Membership Expense and Restrictions (Expenditures)

The purpose of this policy is to establish guidelines for payments and reimbursements for memberships.

Mandated Reporters

California law designates USC employees with certain positions as “mandated reporters” (defined below and in Appendix A).

Equipment Policy

To establish procedures for the management and control of equipment owned by or in the possession and custody of USC. This includes the acquisition, identification, recording, use, care,
maintenance, disposition, and reporting of U.S. government and contractor-owned equipment
held by the university. These procedures are established to comply with federal regulations with respect to government equipment for which the university is responsible and accountable.

Conflict of Interest and Commitment Policy

All employees are expected to adhere to the highest ethical standards in their professional and business practices. In order to meet these obligations, all faculty and staff should avoid conflicts of interest that may exist between outside activities and obligations to the university.

HIPAA PAT-604 Patient Requests to Restrict Uses and Disclosures of Protected Health Information

USC will consider requested restrictions. However, except in the limited circumstances described below, USC has no obligation to agree to any such request, nor is it required to cite a reason for refusing to do so.

HIPAA PAT-603 Accounting of Disclosures of Protected Health Information

This policy describes the process for responding to a patient’s request for an accounting of disclosures of his or her Protected Health Information.

HIPAA PAT-602 Patient Requests to Amend Protected Health Information

Except as set forth below, the University of Southern California (USC) recognizes the right of a patient to request an amendment to his or her Protected Health Information or a record about a patient maintained by USC in a “Designated Record Set.”

Payment Card Industry Data Security Standards

The university is committed to compliance with the Payment Card Industry (PCI) Data Security Standard, a standard adopted internationally by the major credit card brands (e.g., Visa, MasterCard, Discover, and American Express) to protect credit card data, regardless of where that data is processed or stored (“PCI Standard”).

Human Anatomic Materials Procurement

USC is committed to ensuring that human anatomical materials used for academic purposes meet all applicable regulatory and safety requirements.

Purchasing and Signature Authority

The purpose of this policy is to control the commitment of university funds, including purchasing and contracting activities.

Invoice Payments

When the purchase of goods and services is authorized by a purchase order, the supplier must provide an invoice for payment.

HIPAA PAT-606 Resolution of Patient Complaints

It is USC’s policy to provide a process for individuals to make complaints regarding USC’s compliance with the Privacy Rule.

HIPAA PAT-605 Patient Requests to Receive Confidential Communications

It is USC’s policy to accommodate a reasonable request by a patient to receive communications of Protected Health Information from USC by alternative means or at alternative locations, provided the procedures for requesting such accommodations as set forth below, are followed.

HIPAA CLIN-206 Minimum Security Standards for ePHI for Keck

Keck Medicine of University of Southern California (Keck) recognizes that federal and California law require that Protected Health Information receive the highest level of access control and security protection in order to safeguard the confidentiality and protect the patients’ right to privacy of such information consistent with USC’s privacy policies.

HIPAA RES-301 Uses and Disclosures of Protected Health Information for Research Purposes

Federal and state regulations govern the protection of human subjects in research. While these regulations provide for some patient confidentiality protections, the HIPAA Privacy Rule adds additional privacy protections for human subjects and establishes the conditions under which protected health information (“PHI”) may be used or disclosed
by the University of Southern California (USC) for research purposes.

HIPAA CLIN-203 Special Privacy Considerations

USC recognizes that federal and California law require that certain categories of patient’s Protected Health Information receive additional privacy protections.

HIPAA CLIN-202 Personal Representatives of Patients

A patient’s “Personal Representative” is the person who has the authority, under California law, to make health care decisions on behalf of the patient. Although there are exceptions, in general a person who has the capacity to make his or her
own health care decisions does not have a Personal Representative.

Injury and Illness Prevention

USC is committed to excellence in environmental health and safety stewardship on our campuses and in the larger USC community. This policy outlines safety responsibilities and requirements placed on all USC personnel (faculty, staff, students, contractors, and volunteers)—to support injury and illness prevention, maintain a safe and healthful workplace, and ensure individual and institutional compliance with relevant environmental health and safety regulations.

Weekday Football Game Protocol

These guidelines have been developed for the purpose of establishing the university’s expectations regarding the management of weekday football games.

Reporting Wrongdoing

USC requires faculty, staff, students, volunteers and others affiliated with the university to report suspicion of wrongdoing promptly to the proper authorities for investigation.

Designating Honorary Alumni

On occasion the university, the Alumni Association, or the dean of an academic unit wishes to acknowledge the extraordinary service or merit of an individual who has neither an earned degree from USC nor qualifies for an honorary degree.

Independent Contractors

The Internal Revenue Service requires the university to properly classify independent contractors. This policy and the accompanying independent contractor website (see below for link) identify the steps, documents and processes necessary to ensure proper classification of and subsequent payment to independent contractors.

HIPAA CLIN-201 Use of Protected Health Information for Treatment Payment and Health Care Operations

University of Southern California (USC) is permitted to use and disclose an individual’s Protected Health Information for treatment, payment and health care operations, provided: USC gives patients a Notice of Privacy Practices (Notice), which
describes the ways in which USC may use patients’ PHI; USC makes a good faith effort to obtain written acknowledgement of receipt of the Notice; and USC only uses and releases the minimum amount of health information necessary when doing so for payment or healthcare operations purposes.

HIPAA BUS-701 Business Associates

The University of Southern California (USC) ensures that its business associates protect patients’ right to privacy consistent with USC’s obligations under federal and state law and USC’s privacy policies.

HIPAA CLIN-204 Facility Directory

Purpose is to ensure that the maintenance of the facility directory at University of Southern California is in accordance with the HIPAA privacy regulations.

HIPAA CLIN-200 Notice of Privacy Practices

The University of Southern California (USC) is required to give all patients a Notice of Privacy Practices (Notice), which explains i) the ways that USC may use and release their health information; and ii) describes the patients’ rights with respect to their health information.

HIPAA GEN-105 Disclosures of Deidentified

The University of Southern California (USC) may use or disclose de-identified health information without obtaining a patient’s authorization.

HIPAA GEN-103 Public Policy Disclosures

USC may use or disclose PHI for treatment, payment and health care operations without an individual’s authorization in accordance with USC HIPAA Policy CLIN – 201 and USC’s Notice of Privacy Practices, provided the individual has acknowledged receipt of USC’s Notice of Privacy Practices or USC has made good faith efforts to obtain the individual’s acknowledgement of receipt.

HIPAA GEN-102 When to Obtain Authorizations

The University of Southern California (USC) may use and disclose an individual’s Protected Health Information (PHI) only pursuant to a written Authorization of the
patient or the patient’s Personal Representative with the following exceptions.

Recharge Centers

USC schools, academic departments and other university divisions (units) may establish a recharge center (RC) to provide goods and/or services to university activities, programs and organizations.

Relationships with Industry

The purpose of this policy is to: Support USC’s standard of maintaining a culture of ethics in its business relations and to minimize conflicts of interest and the appearance of impropriety in our relationships with pharmaceutical companies, biotechnology companies, device and medical equipment manufacturers and other healthcare suppliers (“Industry”).

Institutional Conflict of Interest in Research

The objective of this policy is to promote the highest ethical standards in the conduct of research in situations where institutional conflicts of interest (“ICOI”) may occur, and to determine those instances when an ICOI is unacceptable.