Physical Offsite Storage Guide
Overview
Physical offsite storage requires appropriate handling and protection of Stanford University’s physical records, including, but not limited to, paper records, audio tapes, video tapes, and photographs. The security of these items is particularly important when they contain High and Moderate Risk Data such as:
- Protected Health Information (PHI) ‐ Individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.
- Individually identifiable health information is information, including demographic data, that relates to:
- the individual’s past, present or future physical or mental health or condition
- the provision of health care to the individual
- the past, present, or future payment for the provision of health care to the individual
- the identity of the individual or for which there is a reasonable basis to believe it can be used to identify the individual
- Personally Identifiable Information (PII)‐ Information that can be used alone or when combined with other PII to distinguish or trace an individual’s identity. Examples of PII include an individual’s name, social security number, address, phone number, credit card or bank account number.
Full policy below
Please review the full reference guide at the link below.
Overview |
Physical offsite storage requires appropriate handling and protection of Stanford University’s physical records, including, but not limited to, paper records, audio tapes, video tapes, and photographs. The security of these items is particularly important when they contain High and Moderate Risk Data such as:
|
Best Practices |
|
Roles & Responsibilities |
SoM Originators/Initiators: Faculty and Staff
|
Penalties for non‐compliance: Potential financial penalties for non‐compliance with the Health Insurance Portability and Accountability Act (HIPAA) can be significant; up to $50,000 per violation, with an annual maximum of $1.5 million. |
Policies & Regulations |
3.15: Stanford Medicine Policy for the Removal and Transport of PHI DoResearch‐ Records Retention‐ Uniform Guidance, Administrative Guide Memos (AGM), and Other Regulations: https://doresearch.stanford.edu/topics/record-retention |
Questions? Subject Matter Expert (SME) Contacts |
For Physical Offsite Storage: University Privacy Office‐ https://privacy.stanford.edu/ Procurement ‐ Purchasing services |
For Electronic Storage: | |
Document History | |
Created: November 2016 Last Updated URL Links: September 2022 Author: Office of the Chief Risk Officer, University Privacy Office https://privacy.stanford.edu/ Reviewed by: SME Contacts |