SEHD Wiki

A source for policies, procedures, handbooks and other resources from the School of Education and Human Development

User Tools

Site Tools

You are here: Welcome to the SEHD Wiki! » SEHD Policies and Procedures » Data Privacy Policies » Privacy and Security Policies and Procedures
policy:data_privacy:privacy_and_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
policy:data_privacy:privacy_and_security [2019/03/29 20:05] – [Privacy and Security Policies and Procedures] tonyromeropolicy:data_privacy:privacy_and_security [2019/05/20 17:22] (current) – old revision restored (2019/03/29 20:05) tonyromero
Line 1: Line 1:
 ====== Privacy and Security Policies and Procedures ====== ====== Privacy and Security Policies and Procedures ======
  
 +  - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
  
 ===== Overview ===== ===== Overview =====
Line 36: Line 37:
 This security policy outlines minimum standards for ensuring the confidentiality, integrity, and availability of electronic protected health information (ePHI) received, maintained or transmitted by all UNIVERSITY HIPAA Covered Components (outlined in APS #5055 – HIPAA Hybrid Entity Designation), as well as other offices which support these entities (listed below as "Support Services"). Covered Components shall meet or exceed these standards by implementing the necessary administrative, physical and technical safeguards as appropriate based on their assessments of risk. Compliance with these standards by the offices which support the Covered Components is limited to their activities that directly involve creation or receipt of ePHI in support of Covered Components and not activities related to services provided to non-covered areas of the university This security policy outlines minimum standards for ensuring the confidentiality, integrity, and availability of electronic protected health information (ePHI) received, maintained or transmitted by all UNIVERSITY HIPAA Covered Components (outlined in APS #5055 – HIPAA Hybrid Entity Designation), as well as other offices which support these entities (listed below as "Support Services"). Covered Components shall meet or exceed these standards by implementing the necessary administrative, physical and technical safeguards as appropriate based on their assessments of risk. Compliance with these standards by the offices which support the Covered Components is limited to their activities that directly involve creation or receipt of ePHI in support of Covered Components and not activities related to services provided to non-covered areas of the university
  
-=== Applicability of the  UCD Security Management HIPPA policy ===+=== Applicability of the UCD Security Management HIPPA policy ===
  
 While application of this policy to any sensitive data is considered "best practice" and should be considered by all areas of the UNIVERSITY when storing or transmitting such information, it is only mandated for those areas the UNIVERSITY has designated as HIPAA "Covered Health Care Components" (Covered Components). In addition to the Covered Components, offices that support such covered activities carried out by the Covered Components must also do so according to this policy. Certain data is specifically excluded from coverage under HIPAA, most importantly: (1) student records, except for student patient data (Family Educational Rights and Privacy Act (FERPA)) ; (2) employment records, except for health benefits records; and (3) information "de-identified" under HIPAA standards. While application of this policy to any sensitive data is considered "best practice" and should be considered by all areas of the UNIVERSITY when storing or transmitting such information, it is only mandated for those areas the UNIVERSITY has designated as HIPAA "Covered Health Care Components" (Covered Components). In addition to the Covered Components, offices that support such covered activities carried out by the Covered Components must also do so according to this policy. Certain data is specifically excluded from coverage under HIPAA, most importantly: (1) student records, except for student patient data (Family Educational Rights and Privacy Act (FERPA)) ; (2) employment records, except for health benefits records; and (3) information "de-identified" under HIPAA standards.
  
  
policy/data_privacy/privacy_and_security.1553889924.txt.gz · Last modified: 2019/03/29 20:05 by tonyromero