EXAMPLE 3-JOINT PRIVACY AND SECURITY CHECKLIST
|
|
- Mervin Wilcox
- 5 years ago
- Views:
Transcription
1 Purpose: The purpose of this Checklist is to evaluate your proposal to use or disclose Protected Health Information ( PHI ) for the purpose indicated below and allow the University Privacy Office and Office of Cybersecurity to jointly review and provide guidance on the information privacy and security controls associated with your proposal. This Checklist is meant to be used in a variety of projects including IRB research, educational activities, any project involving vendors who will receive Institutional PHI or any project where you will be receiving PHI from another entity for a reason other than treatment. Instructions: Please complete this form with as much detail as you are able and return it via to the address listed at the end of this form. After we receive the completed Checklist, we will evaluate your responses and respond to you with next steps (if any). Should you have any questions about completing this form, please them to the University X Privacy Officer at privacyofficer@universityx.edu or by phone at PI or Project Leader Name & Title: Dr. Sandy Shu, Geriatrics and Gerontology PI or Project Leader Contact Information: Phone Number: sandy.shu@universityx.edu School/Department: Geriatrics and Gerontology Your contact information (name/phone/ ) if you are not the PI or project leader: Ron Mott, Administrator; Purpose of this Request: Check all that apply Student education Quality improvement/quality assessment University administration and/or operations (including HR) Medical/clinical care IRB approved research (Protocol no ) Fundraising or marketing Other (describe: Click here to enter text.) If you have IT support in your department or as part of this project, please list their name and contact information here: Jim Alcoa; jim.alcoa@universityx.edu 1. Briefly describe your project and the timeline in which you hope to begin your project: Multi-site, multi-year study involving collection of identifiable patient data from large cohort of Medicare-enrollees for purpose of creating large limited data set to permit population health analytics. University X will share identifiable patient data with third party (Re-Claimz) under BAA (to be negotiated). Re-Claimz will cross-link the identifiable data it receives from research sites with identifiable claims data it receives from CMS. Re- Claimz will then generate limited data set that it will share with coordinating site (University K) under DUA. Limited data set will be stored for duration of study in secure data warehouse (DW) located on premises at University K. All participating sites will enter into joint DUAs with University K so that all participating sites may have access to limited 1
2 data set. 2. Will any data be disclosed to, or received from, a 3 rd party? ( A third party is any person outside the PI s research team, or outside of the Project leader s internal team. 3 rd parties including people from elsewhere at University, or from another institution altogether)? If yes, please describe: Yes, we will receive data: Please describe from where/whom and how the data will be transferred? University X will receive data directly from study participants (stored in EMR/EHR), as well as have access to limited data set (stored in University K s secure DW). Yes, we will disclose data: Please describe to where/whom and how the data will be transferred? Fully-identifiable data to third-party (Re-Claimz) will be transferred use HTTPS to secure server (server meets FISMA high controls). University X will negotiate a BAA with Re- Claimz. No, we will not be transmitting data to any 3 rd party, nor will we receive data from any 3 rd party. 3. Check all that are identifiers that will be created, accessed, analyzed, transmitted, stored, received or disclosed as part of this research or project: Check all that apply. Names Geographic subdivisions smaller than a state: Please list exactly what geographic identifiers will be received and/or disclosed (state, city, county, street address, zip code): Click here to enter text.) Dates: (except year) directly related to an individual, including DOB, health care service, admission, or discharge dates, date of death, and all ages over 89 and all elements of dates (including year) indicative of such age, unless aggregated into a single category of ages over 89: Please list the types of dates (ex., date of service) and format of any dates (month/year) being received or disclosed: Dates of birth, dates of services Telephone numbers, fax numbers, and/or addresses Social security numbers Medical record numbers Health insurance ID number(s), account numbers, and/or plan beneficiary numbers Certificate/driver s license numbers Vehicle identifiers and serial numbers, including license plate numbers Device identifiers and serial numbers Web Uniform Resource Locators (URLs) and/or Internet Protocol (IP) address numbers Biometric identifiers, including finger and voice prints Full face photographic images and any comparable images Any other unique identifying number, characteristic, or code 2
3 Student data (demographics, grades, other Click here to enter text. ) Faculty or staff employment documents (personnel files, salary, benefits, etc.) University ID numbers, student or employee ID numbers Donor information (from University X fundraising) Research data from other IRB approved studies Medical Records: Describe (ex: diagnosis and treatment information, lab results, physician notes, diagnostic images, prescription information, sensitive medical conditions (STDs, HIV, mental health records, alcohol and drug treatment information), etc.) labs, diagnosis/procedure codes Other (describe) Click here to enter text. 4. For all data elements listed above, list the location(s) where the data will be 1) collected/created, 2) stored, 3) accessed from and/or analyzed, and 4) how it will be shared or released? (Include details covering both physical locations and electronic systems. Include system IDs if possible. Make special note if a system is mobile, such as a laptop, external hard drive or thumb drive.) If you are able to submit a data life cycle or data flow diagram with this Checklist, it will greatly improve our ability to analyze your proposal. A data life cycle or data flow diagram will list specifically the security controls in place at each stage of the data during its collection, storage, use (by all internal parties), release (including security controls used in planned transmissions of the data) as well as storage and ultimately archival and destruction. Third-party vendor (Re-Claimz) business associate will provide a secure, FISMA-high compliant environment to receive identifiable patient record information; will crosslink with CMS claims data, will generate limited data set and will transmit limited data set using HTTPS to University K and stored in secure data warehouse (DW). Coordinating Site (University K) store limited data set within secure data warehouse platform for duration of specific research project and future research purposes. University X and University K will enter into a DUA so that University X may access full limited data set. 5. Describe the population of individuals whose data will be collected, accessed, stored, transmitted, processed, released (e.g. University Hospital patients, clinical research participants, students, etc.) and provide an estimate of the number of persons and number of unique records per person for each category (e.g. All Medicare recipients living in the state of Wisconsin so roughly 1.5 million who have three types of records collected as part of this project each year over three years resulting in the collection of roughly 4.5 million different records, each year). Types of individuals whose data will be involved in this project: Males and females > 18 and < 85 enrolled in federally funded CMS programs. Total number of individuals who whose data will be involved with this project 3
4 (please estimate if this is a multiyear project please provide an estimate over multi-year intervals): Several hundred thousand over multi-year (five year) period. Years 1-3 will involve initial collection phase from participating sites, updated periodically on annual basis with additional subjects by end of Year Will a vendor or third party perform any service as part of this research project on your behalf or at your request? If so, please list the name, address and contact information for the vendor or individual and describe the service they will perform and how data will be transmitted to this vendor. (Examples: using a survey system not owned and operated by the researcher team; using computer systems for storage, backup, or statistical analysis, providing data to another party for geo coding, etc ) Re-Claimz, 313 Main Street, Silicon Valley, CA, Janice Hattinger; cross-linkage with claims data and creation of limited data set; providing limited data set to coordinating site (University K) for long term storage of limited data set repository. 7. Will any data need to be shared with collaborators (internal or external to University X)? YES NO a. If YES, list the collaborators and their institution: University K, Dr. Shawn Cole University W, Dr. Chris Jameson University I, Dr. Janet Draeger University Y, Dr. Tom Nelson b. Indicate how the data will be shared with collaborators? Limited data sets, stored at University K, accessible by co-collaborator teams; limited data will be transferred using end-to-end encryption 8. Is there an agreement (executed or in draft form) for the data sharing with the collaborator(s)? YES - If yes, please attach a copy (*Still negotiating) NO 9. Have all University X employees involved with this project, including all IT staff supporting your systems, completed this current year s annual HIPAA training? YES NO Unknown Please return this form and any attachments as follows: University X Privacy Officer at privacyofficer@universityx.edu 4
5 5
EXAMPLE 2-JOINT PRIVACY AND SECURITY CHECKLIST
Purpose: The purpose of this Checklist is to evaluate your proposal to use or disclose Protected Health Information ( PHI ) for the purpose indicated below and allow the University Privacy Office and Office
More informationHIPAA and Research Contracts JILL RAINES, ASSISTANT GENERAL COUNSEL AND UNIVERSITY PRIVACY OFFICIAL
HIPAA and Research Contracts JILL RAINES, ASSISTANT GENERAL COUNSEL AND UNIVERSITY PRIVACY OFFICIAL Just a Few Reminders HIPAA applies to Covered Entities HIPAA is a federal law that governs the privacy
More informationHIPAA and HIPAA Compliance with PHI/PII in Research
HIPAA and HIPAA Compliance with PHI/PII in Research HIPAA Compliance Federal Regulations-Enforced by Office of Civil Rights State Regulations-Texas Administrative Codes Institutional Policies-UTHSA HOPs/IRB
More informationPOLICY. Create a governance process to manage requests to extract de- identified data from the Information Exchange (IE).
Academic Health Center Office of Biomedical Health Informatics POLICY Extraction of De- Identifiable Data from the Information Exchange Approved Proposal Purpose Create a governance process to manage requests
More informationIntroduction/Instructions
Introduction/Instructions Registries (data banks) and repositories (tissue banks, usually with databases associated) all involve the collection and storage of information and/or biological specimens that
More informationUniversity of Mississippi Medical Center Data Use Agreement Protected Health Information
Data Use Agreement Protected Health Information This Data Use Agreement ( DUA ) is effective on the day of, 20, ( Effective Date ) by and between (UMMC) ( Data Custodian ), and ( Recipient ), located at
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More informationUniversal Patient Key
Universal Patient Key Overview The Healthcare Data Privacy (i.e., HIPAA Compliance) and Data Management Challenge The healthcare industry continues to struggle with two important goals that many view as
More informationSecurity Overview. Joseph Balberde North Country Community Mental Health Information Technology Director
Security Overview Joseph Balberde North Country Community Mental Health Information Technology Director 2-5-2019 Protected Health Information Individually Identifiable Health Information (IIHI): is information
More informationHIPAA 101: What All Doctors NEED To Know
HIPAA 101: What All Doctors NEED To Know 1 HIPAA Basics HIPAA: Health Insurance and Portability Accountability Act of 1996 Purpose: to protect confidential information through improved security and privacy
More informationComputer Security Incident Response Plan. Date of Approval: 23-FEB-2014
Computer Security Incident Response Plan Name of Approver: Mary Ann Blair Date of Approval: 23-FEB-2014 Date of Review: 31-MAY-2016 Effective Date: 23-FEB-2014 Name of Reviewer: John Lerchey Table of Contents
More informationHealth Link Frequently Asked Questions
Health Link Frequently Asked Questions We hope that you find our Health Link patient portal easy to use. If you have any questions or comments, please contact Health Link Support by email at healthlink@hvhs.org
More informationAUTHORIZATION TO RELEASE HEALTH INFORMATION
Request Completed Health Information Management AUTHORIZATION TO RELEASE HEALTH INFORMATION Completion of this form authorizes the use and/or disclosure (release) of individually identifiable health information,
More informationOverview of Datavant's De-Identification and Linking Technology for Structured Data
Overview of Datavant's De-Identification and Linking Technology for Structured Data Introduction Datavant is firmly committed to advancing healthcare through data analytics while protecting patients privacy.
More informationPrivacy Preserving Data Mining: An approach to safely share and use sensible medical data
Privacy Preserving Data Mining: An approach to safely share and use sensible medical data Gerhard Kranner, Viscovery Biomax Symposium, June 24 th, 2016, Munich www.viscovery.net Privacy protection vs knowledge
More informationHIPAA and Social Media and other PHI Safeguards. Presented by the UAMS HIPAA Office August 2016 William Dobbins
HIPAA and Social Media and other PHI Safeguards Presented by the UAMS HIPAA Office August 2016 William Dobbins Social Networking Let s Talk Facebook More than 1 billion users (TNW, 2014) Half of all adult
More informationAttachment B Newtopia Wellness Program and Genetic Testing. The Health Risk Assessment also invites individuals to undergo genetic testing.
Attachment B Newtopia Wellness Program and Genetic Testing The Newtopia health risk assessment asks about individuals health status, history, and risk factors, including family history of obesity. The
More informationIRBManager Quick Start Guide INITIAL APPLICATION - OVERVIEW
Page 1 of 16 GENERAL INFORMATION IRBManager Quick Start Guide INITIAL APPLICATION - OVERVIEW Initial Application Types: The IRBManager initial application form (xform) is available for specific types of
More informationCompliance & HIPAA Annual Education
Compliance & HIPAA Annual Education 1 The purpose of this education is to UPDATE The purpose and of this education REFRESH is to UPDATE your and REFRESH understanding understanding of: of: Aultman s Compliance
More informationHMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING. Created By:
HMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING Created By: Overview The purpose of this presentation is to emphasize the importance of security when using HMIS. Client information
More informationENCRYPTED . Copyright UT Health 1
ENCRYPTED EMAIL The improper use or disclosure of sensitive information presents the risk of identity theft, invasion of privacy, and can cause harm and embarrassment to students, faculty, staff, patients,
More informationInstitutional Review Board. Application for Research Using Humans
Institutional Review Board 4500 Riverwalk Parkway Riverside, CA 92515 IRB Research Application Phone 951.785.2099 Fax 951.785.2918 www.lasierra.edu/spa/human-subjects Institutional Review Board Application
More informationHARMONY HAUS SOBER LIVING MEMBER APPLICATION HARMONY HAUS, LLC.
HARMONY HAUS SOBER LIVING MEMBER APPLICATION HARMONY HAUS, LLC. BACKGROUND CHECK INFORMATION FULL NAME: NICKNAME OR ALIAS: PHONE: EMAIL: MARITAL STATUS: DATE OF BIRTH: DL/ID# EXPIRATION DATE STATE ISSUED
More informationThe NIH Collaboratory Distributed Research Network: A Privacy Protecting Method for Sharing Research Data Sets
The NIH Collaboratory Distributed Research Network: A Privacy Protecting Method for Sharing Research Data Sets Jeffrey Brown, Lesley Curtis, and Rich Platt June 13, 2014 Previously The NIH Collaboratory:
More informationInside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.
Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 10 I. Policy The Health Information Technology for Economic and Clinical Health Act regulations ( HITECH ) amended the Health Information Portability and Accountability Act ( HIPAA ) to establish
More informationData Governance & Classification Policy A Data Classification and Data Types
Data Governance & Classification Policy 9.1.1.A Data Classification and Data Types Data Classification and Data Types The university utilizes various data types. Data types with similar levels of risk
More informationAn Employer s Guide to the
An Employer s Guide to the Click on the sections below to learn more. What is the SBC The Summary of Benefits and Coverage (SBC) establishes standards that group health plan sponsors and insurers must
More informationBeam Technologies Inc. Privacy Policy
Beam Technologies Inc. Privacy Policy Introduction Beam Technologies Inc., Beam Dental Insurance Services LLC, Beam Insurance Administrators LLC, Beam Perks LLC, and Beam Insurance Services LLC, (collectively,
More informationInformation Technology Standards
Information Technology Standards IT Standard Issued: 9/16/2009 Supersedes: New Standard Mobile Device Security Responsible Executive: HSC CIO Responsible Office: HSC IT Contact: For questions about this
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: Can serve as annual HIPAA training for physician practice
More informationCompanion Guide Benefit Enrollment and Maintenance 834
Companion Guide Benefit Enrollment and Maintenance 834 Private Exchanges X12N 834 (Version 5010) X12N 834 (Version 5010)Healthcare Services Review Benefit Enrollment and Maintenance Implementation Guide
More informationCYBERSECURITY IN THE POST ACUTE ARENA AGENDA
CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities
More informationIf this is your first time submitting a protocol for review, see FAQs for information to consider beforehand.
IRB CHART REVIEW System Requirements: FORM If using Windows, use Internet Explorer (IE) or Firefox as your browser. If using Macintosh, use Safari or Firefox as your browser. Your browser must be configured
More informationBest Practices. Contents. Meridian Technologies 5210 Belfort Rd, Suite 400 Jacksonville, FL Meridiantechnologies.net
Meridian Technologies 5210 Belfort Rd, Suite 400 Jacksonville, FL 32257 Meridiantechnologies.net Contents Overview... 2 A Word on Data Profiling... 2 Extract... 2 De- Identification... 3 PHI... 3 Subsets...
More informationFamily Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD
Family Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD The UAMS HIPAA Office Heather Schmiegelow, UAMS HIPAA Privacy Officer Stephen Cochran, UAMS Security Officer Sara Thompson, HIPAA
More informationRelayHealth Legal Notices
Page 1 of 7 RelayHealth Legal Notices PRIVACY POLICY Revised August 2010 This policy only applies to those RelayHealth services for which you also must accept RelayHealth s Terms of Use. RelayHealth respects
More informationProvider Portal User Guide. For the Provider Portal External Use
Provider Portal User Guide For the Provider Portal External Use IT Department Issued January 2017 mynexus 2017. All rights reserved. Version 1.4 Revised 07122017 Contents Getting Started with the Portal...
More informationAuthorization Agreement
Authorization Agreement For Electronic Health Care Claim Payment / Advice 835 Thank you for your interest in the Electronic Health Care Claim Payment/Advice (835), also known as Electronic Remittance Advice
More informationTIES Usage Policies. for University of Pittsburgh. Authors. University of Pittsburgh
TIES Usage Policies for University of Pittsburgh Authors University of Pittsburgh Girish Chavan, MS Elizabeth Legowski, BS Rebecca Crowley Jacobson, MD, MS Table of Contents A. DOCUMENT HISTORY... A-1
More informationPrivacy Shield Policy
Privacy Shield Policy Catalyst Repository Systems, Inc. (Catalyst) has adopted this Privacy Shield Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection. This
More informationReviewers Guide on Clinical Trials
Reviewers Guide on Clinical Trials Office of Research Integrity & Compliance Version 2 Updated: June 26, 2017 This document is meant to help board members conduct reviews for Full Board: Clinical Trial
More informationHIPAA For Assisted Living WALA iii
Table of Contents The Wisconsin Assisted Living Association... ix Mission... ix Vision... ix Values... ix Acknowledgments... ix Who Should Use This Manual... x How to Use This Manual... x Updates and Forms...
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationChange Healthcare CLAIMS Provider Information Form *This form is to ensure accuracy in updating the appropriate account
PAYER ID: SUBMITTER ID: 1 Provider Organization Practice/ Facility Name Change Healthcare CLAIMS Provider Information Form *This form is to ensure accuracy in updating the appropriate account Provider
More informationAuditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC
Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements
More informationicare s Provider Portal Guide
icare s Provider Portal Guide 2 CONTENTS New Provider Registration... 4 New Registration...5 Login Page 9 Sign In 9 Forget Your Password...10 Provider Home Page 12 Track Request 12 Contact Us.. 14 Provider
More informationCite: CTSA NIH Grant UL1- RR024982
PREREQUISITE FOR USE Review and approval of the project by the Institutional Review Board is required If colleting data for the purpose of human subject s research. Cite: CTSA NIH Grant UL1- RR024982 1
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Chmura Orthodontics ( Practice ) understands the important of keeping your personal information private. Personal information includes: your name, postal address, e-mail address,
More informationThe Relationship Between HIPAA Compliance and Business Associates
The Relationship Between HIPAA Compliance and Business Associates 1 HHS Wall of Shame 20% Involved Business Associates Based on HHS Breach Portal: Breaches Affecting 500 or More Individuals, Type of Breach
More informationEDI ENROLLMENT AGREEMENT INSTRUCTIONS
EDI ENROLLMENT AGREEMENT INSTRUCTIONS The Railroad EDI Enrollment Form (commonly referred to as the EDI Agreement) should be submitted when enrolling for electronic billing. It should be reviewed and signed
More informationHIPAA & Privacy Compliance Update
HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com
More informationWhat is a Dataset? Information Security and Privacy Office (ISPO) Risk Assessment Program August 2018 Version 1.1
What is a Dataset? Information Security and Privacy Office (ISPO) Risk Assessment Program August 2018 Version 1.1 Risk Assessments - Datasets Dataset Definition A dataset (or data set) is a collection
More informationAmerican Association of Nurse Anesthetists Membership Mailing List Rental Instructions Research Purposes Only
Instructions Research Purposes Only The makes lists available of member s names and addresses to researchers interested in mailing research surveys to AANA members. Membership mailing list rental is available
More informationAdmission Application: Intensive Residential Rehabilitation / Community Residence / Supportive Living COVER PAGE
COVER PAGE Please check which level of care to which the applicant is applying. Complete referral packages* should be faxed to (716) 362-0221 or scanned and emailed to intake@cazenoviarecovery.org. Thank
More informationVision Services Application Overview
The Georgia Lions Lighthouse is a 501(c)3 nonprofit. Our mission is to provide vision and hearing services through education, detection, prevention, and treatment. The services we provide are made possible
More informationCompanion Guide Institutional Billing 837I
Companion Guide Institutional Billing 837I Release 3 X12N 837 (Version 5010A2) Healthcare Claims Submission Implementation Guide Published December 2016 Revision History Date Release Appendix name/ loop
More informationIntroduction to. Sponsored by the Pediatric Research Office (PRO)
Introduction to Sponsored by the Pediatric Research Office (PRO) Agenda Overview of REDCap Basic project work flow Creating a project with REDCap Interactive demonstration Questions and Answers Overview
More informationOnCore Enterprise Research. Subject Administration Full Study
OnCore Enterprise Research Subject Administration Full Study Principal Investigator Clinical Research Coordinator June 2017 P a g e 1 This page is intentionally blank. P a g e 2 Table of Contents What
More informationHIPAA Privacy & Security Training. HIPAA The Health Insurance Portability and Accountability Act of 1996
HIPAA Privacy & Security Training HIPAA The Health Insurance Portability and Accountability Act of 1996 AMTA confidentiality requirements AMTA Professional Competencies 20. Documentation 20.7 Demonstrate
More informationANY INTERNET azcu2.atsusers.com The system works best with Internet Explorer or Firefox. azcu2.atsusers.com DO NOT azcu2.atsusers.
I. Introduction a. This system is what we use at ACU to collect and secure important medical and emergency contact information on our student-athletes. We utilize this system to keep track of emergency
More informationDefining Business Requirements
Defining Business Requirements GTC East September 2007 Lab Exercises This page intentionally left blank Lab Exercises Lab #1: New Report Requirement Lab #1: New Report Requirement Requirement Provided:
More informationPATIENT ACCESS REQUEST FOR MEDICAL RECORDS
PATIENT ACCESS REQUEST FOR MEDICAL RECORDS Patient s Legal Name: Telephone: ( ) Address: Date of Birth: As provided by the Health Insurance Portability and Accountability Act ( HIPAA ), I am requesting
More informationDetention/Hold Have the parents been notified? Yes - No By Whom Time: Officer/s Involved: Reason(s) for placement/offense: Person transporting:
Admission Form Date: PORT Group Homes Name: Last First Middle Date of birth Social Security number Admitted by order of : of on (Social Worker, Probation Officer, Judge) (County) (Date) Picture Taken:
More informationData Type and Format (Not all data elements require a format specification)
Individual Data Element Name (Term) Sub-element Name (Term) Data Element Description Data Type and Format (Not all data elements require a format specification) Data Element Requirement for Health Plan
More informationAgenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute
Health Law Institute Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More Brooke Bennett Aziere October 18, 2017 Agenda Enforcement Trends Phase 2 HIPAA Audits Upcoming Initiatives 1 Enforcement
More informationOnline Services for Employers User Guide. Mayo Clinic Health Solutions
Online Services for Employers User Guide Mayo Clinic Health Solutions Table of Contents 1.0 Registering and Signing In... 1 Registration... 1 User Definitions... 1 Signing In... 1 2.0 Enrollment... 3 3.0
More informationICD-10 Compliance Project November 2013 update
ICD-10 Compliance Project November 2013 update Presented by Hewlett-Packard Development Corporation, LP 1 November 2013 Topics ICD-10 news ICD-10 CMS news ICD-10 forms update ICD-10 APR-DRG update ICD-10
More informationElements of a Swift (and Effective) Response to a HIPAA Security Breach
Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information
More informationMaryland Health Care Commission
Special Review Maryland Health Care Commission Security Monitoring of Patient Information Maintained by the State-Designated Health Information Exchange September 2017 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT
More informationEdition. MONTEREY COUNTY BEHAVIORAL HEALTH MD User Guide
Edition 1 MONTEREY COUNTY BEHAVIORAL HEALTH MD User Guide i Table of Content OderConnect/InfoScriber Registration CH1 Pg.2 Sign In to MyAvatar CH2..Pg.10 Sync OrderConnect Password CH3.Pg.14 Client Look
More informationPRIVACY STATEMENT. Effective Date 11/01/17.
PRIVACY STATEMENT Effective Date 11/01/17. PREMIER Bankcard, LLC. [hereinafter referred to as our, us, or we ] is committed to advising you of the right to your privacy, and strives to provide a safe and
More informationRevision History. Document Version. Date Name Comments /26/2017 Training and Development Initial Creation
Pharmaceutical Assistance Contract for the Elderly (PACE)/ Pharmaceutical Assistance Contract for the Elderly Needs Enhancement Tier (PACENET)Web Provider Enrollment/Provider Management Corporate User
More information(Provide name and role/title as identified in the study protocol, (a backup data custodian is recommended but not required))
UHealth Research Data HSRO Security Assessment Version: 1.0 Study Number: Study Title: Date: Last Update/Review Date: Review Cycle: Annual Primary Data Custodian: (Provide name and role/title as identified
More informationPhysician Office Name Ambulatory EHR Security Risk Analysis
Process is in place to verify access granted is appropriate (ie: Role Based access indicates that the biller has access to billing screens and the nurse has access to the patient medical information).
More informationFEDERAL BUREAU OF PRISONS National Provider Identifiers Registry
1275884165 FEDERAL BUREAU OF PRISONS National Provider Identifiers Registry The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandated
More informationUNITED CAREGIVERS, INC. National Provider Identifiers Registry
1831400225 UNITED CAREGIVERS, INC. National Provider Identifiers Registry The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandated
More informationGeneral Social Survey (GSS) NORC
General Social Survey (GSS) NORC OBTAINING GSS SENSITIVE DATA FILES The GSS geographic identification code files are made available to researchers under special contract with NORC. The GSS takes its promise
More informationAmerican Academy of Audiology Responses to Questions from HIPAA Webinar
American Academy of Audiology Responses to Questions from HIPAA Webinar IMPORTANT: DISCLAIMER REGARDING THE USE OF THIS INFORMATION: THESE RESPONSES ARE NOT INTENDED AS, AND DO NOT CONSTITUTE, LEGAL OR
More informationOverview of the Multi-Payer Claims Database (MPCD)
Overview of the Multi-Payer Claims Database (MPCD) Genesis of the MPCD The MPCD project is one of a number of initiatives related to comparative effectiveness research (CER) funded by the American Recovery
More informationAnnenberg Public Policy Center Sensitive National Annenberg Election Survey Data 1 Access: Application
Annenberg Public Policy Center Sensitive National Annenberg Election Survey Data 1 Access: Application The Investigator 2 must complete this application to request access to Sensitive NAES Data Set from
More informationInformation Classification & Protection Policy
University of Scranton Information Technology Policy Information Classification & Protection Policy Executive Sponsor: AVP Information Resources Responsible Office: Information Security Originally Issued:
More informationHIPAA Privacy and Security Training Program
Note The following HIPAA training is intended for Vendors, Business Associates, Students, Pre Approved Shadowers, and Visitors. The following training module does not provide credit for annual training
More informationMobile security: Tips and tricks for securing your iphone, Android and other mobile devices
Mobile security: Tips and tricks for securing your iphone, Android and other mobile devices Presented by Michael Harris [MS, CISSP, WAPT] Systems Security Analyst University of Missouri Overview What data
More informationWASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information
WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7 Appropriate Methods of Communicating Protected Health Information Statement of Policy Washington University and its member organizations (collectively, Washington
More informationIRBManager Quick Start Guide AMENDMENT SUBMISSION - CHANGE IN PERSONNEL
Page 1 of 12 IRBManager Quick Start Guide AMENDMENT SUBMISSION - CHANGE IN PERSONNEL NOTE: This Quick Start Guide provides instructions for removing and/or adding personnel, other than the Principal Investigator,
More informationMedical Office Workflow
Medical Office Workflow WE RE READY TO HELP! For customer support, please call us at 1-800-222-9570 or visit our online technical support center at evolvesupport.elsevier.com to access self-service options
More informationCompleting & Submitted the IRB Approval of Human Subjects Form
Completing & Submitted the IRB Approval of Human Subjects Form All areas of the form should be completed. Once completed it must be submitted to the IRB by sending it to the EU IRB Chairperson. The following
More informationHIPAA Tips and Advice for Your. Medical Practice
HIPAA Tips and Advice for Your Ericka L. Adler Medical Practice Rachel V. Rose WHY Header HIPAA PATIENT and Medical PORTALS? Practices HIPAA Basics Who is a covered entity? What is PHI? When can you disclose
More informationApplying E-Consent to Studies. Presenters: Haemar Kin, MHA, Melissa Scotti, PhD, Lara Lechtenberg, MPH
Applying E-Consent to Studies Presenters: Haemar Kin, MHA, Melissa Scotti, PhD, Lara Lechtenberg, MPH 1 CME Disclosure Statement Northwell Health adheres to the ACCME s new Standards for Commercial Support.
More informationPrivacy Impact Assessment (PIA) Tool
Privacy Impact Assessment (PIA) Tool 1 GENERAL Name of Public Body: PIA Drafter: Email/Contact: Program Manager: Email/Contact: Date (YYYY-MM-DD) In the following questions, delete the descriptive text
More informationHIPAA & RESEARCH DATA SECURITY FOR BU RESEARCHERS CHARLES RIVER CAMPUS. November 14, 2017
HIPAA & RESEARCH DATA SECURITY FOR BU RESEARCHERS CHARLES RIVER CAMPUS November 14, 2017 This Training Will Cover- How HIPAA impacts human subject research What researchers need to do to protect health
More informationNJ MEMORY AND BEHAVIORAL CARE National Provider Identifiers Registry
1538499181 NJ MEMORY AND BEHAVIORAL CARE The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandated the adoption of standard unique
More information(10/17) PATIENT GUIDE
(10/17) PATIENT GUIDE Welcome to Parkview MyChart! mychart.parkview.com Welcome to your one story of care. As a patient of Parkview, you now have access to your health information from the convenience
More informationTEXAS MEDICARE (TRAILBLAZERS) CHANGE FORM MR085
TEXAS MEDICARE (TRAILBLAZERS) CHANGE FORM MR085 HOW LONG DOES PRE-ENROLLMENT TAKE? Standard processing time is 20 days WHAT PROVIDER NUMBERS DO I USE? Six digit Medicare legacy provider ID NPI Number WHAT
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationEPIC HEALTH SERVICES, INC. National Provider Identifiers Registry
1528227147 EPIC HEALTH SERVICES, INC. The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandated the adoption of standard unique identifiers
More informationPrivacy and Security for the Medical Student. HIPAA Compliance Audit and Compliance Services Mount Sinai Health System
Privacy and Security for the Medical Student HIPAA Compliance Audit and Compliance Services Mount Sinai Health System Table of Contents 1. Confidential and Protected Information 2. Access, Use, Disclosure
More informationHealth Analytic Group. Research Data Management
Health Analytic Group Research Data Management Objectives Specify several different appropriate data sources Describe and appreciate limitations of data sources Timing Workflow process Completeness Accuracy
More information