The purpose of this policy is to protect the privacy of patient-specific data files belonging to The Renal Network, Inc.
The dissemination to the public of patient specific data shall be in aggregate form. No individual data element or aggregate data shall be released which contains information that could identify the patient to the general public. Aggregate data disseminated to the public may, at the discretion of the Board of Trustees, be center or facility specific.
Dialysis and transplant facilities and centers may request and obtain information on their own patients which is patient specific as permitted by applicable law.
The Centers for Medicare and Medicaid Services (CMS) has final authority over the release of all data and must be consulted on requests for data of a sensitive nature. All data requests must follow the data release policy.
All patient specific hard copy information that comes into the Network office is contained in a locked drawer prior to processing. Once processed, hard copy data is filed in a locked filing cabinet. Hard copy data is retained in the Network office for two years at which time it is shredded and disposed of.
Computerized patient specific data are kept in password protected files. The file name is known only to authorized Network employees. Access to the computer requires an employee password.