UAMS ADMINISTRATIVE GUIDE
UAMS ADMINISTRATIVE GUIDE
NUMBER: 7.3.12
DATE: March 24, 2005
REVISION:
| SECTION: | INFORMATION TECHNOLOGY |
| AREA: | NETWORK SECURITY |
| SUBJECT: | DATA INTEGRITY |
SCOPE
UAMS Workforce with Access to Confidential Information, including Electronic Protected Health Information (ePHI), for any purpose.
DEFINITIONS
Confidential Information includes information concerning UAMS research projects, confidential employee information, information concerning the UAMS research programs, proprietary information of UAMS, and sign-on and password codes for access to UAMS computer systems. Confidential information shall include Protected Health Information.
Electronic Protected Health Information means individually identifiable health information that is:
· Transmitted by Electronic media
· Maintained in Electronic media
Integrity means the property that data or information have not been altered or destroyed in an unauthorized manner.
Protected Health Information (PHI) means information that is part of an individual’s health information that identifies the individual or there is a reasonable basis to believe the information could be used to identify the individual, including demographic information, and that (i) relates to the past, present or future physical or mental health or condition of the individual; (ii) relates to the provision of health care services to the individual; or (iii) relates to the past, present, or future payment for the provision of health care services to an individual. This includes PHI which is recorded or transmitted in any form or medium (verbally, or in writing, or electronically). PHI excludes health information maintained in educational records covered by the federal Family Educational Rights Privacy Act and health information about UAMS employees maintained by UAMS in its role as an employer.
To access any other terms or definitions referenced in this policy: http://hipaa.uams.edu/DEFINITIONS%20-%20HIPAA.pdf
POLICY
UAMS will implement appropriate data Authentication measures to protect the Integrity of Confidential Information, including ePHI, and to protect against improper and unauthorized alteration or destruction. Data Authentication measures will include a formal and documented electronic process to validate data Integrity and to verify that the data sent is identical to the data received.
REFERENCE
1) UAMS Information Security Policy 7.1.03