University Policies

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Raghu, Rachana

Saved on

compared with

New Version 4

changes.mady.by.user Raghu, Rachana

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

ROWAN UNIVERSITY POLICY

Title: Accounting of Disclosures of Health Information
Subject: Office of Compliance & Corporate Integrity (OCCI)
Policy No: OCCI 2013: P01
Applies: RowanSOM
Issuing Authority: Rowan President & RowanSOM Dean
Responsible Authority: RowanSOM Chief Compliance and Privacy Officer
Adopted: 1/27/2003
Last Revision: 7/1/2013
Reviewed:

...

02/

...

17/2014

I. PURPOSE

To establish a policy and procedure to ensure Rowan University's School of Osteopathic Medicine (RowanSOM) compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and the Omnibus Privacy Final Rule of 2013 in providing an individual the right to receive an accounting of disclosures of his/her Protected Health Information (PHI), made by RowanSOM and/or its covered entities.

II. ACCOUNTABILITY

Under the direction of the President, the Dean, Executive Vice President of Administration and Strategic Planning and Chief Compliance and Privacy Officer, and Vice President for Research shall ensure compliance with this policy.

III. APPLICABILITY

This policy shall apply to health information that is generated during provisions of health care to patients in any of the University's patient care units, patient care centers or faculty practices as well as Human Subjects research under the auspices of the University or by any of its agents in all RowanSOM Schools, Units, Departments and University owned or operated facilities.

...

IV. DEFINITIONS

"Protected Health Information (PHI)" - Protected health information means individually identifiable health information that relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual or the past, present or future payment for the provision of health care to an individual and identifies or could reasonably be used to identify the individual. If a patient has been deceased for more than fifty (50) years, the PHI is no longer considered protected. This does not a record retention requirement and covered entities may destroy medical records according to the State or other applicable laws. When individually identifiable health information is created, received, maintained or transmitted by a Business Associate and tied to a covered entity is considered PHI.

...