CIMRO
  • Home
  • Peer Review Services
    • Why Outsource?
    • Review Types
    • Peer Review Process
    • Peer Review Panel
    • Pricing
    • Department of Insurance
  • Why Choose CIMRO?
    • Our Physicians
    • Secure e-Messaging
    • Quality
    • Customer Service
    • Testimonials
    • Experience
    • Value
    • Integrity
  • About Us
    • Careers
    • Leadership
  • Contact Us
  • News
  • Reviewer Portal
  • 🔍 Search

Peer Review eNews

Confidentiality-Security Policy | Updated

11/28/2018

 
Picture
CIMRO takes very seriously our responsibilities as a Business Associate. The CIMRO Enterprise recently completed comprehensive review of its Confidentiality-Security Policy.
CIMRO PRs must conduct all peer reviews in accordance with the then-current confidentiality policy in accord with the PR subcontract and business associate agreement.
 
Though the confidentiality policy document itself is much more extensive, there are no substantive changes in how a PR must protect confidential information and the obligations as a Business Associate. 

  • The necessary administrative, physical and technical safeguards to protect confidential information must be taken and in place. 
  • No non-confidential, de-identified data resulting from activity funded by CIMRO, directly or indirectly, may be published in any manner without the prior written consent of the CIMRO CEO and compliance with the applicable regulations.
 
Below is a portion of the Definitions and Descriptions section from the confidentiality policy as a refresher:

  1. WHAT IS CONFIDENTIAL INFORMATION?
For purposes of this Policy, Confidential Information means and includes, but is not limited to:
  • Protected Health Information (PHI), in any form or media whether electronic, on paper or oral;
  • Individually Identifiable Health Information (IIHI), in any form or media whether electronic, on paper or oral;
  • Personally Identifiable Information (PII), in any form or media whether electronic, on paper or oral;
  • Patient Identifying Information as that term is used in regard to Substance Use Disorder regulated by 42 CFR Part 2, in any form or media whether electronic, on paper or oral;
  • Computer or other electronic or non-electronic reports or records which are healthcare provider or reviewer and/or patient specific;
  • Healthcare provider or reviewer license numbers, Medicare/Medicaid provider numbers, reviewer identity, or other information from which their identity can be ascertained;
  • Information that explicitly or implicitly identifies an individual patient, practitioner or reviewer;
  • Quality review studies which identify patients, practitioners or institutions;
  • Related working materials, drafts, copies or other forms of the all of the above.

  1. WHAT IS PHI?
PHI is Individually Identifiable Health Information (IIHI) that is transmitted by electronic media (ePHI); maintained in electronic media; or transmitted or maintained in any other form or medium, whether electronic, paper or oral. Note that there are three types of IIHI that are excluded from the definition of PHI in the regulations, but none have application to the Enterprise. More often than not, the general term PHI is used, even though technically PHI and IIHI are not one and the same due to the three exceptions.

  1. WHAT IS IIHI?
IIHI is Individually Identifiable Health Information (IIHI). It is information, including demographic data, that relates to an individual’s past, present or future physical or mental health or condition; the provision of health care to the individual; or the past, present or future payment for the provision of health care to the individual and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.  IIHI includes many common identifiers (e.g., names, all geographic subdivisions smaller than a state (region, street address, city, county, precinct, zip code/equivalent geocode [some exceptions], all elements of dates [except year] for dates directly related to the individual [e.g., birth date, admission/ discharge dates, date of death, etc.], telephone numbers, fax numbers, e-mail addresses, social security numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, vehicle identifier/serial numbers [including license plate numbers], web Universal Resource Locators [URLs], Internet Protocol [IP] address numbers, biometric identifiers [finger/voice prints], and full face photographic images).

  1.  WHAT IS PERSONALLY IDENTIFIABLE INFORMATION?
Personally Identifiable Information (PII), is generally defined to mean any information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified.
 
Should you have any questions or need another copy of the confidentiality policy, please contact us at peerreview@cimro.com or 217.352.1060 ext. 4201. 

Back to All News Stories

    Archives

    May 2023
    March 2023
    February 2023
    January 2023
    November 2022
    October 2022
    September 2022
    August 2022
    June 2022
    February 2022
    February 2021
    February 2020
    January 2019
    November 2018

    RSS Feed

    Picture

Address

CIMRO
2902 Crossing Court
​ Suite C

Champaign, IL 61822

Phone & Email

Tel 1-217-352-1060
Toll free 1-800-635-9407
Fax 1-217-352-1182
​info@cimro.com 

About

About Us
Careers
​Leadership
​Privacy Policy

Our Services

Independent Peer Review
Department of Insurance

Popular Pages

Contact Us
Careers
Peer Reviewer Portal
​Peer Review Services
  • Home
  • Peer Review Services
    • Why Outsource?
    • Review Types
    • Peer Review Process
    • Peer Review Panel
    • Pricing
    • Department of Insurance
  • Why Choose CIMRO?
    • Our Physicians
    • Secure e-Messaging
    • Quality
    • Customer Service
    • Testimonials
    • Experience
    • Value
    • Integrity
  • About Us
    • Careers
    • Leadership
  • Contact Us
  • News
  • Reviewer Portal
  • 🔍 Search