ColumbiaDoctors is the faculty medical practice of Columbia University Medical Center; it includes more than 1,700 physicians, dentists, and nurses in more than 230 specialties and subspecialties. ColumbiaDoctors is affiliated with NewYork-Presbyterian, the No. 1 hospital in the New York area and one of the top 10 hospitals in the nation, according to U.S. News & World Report.
Human Research Protection Office and IRBs
The mission of the CU IRB is to enhance and facilitate the ethical conduct of human subjects research conducted by Columbia, and by Columbia faculty, regardless of location. The CU IRB will perform this mission through its review of human subjects research, its educational and training initiatives, and its compliance oversight and quality improvement programs.
Media Authorization Form for Case Reports
The AAMC's Guidance on Patient Privacy and the Publication or Dissemination of Case Reports document should be reviewed.
Information Security Policies and Procedures
The Information Security Office (ISO), part of CUMC IT, facilitates all aspects of information security risk management at CUMC, with a particular focus on threat management and HIPAA compliance. This includes administration and enforcement of information security policies on campus. ISO also provides guidance to CUMC Schools and Departments regarding any information security concerns they may have.
US Department of Health and Human Services HIPAA Website
US Department of Health and Human Services Health Information Privacy website where you will find information for individuals, how to file a complaint, HIPAA information for professionals, contact information for the Office for Civil Rights.
Family Educational Rights and Privacy Act
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
Disposal of Protected Health Information
The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form. See 45 CFR 164.530(c). This means that covered entities must implement reasonable safeguards to limit incidental, and avoid prohibited, uses and disclosures of PHI, including in connection with the disposal of such information.
Record Retention Grid
The Greater New York Hospital Association (GNYHA) developed the attached comprehensive records retention grid including the related legal citation. Refer to the Columbia University Policy on Records Retention posted in the Administrative Policy Library for additional information.