Professional Documents
Culture Documents
Why Does Privacy & Security Matter? Our Patients’ Trust Starts With You
Here at Texas Tech University Health Sciences Center El ONLY look at, discuss and/or use a patient’s PHI/e-PHI if
Paso we value our patients’ rights regarding their privacy you immediately need it to perform your job duty
and confidentiality.
• Under HIPAA it is against the law to access PHI or
Ensuring privacy and security of private health ask someone to access it for you - if you are not
information, including electronic medical records (EMR) is authorized or have no business purpose to see PHI to
a key component to building trust with our TTUHSC El directly perform your job duties
Paso patients. – even if you are trying to be helpful!!
If our patients lack trust in the physical or electronic If any other individual outside your department or
exchange of their information, it may negatively affect that TTUHSC El Paso is requesting PHI, you must first obtain
patient-provider relationship. a signed authorization from your patient (ROI) and keep it
on file
What exactly are we protecting?
• Every employee here at TTUHSC El Paso does not
• Protected Health Information (PHI) automatically have unrestricted access to all PHI
across the board. Protect PHI from TTUHSC El Paso
• Both Physical (PHI) and Electronic (e-PHI); and employees who are not authorized or do not have
• Private Information (PI) or Electronic Private any need to see a patient’s PHI to perform their job
Information (e-PI) duties
• Be discreet in your conversations or when discussing
Health Insurance Portability and PHI, especially in public areas.
Accountability Act - HIPAA (HSCEP OP 52.02)
• HIPAA ensures the protection of a patient’s health
Privacy of PHI
information and TTUHSC El Paso follows this federal • Don’t leave PHI where it is visible or accessible to
law to ensure the privacy and security of this PHI or e- public or other individuals out in the open
PHI
• Use Confidentiality Disclaimer on any fax coversheet
• PHI is at risk from YOU when you access this private
information (PI) outside of your job duties, save • PHI/e-PHI is “unsecured” if it is NOT:
unsecured/unencrypted PI onto portable devices, do 1. Encrypted (HSCEP OP 56.04) or 2. Destroyed
not have updated McAfee Anti-Virus protection on all
• Always lock your computer when you walk away from
devices or leave a device unsecured in the open,
it! No excuses!
visible to anyone
o Ctrl + Alt + Delete, then select “Lock
Information Privacy and Security Computer
There are Information Technology (IT) and o Windows Button + L, and the screen will lock
Compliance/HIPAA Policies and Procedures that have • Keep offices and workstations secured at all times
been implemented based on Federal and State laws and
regulations to provide a common framework for adopting
and deploying Privacy and Security resources within
Password Security
TTUHSC El Paso. • Do NOT ever share your passwords
o No one inside or outside our TTUHSC El
• Compliance Policies:
Paso system should ask for it – don’t give it
http://elpaso.ttuhsc.edu/compliance/
out!
• IT Security Policies: o Do NOT write your passwords down where
http://elpaso.ttuhsc.edu/it/ they can be found!
• HIPAA Violation Severity Levels and Corresponding • Make sure all PHI is stored only on Secured Servers
Disciplinary Actions: HSCEP OP 52.14 • If your password has been compromised, change it
immediately!
Ron Graham
Ron.Graham@ttuhsc.edu (915) 215-4040