|
|
 |
|
UTMB HANDBOOK OF OPERATING PROCEDURES
|
Section 6 Compliance Policies
Subject 6.2 Privacy Related
Policy 6.2.15 Use of Notice of Privacy Practices of PHI
|
04/11/03 -Originated
10/08/07 - Reviewed w/changes
Compliance Office - Author
|
Use of Notice of Privacy Practices of PHI
Definitions
|
Protected Health Information (PHI): Individually identifiable health information transmitted or maintained in any form or medium, including oral, written, and electronic.
Treatment, Payment, and health care Operations (TPO): Three core functions of providing health care to patients. Treatment involves the administering, coordinating and management of health care services by UTMB for its patients. Payment includes any activities undertaken either by UTMB or a third party to obtain premiums, determine or fulfill its responsibility for coverage and the provision of benefits or to obtain or provide reimbursement for the provision of health care. Health care Operations are activities related to UTMB’s functions as a health care provider, including general administrative and business functions necessary for UTMB to remain a viable health care provider. For a more detailed definitions of TPO, see IHOP Policy 6.2.0, General Uses and Disclosures.
Prisoner/Offender: a person incarcerated in or otherwise confined to a correctional institution or other persons held in lawful custody.
|
Policy
|
UTMB, in an effort to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), maintains that patient information must be kept private and confidential.
An individual has a right to adequate notice of the uses and dis-closures of PHI that may be made by UTMB, and of the individual’s rights and UTMB’s responsibilities with respect to PHI. UTMB is required to provide a notice of privacy practices document to all patients, as well as other individuals requesting a copy. Those persons who register or admit patients will be responsible for distributing a copy of the notice to all patients. UTMB is bound to adhere to the privacy practices outlined within its notice.
Violation of this policy may result in disciplinary action up to and including termination for employees; a termination of employment relationship in the case of contractors or consultants; or suspension or expulsion in the case of a student. Additionally, individuals may be subject to loss of access privileges and civil and/or criminal prosecution.
|
Requirement
|
UTMB must:
1. Provide the notice no later than the date of the first service delivery, including service delivered electronically (e.g. Telemedicine) to such individual.
2. Make a good faith effort to obtain an initial written acknowledgement of the receipt of notice from the patient and document the receipt of the Notice of Privacy Practices Acknowledgement Form in Patient Index System (PIDX).
(English version and Spanish version):
3. Have the notice available at the service delivery site for individuals to take with them;
4. Post the notice in a clear and prominent location where it is reasonable to expect individuals seeking service from UTMB to be able to read the notice; and
5. Whenever the notice is revised, make the notice available upon request on or after the effective date of the revision.
|
Exceptions
|
Emergency Treatment: If UTMB is treating a patient during an emergency situation, UTMB does not have to provide a notice at the time of first service delivery. Instead, UTMB may notice and obtain the written acknowledgement at the first time it is practical to contact the patient.
Prisoners: A prisoner receiving medical attention from UTMB does not have a right to receive a copy of the notice of privacy practices. However, UTMB must protect prisoners’ PHI.
|
Content of Notice
|
1. UTMB will provide an updated electronic version of the notice of privacy practices on its website.
2. UTMB may provide the notice to an individual by e-mail. If UTMB knows that the e-mail transmission has failed, a paper copy of the notice must be provided to the individual.
3. Provision of electronic notice by UTMB will satisfy the provision requirements if receipt of the notice by the individual is documented.
4. The individual who is the recipient of electronic notice retains the right to obtain a paper copy of the notice from UTMB upon request.
|
Content of
Notice, continued
|
UTMB must document compliance with the notice requirements by retaining copies of the notices issued by UTMB and, if applicable, any written acknowledgement of the receipt of the notice or documentation of any good faith effort to obtain such written acknowledgment.
Those persons who register or admit patients will be responsible for distributing the notice to all patients and documenting the receipt of the Notice of Privacy Practices Acknowledgement Form in Patient Index System (PIDX). UTMB must also keep the original Notice of Privacy Practices Acknowledgement Form in the official medical record. If a written acknowledgement was not obtained from the patient, UTMB must document the reason for the failure to obtain the written acknowledgement on the Notice of Privacy Practices Acknowledgement Form. For example, failure may be that the patient refused to sign after being requested to do so.
|
|
Revisions to Notice
|
UTMB must promptly revise and make available its notice whenever there is a material change to the HIPAA Privacy Regulations. Material changes are changes to how UTMB can use or disclose PHI, changes to the individual’s rights, changes to UTMB’s legal duties, or other changes that effect the privacy practices stated in the notice. Except when required by law, a material change to any term of the notice may not be implemented prior to the effective date of the notice in which such material change is reflected.
|
|
References
|
45 C.F.R. §164.520
|
|
|
