It is USC’s policy to monitor compliance with HIPAA policies and to mitigate, to the extent practicable, any harm resulting from inappropriate access to, acquisition of, use of, or disclosure of protected health information.
USC shall comply with breach notification requirements under federal and state laws, including the HIPAA privacy and security regulations and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) Regulations.
This policy describes when it is appropriate to permit a patient to access his or her Protected Health Information and the procedures to follow when approving or denying a patient request to access his or her Protected Health Information.
It is USC’s policy to provide education to its faculty, staff, students and other employees or volunteers who use, disclose or access Protected Health Information as part of their job responsibilities at USC.
In accordance with the HIPAA Security Rule, USC maintains a HIPAA security risk analysis and management program to assess and prioritize risks to the confidentiality,
integrity and availability of Protected Health Information (PHI) and to respond, accept or remediate as appropriate.
USC will consider requested restrictions. However, except in the limited circumstances described below, USC has no obligation to agree to any such request, nor is it required to cite a reason for refusing to do so.
This policy describes the process for responding to a patient’s request for an accounting of disclosures of his or her Protected Health Information.
Except as set forth below, the University of Southern California (USC) recognizes the right of a patient to request an amendment to his or her Protected Health Information or a record about a patient maintained by USC in a “Designated Record Set.”
It is USC’s policy to provide a process for individuals to make complaints regarding USC’s compliance with the Privacy Rule.
It is USC’s policy to accommodate a reasonable request by a patient to receive communications of Protected Health Information from USC by alternative means or at alternative locations, provided the procedures for requesting such accommodations as set forth below, are followed.
Keck Medicine of University of Southern California (Keck) recognizes that federal and California law require that Protected Health Information receive the highest level of access control and security protection in order to safeguard the confidentiality and protect the patients’ right to privacy of such information consistent with USC’s privacy policies.
Federal and state regulations govern the protection of human subjects in research. While these regulations provide for some patient confidentiality protections, the HIPAA Privacy Rule adds additional privacy protections for human subjects and establishes the conditions under which protected health information (“PHI”) may be used or disclosed
by the University of Southern California (USC) for research purposes.
USC recognizes that federal and California law require that certain categories of patient’s Protected Health Information receive additional privacy protections.
A patient’s “Personal Representative” is the person who has the authority, under California law, to make health care decisions on behalf of the patient. Although there are exceptions, in general a person who has the capacity to make his or her
own health care decisions does not have a Personal Representative.
University of Southern California (USC) is permitted to use and disclose an individual’s Protected Health Information for treatment, payment and health care operations, provided: USC gives patients a Notice of Privacy Practices (Notice), which
describes the ways in which USC may use patients’ PHI; USC makes a good faith effort to obtain written acknowledgement of receipt of the Notice; and USC only uses and releases the minimum amount of health information necessary when doing so for payment or healthcare operations purposes.
The University of Southern California (USC) ensures that its business associates protect patients’ right to privacy consistent with USC’s obligations under federal and state law and USC’s privacy policies.
Purpose is to ensure that the maintenance of the facility directory at University of Southern California is in accordance with the HIPAA privacy regulations.
The University of Southern California (USC) is required to give all patients a Notice of Privacy Practices (Notice), which explains i) the ways that USC may use and release their health information; and ii) describes the patients’ rights with respect to their health information.
The University of Southern California (USC) may use or disclose de-identified health information without obtaining a patient’s authorization.
USC may use or disclose PHI for treatment, payment and health care operations without an individual’s authorization in accordance with USC HIPAA Policy CLIN – 201 and USC’s Notice of Privacy Practices, provided the individual has acknowledged receipt of USC’s Notice of Privacy Practices or USC has made good faith efforts to obtain the individual’s acknowledgement of receipt.
The University of Southern California (USC) may use and disclose an individual’s Protected Health Information (PHI) only pursuant to a written Authorization of the
patient or the patient’s Personal Representative with the following exceptions.
USC receives and collects Restricted Information, as defined below, from and about students, faculty and staff employees, patients, and business partners, among others, in order to provide academic and clinical services and/or to conduct business operations. USC will use, store and transmit “Restricted Information” responsibly and in compliance with federal and state laws and regulations.
California law designates USC employees with certain positions as “mandated reporters” (defined below and in Appendix A).
USC encourages the creation of repositories (sometimes called biorepositories, registries, banks, or libraries) that provide access, for use in future research, to data and human biospecimens.
The purpose of this policy is to: Support USC’s standard of maintaining a culture of ethics in its business relations and to minimize conflicts of interest and the appearance of impropriety in our relationships with pharmaceutical companies, biotechnology companies, device and medical equipment manufacturers and other healthcare suppliers (“Industry”).