HIPAA RES-301 Uses and Disclosures of Protected Health Information for Research Purposes

Federal and state regulations govern the protection of human subjects in research. While these regulations provide for some patient confidentiality protections, the HIPAA Privacy Rule adds additional privacy protections for human subjects and establishes the conditions under which protected health information (“PHI”) may be used or disclosed
by the University of Southern California (USC) for research purposes.

HIPAA CLIN-201 Use of Protected Health Information for Treatment Payment and Health Care Operations

University of Southern California (USC) is permitted to use and disclose an individual’s Protected Health Information for treatment, payment and health care operations, provided: USC gives patients a Notice of Privacy Practices (Notice), which
describes the ways in which USC may use patients’ PHI; USC makes a good faith effort to obtain written acknowledgement of receipt of the Notice; and USC only uses and releases the minimum amount of health information necessary when doing so for payment or healthcare operations purposes.

HIPAA GEN-103 Public Policy Disclosures

USC may use or disclose PHI for treatment, payment and health care operations without an individual’s authorization in accordance with USC HIPAA Policy CLIN – 201 and USC’s Notice of Privacy Practices, provided the individual has acknowledged receipt of USC’s Notice of Privacy Practices or USC has made good faith efforts to obtain the individual’s acknowledgement of receipt.

Data Privacy Policy

This policy represents USC’s commitment to respecting and protecting the privacy of its students, patients, faculty, staff, research subjects, and anyone from whom USC Personnel collect or receive Personal Information. The University is also committed to protecting the privacy of Personal Information within its direct and indirect control in a manner consistent with applicable laws, regulations, and University policies, procedures, and principles.

Protection of Social Security Numbers and Other Restricted Information

USC receives and collects Restricted Information, as defined below, from and about students, faculty and staff employees, patients, and business partners, among others, in order to provide academic and clinical services and/or to conduct business operations. USC will use, store and transmit “Restricted Information” responsibly and in compliance with federal and state laws and regulations.

Relationships with Industry

The purpose of this policy is to: Support USC’s standard of maintaining a culture of ethics in its business relations and to minimize conflicts of interest and the appearance of impropriety in our relationships with pharmaceutical companies, biotechnology companies, device and medical equipment manufacturers and other healthcare suppliers (“Industry”).