New HIPAA Breach/Incident Reporting System
Privacy/Security Tip # 1819-01
from the USF Health Professional Integrity Office
We are pleased to announce that we have a new HIPAA Privacy Breach/Privacy Incident Reporting System called PrivacyPro Solutions. This new reporting system will replace SharePoint for reporting all HIPAA privacy related breaches or incidents. We will disable access to SharePoint in the coming weeks as all new incidents should be reported in PrivacyPro Solutions effective today.
PrivacyPro Solutions
You should begin seeing posters for PrivacyPro in our clinics within the next week. Attached is a copy of the poster*. Utilizing PrivacyPro will save time in reporting an incident. If you have questions about HIPAA compliance or PrivacyPro, please contact the Professional Integrity Office Helpline at (813) 974-2222.
Access to Own Record in Epic Not Permitted
Privacy/Security Tip # 1819-02
from the USF Health Professional Integrity Office
Access to your own medical record within Epic is not permitted.* This change in our prior access policy was adopted to comply with minimum necessary requirements and to align with Tampa General Hospital’s access policy. As a reminder, use of inbasket messaging for personal health care needs is not permitted. A copy of the new policy is attached.
*Exception: If you are a USF Health credentialed provider you are permitted to access and document within Epic for self-treatment if self-treatment is permitted under your licensure.
Access to your own medical record should be through MyChart or Health Information Management. Please remember access to a family member’s medical record in Epic is not permitted unless your job function clearly requires such.
As a reminder, we monitor all access to Epic through our FairWarning system. Access outside a workforce member’s job role is subject to sanctions, up to and including termination.
If you have questions about HIPAA compliance or access please contact the Professional Integrity Office Helpline at (813) 974-2222.
New Process to Request a Business Associate Agreement
Privacy/Security Tip # 1819-03
from the USF Health Professional Integrity Office
There is a new process to request a Business Associate Agreement (“BAA”) using our new system called PrivacyPro Solutions.
The new link for requesting a BAA is: https://usf.privacyprosolutions.com/request/business_associate. A copy of how the form appears is attached and the new link above has also been placed on our old SharePoint site for ease of reference.
What is a Business Associate (BA)? A BA is a person or entity, including consultants and vendors, performing services/activities on behalf of USF Health that involves the access, use or disclosure of protected health information (PHI). USF Health can also serve as a BA on behalf of another entity.
Examples - A BAA most likely will be needed when a vendor:
- Creates, receives, maintains, or transmits PHI on our behalf (such as claims processing, data analysis, billing)
- Provides legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services (if such activity involves the use or disclosure of PHI)
- Stores, transmits, or maintains PHI on our behalf
- E-prescribing gateways and others who provide data transmission services (requiring access to PHI).
If there is any doubt whether a BAA is needed, please enter your request within PrivacyPro using the link above or call the Professional Integrity Office Helpline at (813) 974-2222 to discuss.