KUMC Use of and Safeguards for Protected Health Information by The University of Kansas Medical Center (KUMC) Internal Business Support
The purpose of this document is to outline the permitted uses and disclosures of, and the required safeguards for, protected health information held by KUMC personnel providing business support functions to other units within the Health Care Component.
KUMC personnel providing business support functions to other units within the Health Care Component.
KUMC is committed to protecting the privacy and security of individually identifiable health information obtained in the course of providing clinical care, in accordance with the HIPAA Privacy Rule and the HITECH regulations. KUMC has designated certain units of campus that function in whole or in part as health care providers as its Health Care Component under HIPAA. KUMC has also designated certain entities as Affiliated Covered Entities.
Certain other individuals or units of campus provide business support functions for or on behalf of the health care units within the Health Care Component or Affiliated Covered Entities (“Internal Business Support Persons”). These individuals or units are part of the Health Care Component when providing those support services. All units included within the Health Care Component, including those providing business support functions, must comply with the relevant requirements of the HIPAA Privacy Rule.
Members of the university community who are found to have violated this policy, are subject to disciplinary actions appropriate to their status as faculty, staff, student employees, or students.
KUMC Privacy Official 913-588-0940
Disclosure: The release, transfer, provision of access to, or divulging in any manner of PHI by an individual within the HCC or ACE with a person or entity outside the HCC or ACE.
HITECH: The Heath Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009, to promote the adoption and meaningful use of health information technology.
Internal Business Support Personnel: An individual or unit of the KUMC campus that provides business support functions involving PHI for other campus units that function as health care providers, both of which have been designated as part of the KUMC HCC or that provides business support functions involving PHI for an ACE.
KUMC Affiliated Covered Entity (“KUMC ACE”): Legally separated covered entities under common ownership or control and designate themselves as a single covered entity for purposes of complying with HIPAA.
KUMC Health Care Component (“KUMC HCC”): Those units of KUMC that have been designated by part of its health care component under HIPAA.
Unit: A unit of the KUMC campus that has been designated as part of the KUMC Health Care Component.
Protected Health Information (“PHI”): Health information that is “individually identifiable” and is transmitted or maintained in any form or medium, including electronic, paper and oral.
Use: The sharing, employment, application, utilization, examination, or analysis of PHI by an individual within the KUMC HCC or the KUMC ACE
05/06/2016: Removed Date Last Reviewed