Medical Student Guide to PHI

Plaza Medical Center uses paper records, a policy receiving special attention in
HIPAA and posing special challenges to protecting patient information. Paper
records can easily be left or dropped in public spaces. HIPAA provides for serious
punishment of this type of actions involving the government and your school.
Avoid this possibility by keeping patient information secure. This document was
prepared by a medical student sanctioned for a breach of PHI. Your career and
permanent record can be affected by such actions. Some schools terminate your
enrollment for some breaches.

What happens after a breach
After a breach, a risk assessment is conducted
and considers the following factors:
1. Nature and extent of PHI involved;
2. To whom the PHI may have been
disclosed;
3. Whether that PHI was actually acquired
or viewed; and
4. The extent to which the risk to the PHI
has been mitigated

What not to do
Dont use names in presentations.
Dont photocopy records.
Dont leave the hospital with records.
Remove identifiers from copies.
Dont access records unnecessarily.
Ensure all copies are put into secure
document bins at shift end.
No photographing.
Dont email any patient information.
Dont enter patient information into PDAs
or smart-phones.
Dont post to social media.
Dont talk about patients on elevators.
What will happen to you
Your school will be contacted.
The government will be notified.
Minimum fine of $100.
You will be sanctioned. Sanctions
include:
Verbal/written warning
Probation
Suspension
Transfer
Termination
Advocate to collegues when you notice risky behavior!