Policies & Procedures
P&P Home

Institutional Handbook of Operating Procedures (IHOP)

Table of Contents
Official Governance
General Administrative
Employee Related
Fiscal Related
Faculty Related
Compliance Related
Student Policies
Health, Safety and Security


About IHOP
Description of the IHOP Process
Committee Members
Goals of the IHOP Committee
Process Diagram


Policy Guidelines
Policy Definitions
Policy Template
Violation of Policy Paragraph
Understanding the CMS

Other Policies and Procedures

Departmental
Healthcare Epidemiology Policies

UTMB HANDBOOK OF OPERATING PROCEDURES

Section 6 Compliance Policies

Subject 6.2 Privacy

Policy 6.2.37 Reporting and Investigating Allegations of Privacy Violations

04/11/03 - Originated

10/08/07 - Reviewed w changes

- Reviewed w/o changes

Compliance Office - Author

Reporting and Investigating Allegations of Privacy Violations

Definitions

Disclosure means the release, transfer, provision of access to, or divulgence in any other manner, of information to any organization external to UTMB.

Use means, with respect to individually identifiable health information, the sharing, employment, application, utilization, examination, or analysis of such information within UTMB.

Policy

UTMB, in an effort to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), maintains that patient information must be kept private and confidential.

Any individual who believes the rights granted by the HIPAA privacy regulations or any other state or federal laws dealing with privacy and confidentiality have been violated may file a complaint regarding the alleged privacy violation.

All supervisors are responsible for enforcing this policy. Individuals who violate this policy will be subject to the appropriate and applicable disciplinary process, up to and including termination or dismissal.

Violation of this policy may result in disciplinary action up to and including termination for employees; a termination of employment relationship in the case of contractors or consultants; or suspension or expulsion in the case of a student. Additionally, individuals may be subject to loss of access privileges and civil and/or criminal prosecution.

Filing a Complaint With Institutional Privacy Office

Any privacy related complaint made by a patient, faculty member, employee, student, or volunteer at anytime must be forwarded to the Privacy Officer (PO) or to the Institutional Privacy Office (IPO), which is an office within the Institutional Compliance Program. Complaints may also be made anonymously by calling the Fraud, Abuse and Privacy Hotline (1-800-898-7679).

Procedure for Filing a Complaint

In addition to filing a complaint with the PO or IPO, individuals who believe a UTMB department, clinic or employee may have violated HIPAA privacy standards may file a complaint with the Department of Health and Human Services. The use and disclosure of PHI is permitted in this case.

Investigation of Complaints

Any privacy complaint made against UTMB shall be reported and investigated as described below.

If the complaint is made to the PO/IPO…

If the complaint is made to UTMB by HHS…

1) The PO may contact both Patient Services and the Information Security Officer (ISO) to aid in the investigation of the alleged patient privacy violations. In addition, Patient Services may be requested to assist in investigations regarding complaints made by patients, employees or other individuals.

2) In situations involving students, the PO shall notify the Student Affairs Officer of the investigation.

Simultaneously, the PO will request an investigation be undertaken by the ISO of any applicable information technology systems to determine if a breach of privacy has occurred whether the complaint is made by a patient, faculty member, employee, or student.

    Requests from HHS regarding an investigation by HHS must be forwarded to the UTMB Compliance Office which will coordinate UTMB’s assistance to HHS by:

    • Collecting and submitting all UTMB compliance records

    • Ensuring HHS access during normal

    business hours or, if HHS determines that serous circumstances exist, at any time and without notice, to UTMB facilities, books, records or other requested items

    • Assisting HHS with obtaining obtaining information that is in the exclusive possession of another entity, or the entity fails or refuses to furnish the information, certifying the efforts it made to obtain such information].

    Note: In cases involving UTMB-TDCJ offender patients, UTMB-TDCJ Hospital Administration will investigate privacy violations as requested by the PO.

Reference

45 C.F.R. §164.502(a)(2)(ii)

45 C.F.R. §160 Subpart C

Texas Health & Safety Code §181.103

     

UTMB | Search | Directories | Toolbox | News | Employment | Sitemap 
UT System | Reports to the State | Compact With Texans | Statewide Search
 
 This site published by Ruth Finkelstein for the Policies & Procedures Website.
Copyright © 2005 The University of Texas Medical Branch. Please review our Privacy Policy and Internet Guidelines.