POLICY: CONFIDENTIALITY
POLICY NUMBER: HR-50
Effective Date: July 2002
Revisions: July 2006, June 2002
Responsible Officer: Senior Vice President of Human Resources
PURPOSE:
This policy was established to protect employees, medical staff, faculty members, students and patients against a breach of privacy and/or confidentiality.
I. POLICY:
The University protects the legal rights of employees, medical staff, faculty members, students and patients, against breach of confidentiality. Such information includes personnel and/or medical record data, salary and benefits information, peer review information, and other confidential statements and/or materials. Unauthorized accessing of medical records or other records (whether computerized or manual), divulging confidential information regarding a patient, medical staff member, faculty member, employee or student to an unauthorized third party, using confidential information for personal use, and/or inappropriately removing confidential information from organization premises are strictly prohibited and may result in disciplinary action, up to and including immediate termination. This policy is designed to limit exposure to allegations of breach of privacy and breach of the employees’ duty of confidentiality, as well as to protect against compromising patient care and the University’s reputation.
II. ELIGIBILITY:
This policy applies to all University faculty, employees, students and volunteers in any action undertaken in the name of, for the benefit of, or as part of their activity relative to the University.
III. GUIDELINES:
A. A healthcare organization’s duty to safeguard confidential information arises out of the privacy rights of patients, employees, faculty, students, medical staff, and others with whom there are relationships which impose special obligations. Among the types of information which raise special concern are: patient medical information, including medical condition, health status, treatment plans;
personnel transactions, including compensation adjustments, performance evaluations, disciplinary actions, grievance procedures, employee demographic information, employment agreements, benefit plan information; appointment schedules both medical and administrative; telephone access and usage records; security access control logs and parking control logs; student academic records; medical staff and faculty credentialing; peer review and quality review information; faculty appointment, promotion and tenure records; insurance and litigation information.
B. Several offices of the University administer functions that require handling of employee personal data, including Social Security numbers. Data concerning such personal information can be shared among offices of the University under a strict need-to-know basis. However, any information containing employee personal information can be shared with entities outside the University, including auditors, benefits providers, and governmental agencies, only with the specific approval of the head of the Human Resources Department.
Additional Information: Inquiries regarding this policy can be directed to the Human Resources Department.
