University Policies

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Raghu, Rachana

Saved on

compared with

New Version 7

changes.mady.by.user Alburger, Katherine A

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


ROWAN UNIVERSITY POLICY

 


Title: Protected Health Information: Destruction and Disposal
Subject: Office of Compliance & Corporate Integrity (OCCI)
Policy No: OCCI:2013:P11
Applies:

...

 RowanSOM
Issuing Authority: President
Responsible Officer: 

...

Chief Audit, Compliance & Privacy Officer

...

; Director of Information Security

...


Date Adopted:

...

07/

...

01/

...

2013

...

Last Revision:

...

03/

...

27/

...

2020
Last Reviewed:

...

 03/

...

27/

...

2020

I.    PURPOSE

To establish a policy that ensures compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) i , Health . Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 ii and Omnibus Privacy Final Rule of 2013 iii in 2013 in the destruction and disposal of documentation containing Protected Health Information (PHI).

II.   ACCOUNTABILITY

Under the direction of the President, the Sr. Vice President for Healthcare, Sr. Vice President and CIO, General Counsel, Dean, Associate Deans, Department Chairs, Chief Compliance & Privacy Officer, Vice President for Research, Executive Director, and the Information Security Officer shall implement and ensure compliance with this policy.

III.  APPLICABILITY

This policy shall apply to health information that is generated during provisions of health care to patients in any of the RowanSOM patient care units, patient care centers or faculty practices as well as Human Subjects research under the auspices of RowanSOM or by any of its agents in all RowanSOM Schools, Units, Departments and RowanSOM owned or operated facilities.

IV.  DEFINITIONS

“Protected Health Information (PHI)” - Protected health information means individually identifiable health information that relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual or the past, present or future payment for the provision of health care to an individual and identifies or could reasonably be used to identify the individual. The PHI of an individual patient, who has been deceased for more than 50 years, is no longer protected [164.502(f)].

  1. Except as provided in paragraph two (2) of this definition that is:
    1. transmitted by electronic media;
    2. maintained in electronic media; or
    3. transmitted or maintained in any other form or medium
  2. Protected health information excludes individually identifiable health information in:
    1. Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g iv ;
    2. Records described at 20 U.S.C. 1232g(a)(4)(B)(iv) v ; and
    3. Employment records held by a covered entity in its role as employer.

V.

...

   REFERENCES

A. 45 CFR, 160, Code of Federal Regulations, Title 45, Part 160, Subpart C, General Administrative Requirements, Compliance and Enforcement vi .
B. 45 CFR, 164.514(e), Code of Federal Regulations, Title 45, Part 164, Subpart E, Security and Privacy,
Privacy of Individually Identifiable Health Information vii .
C. 45 CFR, 164.530, Code of Federal Regulation, Security and Privacy, Administrative Requirements viii .
D. Records Management Policy ix .
E. Uses and Disclosures of Health Information With and Without an Authorization Policy x .

VI. POLICY

RowanSOM Departments and RowanSOM owned or operated facilities shall appropriately protect the privacy of health information that can identify an individual in compliance with federal and state law. RowanSOM will act responsibly in the maintenance, retention and eventual destruction and disposal of all material containing PHI, which includes PHI on fax and copier machine hard drives. The destruction and disposal of PHI will be carried out in accordance with HIPAA regulations and RowanSOM policy. All PHI will be destroyed in a manner in which it cannot be recovered or reconstructed. Medical records will be maintained and destroyed in accordance with the RowanSOM policy, Records Management.

VII. ATTACHMENTS

A. Attachment 1 - Procedures for the Destruction/Disposal of All Protected Health Information (PHI)
B. Attachment 2 - Hyperlinks

...



By Direction of the President:

Signature on file
_______________________________________________
RowanSOM Chief Audit Compliance & Privacy Officer 


ATTACHMENT 1
PROCEDURES FOR THE DESTRUCTION/DISPOSAL OF ALL PROTECTED HEALTH INFORMATION (PHI)

...

Anchor
x
x
 x Uses and Disclosures of Health Information With and Without an Authorization Policy