The following terms are used in this policy.
Term |
Definition |
PHI |
Protected Health Information |
The Research Foundation of SUNY (RF) authorizes only those individuals who administer health insurance plans access and use of health information to the minimal extent necessary to accomplish their jobs. Health information is strictly confidential and should never be disclosed, nor confirmed to anyone who is not specifically authorized under the RF's policies or applicable law to receive the information.
Failure to adhere to state and federal law or Research Foundation policies and procedures regarding the confidentiality of protected information will be considered a breach of confidentiality and will result in the imposition of appropriate disciplinary actions.
Each member of the Research Foundation's affected workforce (those performing tasks authorized under Statement of Policy above) will be expected to review and sign a confidentiality agreement. This should occur upon hire/affiliation or assignment to authorized tasks. This signed statement will be maintained in the appropriate employee personnel file or, in the case of a workforce member who is not a Research Foundation employee, the file that is maintained for that individual.
Any and all breaches of confidentiality should be reported to the area/department supervisor. Failure to report a breach will be considered a violation of this policy. Investigation of a suspected breach of confidentiality should be done in concert with the institution's privacy official or his/her designee, in accordance with the policy on Disciplinary Action Regarding a Breach of Confidentiality of Protected Health Information (PHI).
The Research Foundation is responsible for providing job appropriate training to its workforce regarding:
Training material for the RF workforce will be available on the RF Training page.
The Research Foundation of SUNY (RF) is committed to protecting the privacy and confidentiality of health information of the population it serves.
This policy identifies the following responsibilities as assigned to those cited below.
Role |
Department/Unit |
Contact Information |
Comply with |
|
n/a |
Access and use of health information |
Individuals who administer health insurance plans |
n/a |
Policy Authorization |
Office of Administration and Human Resources |
(518) 434-7080 |
Below are related resources to carry out the policy or that provides other relevant information or instructions.
Resources |
Disciplinary Action Regarding a Breach of Confidentiality of Protected Health Information (PHI) |
Date |
Change History |
December 31, 2009 |
Repair Policy on Disciplinary Action Regarding a Breach of Confidentiality of protected Health Information (PHI) link. |
September 27, 2004 |
Revised Statement of Policy section to remove "Individuals who administer research projects with human subjects" as authorized to access health information. |
March 31, 2003 |
New Document |
Effective Date: April 1, 2003
Responsible Party: Office of Administration and Human Resources
Contact Information: (518) 434-7080
Feedback
Was this document clear and easy to follow? Please send your feedback to webfeedback@rfsuny.org.
Copyright © 2012 The Research Foundation for The State University of New York