| It is the responsibility of all Marshfield Clinic Health System employees, volunteers, and affiliates to protect and properly use or disclose confidential information belonging to, or used by, Marshfield Clinic Health System, its contractors, affiliates, clients or other applicable individuals and organizations. Confidential information includes certain clinical, financial, or demographic information about an individual, or sensitive information about, belonging to, or used by Marshfield Clinic Health System or institutions. Protected Health Information (PHI), Social Security Numbers, credit card information (card numbers, PIN, security code), banking account/routing information, MCHS personnel data, MCHS trade secrets and proprietary data, and MCHS internal research data. PHI is protected by the Health Insurance Portability and Accountability Act (HIPAA). The following individually identifiable data elements, when combined with health information about that individual, make such information protected health information (PHI): - Name
- Address (all geographic subdivisions smaller than state, including street address, city county, and zip code)
- All elements (except years) of dates related to an individual (including birthdate, admission date, discharge date, date of death, and exact age if over 89)
- Telephone number
- Fax number
- Email address
- Social Security Number
- Medical record number
- Health plan beneficiary number
- Account number
- Certificate/License number
- Any vehicle or other device serial number
- Web URL
- Internet Protocol (IP) address
- Biometric identifier, including finger or voice print
- Full face photographic image
- Any other unique identifying number, characteristic, code, or combination that allows identification of an individual.
I, the undersigned, agree to the following: - I will access/use/store/process/transmit confidential information appropriately when it is part of my position responsibilities, and for which I have a permissible purpose to do so.
- I will access/use/store/process/transmit only the minimum confidential information necessary to carry out the relevant function.
- I will not store or transport confidential information, outside of the MCHS secure systems using any mobile devices such as a laptop, pad device, phone, portable stick drive or another personal external drive, device, or cloud storage without authorization. If authorized, the device/service must also utilize an authentication method (password, biometric, two-factor authentication, etc.) and encryption as required by policy.
- I will implement, maintain, and comply with the appropriate safeguards for confidential information as defined by Marshfield Clinic Health System.
- I will not transmit any confidential information to anyone outside MCHS unless the receiver of the information is authorized to receive such information, has signed an MCHS Confidential Information Agreement, Business Associate Agreement, or similar contract or agreement. That standard applies to the information sent from the MCHS system is protected appropriately according to policy requirements (encrypted, password protected, depending on the type of data), or if not protected, is de-identified of all confidential information.
- I will not access/use/store/process/transmit confidential information or attempt to do so if it is outside the scope of my position responsibilities.
- I will protect MCHS confidential information from unauthorized access, disclosure, transmission, alteration, and destruction.
- I will report any breach or unauthorized disclosure, alteration, or destruction of confidential information to my supervisor and the Privacy Officer immediately upon discovery. If the breach or unauthorized disclosure is due to a technical security event, I understand that I must immediately notify the MCHS Compliance Officer immediately upon discovery. I understand that any violation of this Confidential Information Agreement may be grounds for revocation of access to this information, sanction under applicable MCHS Policy, and disciplinary action up to and including termination of employment, and/or criminal or civil penalties.
If you have questions about the acquisition, access to, use of or disclosure of your data in REDCap or about the Marshfield Clinic Health System Confidential Information Agreement, please contact the REDCap Administrator at 715-221-6424 or birc_redcap_support@marshfieldresearch.org |