 6 4.1. Data
More informationHealth Sciences Compliance Plan
INDIANA UNIVERSITY Health Sciences Compliance Plan 12.18.2014 approved by University Clinical Affairs Council Table of Contents Health Sciences Compliance Plan I. INTRODUCTION... 2 II. SCOPE... 2 III.
More informationMcLaren Greater Lansing Rules of the Department of Emergency Medicine ARTICLE I. PURPOSE AND ORGANIZATION
McLaren Greater Lansing Rules of the Department of Emergency Medicine ARTICLE I. PURPOSE AND ORGANIZATION 1.1 PURPOSE 1.1.1 The purpose of the Department of Emergency Medicine shall be to perform the organizational
More information[Insert Name and Address of Data Recipient] Data Use Agreement. Dear :
[Insert Name and Address of Data Recipient] Re: Data Use Agreement Dear : The federal Health Insurance Portability and Accountability Act and the regulations promulgated thereunder (collectively referred
More informationTABLE OF CONTENTS CHAPTER A:
This publication links to non-federal resources in order to provide additional information to consumers. The views and content in these resources have not been formally approved by the U.S. Department
More informationHow To Be An Emr Consultant
Tashaka Budd Application Training, Application Support, Business Management ROLES & RESPONSIBILITIES As an EMR Consultant, I have the responsibility of educating and supporting end users on how to implement
More informationPolicy Number B-2 Date This Version of Policy February 2006. Department Responsible for UNC HCS HIPAA Policy
Name of Policy BUSINESS ASSOCIATES *Excludes Rex Healthcare Policy Number B-2 Date This Version of Policy February 2006 Effective Department Responsible for UNC HCS HIPAA Policy Review Committee POLICY:
More informationQueensland. Health Practitioner Regulation (Administrative Arrangements) National Law Act 2008
Queensland Health Practitioner Regulation (Administrative Arrangements) National Law Act 2008 Act No. 62 of 2008 Queensland Health Practitioner Regulation (Administrative Arrangements) National Law Act
More informationUniversity of Central Florida College of Medicine Industry Relations Policy and Guidelines. Table of Contents
University of Central Florida College of Medicine Industry Relations Policy and Guidelines 1. Introduction and Scope of Policy 2. Statement of Policy Table of Contents 3. Gifts and Individual Financial
More informationHIPAA Business Associate Addendum
HIPAA Business Associate Addendum THIS HIPAA BUSINESS ASSOCIATE ADDENDUM (this Addendum ) is by and between ( Covered Entity ) and TALKSOFT CORPORATION ( Business Associate ) (hereinafter, Covered Entity
More informationInformation Governance and Management Standards for the Health Identifiers Operator in Ireland
Information Governance and Management Standards for the Health Identifiers Operator in Ireland 30 July 2015 About the The (the Authority or HIQA) is the independent Authority established to drive high
More informationHealth Information Technology
Background Brief on September 2014 Inside this Brief Terminology Relevant Federal Policies State HIT Environment, Policy, and HIT Efforts Staff and Agency Contacts Legislative Committee Services State
More informationDTCC RISK COMMITTEE CHARTER
DTCC RISK COMMITTEE CHARTER Purpose The ability to identify, manage and mitigate risk is fundamental to the services that The Depository Trust & Clearing Corporation ( DTCC ) provides to its members and
More informationUniversity of California Policy
University of California Policy HIPAA Uses and Disclosures for UC Group Health Plans Responsible Officer: Senior Vice President/Chief Compliance and Audit Officer Responsible Office: Ethics, Compliance
More informationPERSONAL HEALTH RECORDS AND
PERSONAL HEALTH RECORDS AND THE HIPAA PRIVACY RULE INTRODUCTION A personal health record (PHR) is an emerging health information technology that individuals can use to engage in their own health care to
More informationDEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES
DEPARTMENT OF MENTAL HEALTH AND DEVELOPMENTAL DISABILITIES POLICIES AND PROCEDURES Subject: ADMINISTRATION OF HIPAA Effective Date: 12/15/03 Review Date: 6/8/06 Revision Date: 11/21/06 (All legal citations
More informationBackground. Implementation and Usability Hearing Questions Panel 4. About KLAS
Background About KLAS KLAS is a market research firm that specializes in the measurement of vendor performance through the eyes of their customers. Our interviews with over 2,000 provider contacts each
More information