Third Party Integrity and Accountability Code

We focus on integrity in all we do. Our Third Parties are a vital part of how we achieve our mission, and we must work together to do the right thing in all of our dealings. When working with us or on our behalf, we expect you to perform at the highest standard of business…

Single-use Plastics Elimination – Beverage Bottles

The purpose of this university-wide policy is to eliminate Single-use Plastic Beverage Bottles from campus and medical enterprise operations. By shifting procurement practices, prioritizing reuse and increasing waste diversion and reduction measures, over the next few years, USC intends to transition away from all Single-Use Plastic Beverage Bottles on campus and reach its zero waste goals.

Clery Policy

The requirements in this policy are designed to facilitate USC’s compliance with the “Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act of 1998,” (the “Clery Act”). The Clery Act requires USC to disclose specified crime report statistics on and near its campuses, to provide other safety and crime information to the campus community in an accurate, complete, and timely manner, and to maintain written policies and procedures implementing the Clery Act.

USC Event, Gatherings and Tailgate Fencing Policy

The university uses fencing of various heights to create a barrier or barricade to control the flow and capacity at an event. Fencing is also required when serving alcoholic beverages by the Department of Alcoholic Beverage Control (ABC) and Los Angeles Police Department (LAPD), the latter of whom signs off on ABC service permits.

USC Athletics Student-Athlete Name, Image, and Likeness (NIL) Policy

The vision of USC is to have the most student-athlete centered athletics program in the nation. In alignment with that vision, we support the ability of our student-athletes to earn compensation from third parties for the use of their name, image, and likeness (“NIL”), consistent with this Policy and California’s Fair Pay to Play Act.

HIPAA PAT-607 Mitigations and Sanctions

It is USC’s policy to monitor compliance with HIPAA policies and to mitigate, to the extent practicable, any harm resulting from inappropriate access to, acquisition of, use of, or disclosure of protected health information.

Gift Acceptance and Campaign Counting

All university employees and volunteers must adhere to this policy, which also acts as a guide for prospective donors and their advisors, providing assurance that all donors are treated equitably.

Fundraising Coordination

The generosity of alumni, friends, grateful patients, corporations and foundations plays a vital role in supporting USC’s mission of excellence.

International Collaborations and Export Controls

USC engages in a variety of activities related to research, instruction, healthcare, student outreach, and other strategic partnerships and affiliations that may create obligations under United States export control regulations, the Foreign Corrupt Practices Act (FCPA), and economic and trade sanctions regulations.

Protection of Social Security Numbers and Other Restricted Information

USC receives and collects Restricted Information, as defined below, from and about students, faculty and staff employees, patients, and business partners, among others, in order to provide academic and clinical services and/or to conduct business operations. USC will use, store and transmit “Restricted Information” responsibly and in compliance with federal and state laws and regulations.

University Sponsored Advertising and Sponsorships

To protect and present an appropriate and consistent image, the university restricts the advertising of, or sponsorship agreements involving, certain products and services.

HIPAA PAT-608 Breach Notification

USC shall comply with breach notification requirements under federal and state laws, including the HIPAA privacy and security regulations and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) Regulations.

HIPAA PAT-601 Access to Protected Health Information

This policy describes when it is appropriate to permit a patient to access his or her Protected Health Information and the procedures to follow when approving or denying a patient request to access his or her Protected Health Information.

HIPAA Privacy Rule: Education of Covered Workforce

It is USC’s policy to provide education to its faculty, staff, students and other employees or volunteers who use, disclose or access Protected Health Information as part of their job responsibilities at USC.

HIPAA CLIN-207 Security Risk Analysis and Management

In accordance with the HIPAA Security Rule, USC maintains a HIPAA security risk analysis and management program to assess and prioritize risks to the confidentiality,
integrity and availability of Protected Health Information (PHI) and to respond, accept or remediate as appropriate.

HIPAA PAT-604 Patient Requests to Restrict Uses and Disclosures of Protected Health Information

USC will consider requested restrictions. However, except in the limited circumstances described below, USC has no obligation to agree to any such request, nor is it required to cite a reason for refusing to do so.

HIPAA PAT-603 Accounting of Disclosures of Protected Health Information

This policy describes the process for responding to a patient’s request for an accounting of disclosures of his or her Protected Health Information.

HIPAA PAT-602 Patient Requests to Amend Protected Health Information

Except as set forth below, the University of Southern California (USC) recognizes the right of a patient to request an amendment to his or her Protected Health Information or a record about a patient maintained by USC in a “Designated Record Set.”

Payment Card Industry Data Security Standards

The university is committed to compliance with the Payment Card Industry (PCI) Data Security Standard, a standard adopted internationally by the major credit card brands (e.g., Visa, MasterCard, Discover, and American Express) to protect credit card data, regardless of where that data is processed or stored (“PCI Standard”).

Human Anatomic Materials Procurement

USC is committed to ensuring that human anatomical materials used for academic purposes meet all applicable regulatory and safety requirements.

HIPAA PAT-606 Resolution of Patient Complaints

It is USC’s policy to provide a process for individuals to make complaints regarding USC’s compliance with the Privacy Rule.

HIPAA PAT-605 Patient Requests to Receive Confidential Communications

It is USC’s policy to accommodate a reasonable request by a patient to receive communications of Protected Health Information from USC by alternative means or at alternative locations, provided the procedures for requesting such accommodations as set forth below, are followed.

HIPAA CLIN-206 Minimum Security Standards for ePHI for Keck

Keck Medicine of University of Southern California (Keck) recognizes that federal and California law require that Protected Health Information receive the highest level of access control and security protection in order to safeguard the confidentiality and protect the patients’ right to privacy of such information consistent with USC’s privacy policies.

HIPAA RES-301 Uses and Disclosures of Protected Health Information for Research Purposes

Federal and state regulations govern the protection of human subjects in research. While these regulations provide for some patient confidentiality protections, the HIPAA Privacy Rule adds additional privacy protections for human subjects and establishes the conditions under which protected health information (“PHI”) may be used or disclosed
by the University of Southern California (USC) for research purposes.

HIPAA CLIN-203 Special Privacy Considerations

USC recognizes that federal and California law require that certain categories of patient’s Protected Health Information receive additional privacy protections.

HIPAA CLIN-202 Personal Representatives of Patients

A patient’s “Personal Representative” is the person who has the authority, under California law, to make health care decisions on behalf of the patient. Although there are exceptions, in general a person who has the capacity to make his or her
own health care decisions does not have a Personal Representative.

Biorepositories

USC encourages the creation of repositories (sometimes called biorepositories, registries, banks, or libraries) that provide access, for use in future research, to data and human biospecimens.

Designating Honorary Alumni

On occasion the university, the Alumni Association, or the dean of an academic unit wishes to acknowledge the extraordinary service or merit of an individual who has neither an earned degree from USC nor qualifies for an honorary degree.

HIPAA CLIN-201 Use of Protected Health Information for Treatment Payment and Health Care Operations

University of Southern California (USC) is permitted to use and disclose an individual’s Protected Health Information for treatment, payment and health care operations, provided: USC gives patients a Notice of Privacy Practices (Notice), which
describes the ways in which USC may use patients’ PHI; USC makes a good faith effort to obtain written acknowledgement of receipt of the Notice; and USC only uses and releases the minimum amount of health information necessary when doing so for payment or healthcare operations purposes.

HIPAA BUS-701 Business Associates

The University of Southern California (USC) ensures that its business associates protect patients’ right to privacy consistent with USC’s obligations under federal and state law and USC’s privacy policies.

HIPAA CLIN-204 Facility Directory

Purpose is to ensure that the maintenance of the facility directory at University of Southern California is in accordance with the HIPAA privacy regulations.

HIPAA CLIN-200 Notice of Privacy Practices

The University of Southern California (USC) is required to give all patients a Notice of Privacy Practices (Notice), which explains i) the ways that USC may use and release their health information; and ii) describes the patients’ rights with respect to their health information.