HIPAA Privacy and Security of Patient Information

  • Protected health information (PHI) specifically identifies a patient using any type of identifier even if the patient’s name is not used (demographic, medical, photographic and financial).
  • PHI may be used, disclosed or accessed when performing your job responsibilities, which may include treatment, payment or operations, as required by law.​

Behaviors Designed to Prevent Accidental Disclosure of PHI Include:

  • Do not talk about patients in public areas (lobby, elevator, hall, cafeteria, restroom).
  • Turn computer screens away from public areas.
  • Do not access patient information using another person’s password.
  • Do not stay logged in at an unattended computer.
  • Always ask the patient at each encounter for permission to share PHI in front offamily and visitors, and document in the progress note.
  • Be discreet when speaking with patients and family members.
  • Do not use personal devices (cell phones, PDAs) to take and transmit photographsof a patient.
  • Do not text PHI. Texting is not a secure method of communication.
  • When sending emails, include the word “encrypt” in the subject line of the email
  • Do not send patient information to your personal email account.
  • Never share your sign-on/password.
  • Retrieve printed emails and attachments that contain PHI as soon as possibleafter printing.
  • Double check all printed information handed to the patient (prescriptions, visitsummary) to be certain it is the correct patient.