ROWAN UNIVERSITY POLICY
Title: Fax Machine Transmittal of Confidential, Sensitive or Protected Health Information (PHI)
Subject: Office of Compliance & Corporate Integrity (OCCI)
Policy No: OCCI: 2013: P13
Applies: RowanSOM
Issuing Authority: Rowan President & RowanSOM Dean
Responsible Authority: RowanSOM Chief Compliance and Privacy Officer & RowanSOM Chief Information Officer
Adopted: Jan 23, 2003
Reviewed: Oct 24, 2011
Amended: July 1, 2013
Last Reviewed: Jan 6, 2014
I. PURPOSE
To ensure Rowan University's School of Osteopathic Medicine (RowanSOM) compliance with the Health Information Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 and Omnibus Privacy Final Rule of 2013 and the Standards for Privacy of Individually Identifiable Health Information and to safeguard confidential, sensitive and Protected Health Information (PHI) and other information protected by State or Federal regulations and RowanSOM policy that are transmitted by facsimile (fax).
II. ACCOUNTABILITY
Under the direction of the President, the Dean, General Counsel, Chief Information Officer and Chief Compliance and Privacy Officer shall ensure compliance with this policy. The Dean, President and Vice Presidents shall implement this policy.
III. APPLICABILITY
This policy shall apply to all confidential, sensitive or PHI protected from general access by State or Federal regulations and RowanSOM policy. Confidential and sensitive information includes patient, student, employee health, personnel records, financial data and communications pertaining to such. Health information that is generated during provisions of health care to patients in any of RowanSOM's patient care units, patient care centers or faculty practices, as well as Human Subjects research under the auspices of RowanSOM or by any of its agents in all RowanSOM schools, units, departments and RowanSOM owned or operated facilities.
IV. DEFINITIONS
"Protected Health Information (PHI)" - Protected health information means individually identifiable health information that relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual or the past, present or future payment for the provision of health care to an individual and identifies or could reasonably be used to identify the individual, as defined by law. PHI of individual patient who have been deceased for more than 50 years, will not be protected 164.502(f).
V. REFERENCES
A. 45 CFR, 160, Code of Federal Regulations, Title 45, Part 160, Subpart C, General Administrative Requirements, Compliance and Enforcement
B. 45 CFR, 164.514(e), Code of Federal Regulations, Title 45, Part 164, Subpart E, Security and Privacy, Privacy of Individually Identifiable Health Information
C. 45 CFR, 164.530, Code of Federal Regulation, Security and Privacy, Administrative Requirements
D. 45 CFR 164.524, Title 45, Code of Federal Regulations, Part 164, Section 524, Security and Privacy, Access of Individuals to Protected Health Information
E. Privacy Act, 5 U.S.C. 552a
F. Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009
G. Omnibus Privacy Final Rule of 2013
H. Standards for Privacy of Individually Identifiable Health Information Policy
I. Access of Individuals to Protected Health Information Policy
J. Uses and Disclosures of Health Information With and Without an Authorization Policy
K. Accounting of Disclosures of Health Information Policy
L. Protected Health Information Breach Notification Policy
VI. POLICY
A. RowanSOM is committed to safeguarding PHI and other protected information in order to fulfill its mission to patients and to operate in a manner that is consistent with applicable Federal and State laws and regulations. Consequently, RowanSOM will exercise special care regarding the location and operation of fax machines. Fax and copier machines are not usually considered storage devices, but have large memory hard drives and can store PHI and must be properly protected and secured. Appropriate safeguards would include monitoring or restricting access to these devices and hard drives should be sterilized of PHI before they are "turned in" or sold. All CE and BA, including "downline" subcontractors should protect these devices as PHI.
B. Due care should be exercised when faxing PHI and other protected information. In addition, the faxing of sensitive protected health information, such as dealing with mental health, chemical dependency, sexually transmitted diseases, HIV or other highly personal information, should be avoided whenever possible.
C. Any incidents where incoming or outgoing faxes have compromised a patient's right to privacy shall be immediately reported to the Privacy Officer for the Office of Compliance and Corporate Integrity.
D. Requirements:
E. Receiving Faxes:
Employees who are intended recipients of faxes that contain PHI will take reasonable steps to minimize the possibility those faxes are viewed or received by someone else. These "reasonable steps" include, but are not limited to, the following:
VI. SANCTIONS FOR NON-COMPLIANCE
RowanSOM will apply appropriate sanctions against any member of the workforce who fails to comply with RowanSOM privacy policies and procedures. The Dean, and President, with the assistance of the Department of Human Resources, will enforce the sanctions appropriately and consistently. RowanSOM will document all sanctions that are applied.
VII. RETALIATION/WAIVER
RowanSOM may not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual for the exercise by the individual of any privacy right. RowanSOM may not require individuals to waive their privacy rights as a condition of the provision of treatment, payment, enrollment in a health plan, or eligibility for benefits.
VIII. ATTACHMENTS
A. ATTACHMENT 1: CONFIDENTIAL FAX COVER SHEET
By Direction of the President:
Signature on File
__________________________________________
Rowan SOM Chief Compliance and Privacy Officer
Signature on File
_________________________________________
RowanSOM Chief Information Officer
ATTACHMENT 1
CONFIDENTIAL FAX COVER SHEET
Revised PHI DESTRUCTION and DISPOSAL POLICY 2013 > worddavafe051e00c4ef838a276b663ed8c0708.png" height="113" width="477" src="https://confluence.rowan.edu/download/attachments/52298910/worddavafe051e00c4ef838a276b663ed8c0708.png?version=1&modificationDate=1420577257954&api=v2" data-image-src="/download/attachments/52298910/worddavafe051e00c4ef838a276b663ed8c0708.png?version=1&modificationDate=1420577257954&api=v2" data-linked-resource-id="52789401" data-linked-resource-type="attachment" data-linked-resource-default-alias="worddavafe051e00c4ef838a276b663ed8c0708.png" data-base-url="https://confluence.rowan.edu" data-linked-resource-container-id="52298910" data-location="University Policies > Revised PHI DESTRUCTION and DISPOSAL POLICY 2013 > worddavafe051e00c4ef838a276b663ed8c0708.png" data-mce-src="https://confluence.rowan.edu/download/attachments/52298910/worddavafe051e00c4ef838a276b663ed8c0708.png?version=1&modificationDate=1420577257954&api=v2">
To: From:
Location: Location:
Date Sent: Fax Number:
Time Sent: Phone Number:
Fax Number: Number of Pages (including cover):
Phone Number:
? Urgent ? For Review ? As Requested ? Please Reply ? Please Comment
Comments:
"Confidential Protected Health and Other Information Enclosed"
Protected Health Information is personal and sensitive information related to a person's health care. The other protected information may include information protected by State or Federal regulations and University policy. You, the recipient, are obligated to maintain it in a safe, secure and confidential manner. Re-disclosure without additional patient consent or as permitted by law is prohibited. Unauthorized re-disclosure or failure to maintain confidentiality could subject you to penalties described in federal and state law.
IMPORTANT WARNING: This message is intended for the use of the person or entity to which it is addressed and may contain information that is privileged and confidential, the disclosure of which is governed by applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this information is STRICTLY PROHIBITED. If you have received this message in error, please notify the sender immediately and arrange for the return or destruction of these documents.
|