1 / 11

Top 10 HIPAA Do’s and Don’ts

Top 10 HIPAA Do’s and Don’ts. Office of Graduate Medical Education Loyola University Medical Center. Page 1. #1 Photos & Images. Photographic images of patients are strictly prohibited absent written authorization.

vmcphail
Download Presentation

Top 10 HIPAA Do’s and Don’ts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Top 10 HIPAA Do’s and Don’ts Office of Graduate Medical Education Loyola University Medical Center Page 1

  2. #1 Photos & Images • Photographic images of patients are strictly prohibited absent written authorization. • There are specific consents for taking photos of patients i.e. marketing, quality, educational • Haiku app

  3. #2 Disposal of PHI • Anything with any patient identifier must be properly disposed (i.e., shredded) of as well as safeguarded when in use. • Not OK in regular trash or recycling • Paper must be put in shredding bins • IV bags & specimen containers must have identifiers blackened out with a marker before going into the trash • This includes signouts/ patient/ lists, etc

  4. #3 Accessing PHI • It is not permissible to access your own medical record or that of a friend, spouse, child or relative. • You must follow our release of information polices. You may obtain your record by contacting medical records on signing up for MyLoyola.

  5. #4 Secure Messaging • Texting or Paging PHI is prohibited. This is not a secure way to transmit patient information.

  6. #5 Storage of PHI • PHI should not be stored on unencrypted devices. i.e. flash drive, laptop, iPhone

  7. #6 Social Media • Do not post PHI on Social Media. • (Ex. Facebook, Twitter, Instagram) • Images and information related to patients and LUHS business may not be shared unless specific pre-approval and signed patient consent was received.

  8. #7 Emails • Any emails containing PHI that are being sent outside of the @lumc.edu, @luhs.org or @trinity-health.org must be encrypted.

  9. #8 Verbal Discussions • Be sensitive to where you are having conversations about patients’ medical information • We must never discuss any patient information outside of the hospital and should only share information internally with those that need to know to continue the care of the patient or complete a job related assignment or duty.

  10. #9 Safeguarding PHI • Paper/Hard copies are locked and out of view • Individuals that aren’t directly handling information to fulfill a job duty should not have access at any time • Computer screens/monitors/white boards can’t be viewed by unauthorized persons • Fax machines, copiers, printers in secure locations • Transportation of PHI in locked trunk of car

  11. #10 Reporting • All HIPAA violations or suspected violations must be reported to the • Organizational Integrity Department (69460) • PD • GME (7-4GME)

More Related