Page 39 - Privacy_Program
P. 39

MINIMUM COLLECTION AND USE [DP140]
        Back to Table of Contents


        Scope: Enterprise
        Distribution: Executive Leadership Team; Director of Information Technology, Privacy and Data Security; Directors, Managers and
        Supervisors; All Services and Programs Employees; and Other Employees with Access to Protected Health Information and Other
        Privacy‐Restricted Participant Information (includes Contractors, temporary employees and Interns)
        Purpose: To limit the collection and use of Protected Health Information and Other Privacy Restricted Participant Information to
        what is needed by the organization for its stated purposes.
        External Regulation or Standard: GAPP Principle 4: Collection, and 5: Use and Retention


        Who is Responsible     Statement    Policy, Standard, or Procedure Statement
                                Number
        Chief Services and       DP140.1    The organization's methods of collecting Protected Health Information (PHI) or
        Programs Officer;                   Other Privacy Restricted Participant Information (PRPI) will be reviewed by
        Director of Information             S&P Chiefs, Directors and Managers as well as the Director of Information
        Technology, Privacy                 Technology, Privacy and Data Security before they are implemented to
        and Data Security; S&P              confirm that information is obtained fairly, without intimidation or deception,
        Directors, Managers                 and lawfully relating to the collection of personal information.
        and Supervisors

        Employees with Access    DP140.2    The collection of PHI and other PRPI is limited to that necessary for the
        to Protected Health                 purposes identified in the applicable privacy notice.
        Information (PHI) and
        Other Privacy‐ Restricted
        Participant Information
        (PRPI)

        Executive                DP140.3    The organization will ensure that third parties from whom the organization
        Leadership Team;                    collects PHI and other PRPI are reliable sources that collect information fairly
        Director of                         and lawfully.
        Information
        Technology, Privacy
        and Data Security;
        Directors, Managers
        and Supervisors
        Employees and others     DP140.4    The organization will use PHI and other PRPI only for the purposes identified in
        with Access to PHI and              the applicable privacy notices and only if the participant has provided implicit
        other PRPI                          or explicit consent, unless a law or regulation specifically requires otherwise.





















         GES CONFIDENTIAL                                                                                    33
   34   35   36   37   38   39   40   41   42   43   44