A privacy breach could result in legal penalties even if you no longer work here. We know that medical records whether paper or electronic are confidential. What about handwritten notes and phone calls? All forms of information written, spoken, or electronic are confidential and must be protected. What should you do if another organization asks for access to patient information in your computer system? This access must be closely scrutinized first.
Hospital guidelines describe what information is confidential, including anything that could be used to identify a patient. Computer user IDs and access codes, payroll information, confidential memos, and many other documents are also considered confidential information. Put them in the locked shredder bin in your area. Make sure you always leave your work space free of paper PHI before you leave at the end of your shift.
Who is responsible if I "lend" my password to my co-worker and she uses it to look up information on a friend she's concerned about? Both of us have violated our organization's policy. I am ultimately responsible for having shared my password.
Each person must have his or her own user ID so that he or she can be held accountable for activity connected to that ID. What are some important rules for making up "good" passwords? Ones that are hard for someone else to guess? They should be at least six characters long; contain both numbers and letters; never be a real word or a significant number string; never be the name of a fictional character, a car model, or such.
Passwords "hidden" this way can be easily found. This is not taking reasonable care to keep your password secret. What should you do if a well-known staff physician says that he has lost his password but needs immediate access to his patient's lab results and asks you to look up that patient's records for him? But you should let the physician know you are not comfortable in doing this.
And you should report the incident to the security officer. Thus the physician can get his password restored, and you are on record for noting that the patient look-up was done at the physician's request. What should you do if your computer access doesn't let you see information you need?
Is it all right to ask a co-worker to share her password when the need is legitimate? You should talk to your manager and arrange for the necessary access. It is never permissible to use someone else's password. Unless it has been approved and virus-scanned, it may contain a virus or other malicious code that could infect your PC and others on the network. Loading of software on PCs can also create issues with software necessary to do business which could render the PC inoperable.
It is not in the interest of UToledo to utilize unlicensed software, this creates legal issues. Do I need the original copy, and do I need to get it notarized? Other special circumstances include: disclosing to the patient themselves, disclosing to the secretary of HHS Office for Civil Rights, incidental disclosures , National Priority Purpose disclosures, using PHI for a limited data set, and disclosures for fundraising.
Q: What is an authorization form, and when should I use one? Q: What goes in an authorization form? A: You must write the form in plain language and include the following parts: A description of the information that you will use or disclose and the purpose of it.
The name s or other identification of the person or class of persons authorized to request the use or disclosure of PHI. The name s or other identification of the person or class of persons authorized to receive the PHI. The authorization timeframe, including its expiration date.
If a representative is signing for the patient, they must describe their authority to do so. Whether or not your organization can make treatment, enrollment, or eligibility for benefits contingent upon the signed form and, if so, the consequences if the patient refuses to sign.
Q: How long does an authorization remain valid? Q: What can make the authorization defective? Q: Do I need the original copy to act upon it? Q: Do I need to notarize the signed form? Compliance is complicated. Schedule your demo today! Covered entities are not required to obtain consent from patients for routine disclosures for treatment, payment or healthcare operations, although some covered entities still choose to do so.
This provides them with an additional level of protection in the event of a privacy complaint or audit. Such authorizations detail when protected health information will be used by the covered entity, the entities to which that information will be disclosed, and the circumstances under which information will be used and disclosed.
0コメント