KEEPING PATIENT information confidential is essential to excellent
care. Patients expect that their protected health information (PHI)
will be kept private. What’s more, failure to safeguard their PHI could cause them to question the quality of their health care. Under the Health Insurance Portability and Accountability Act (HIPAA), PHI violations can also result in professional sanctions and significant financial penalties.
Employees may be violating patient privacy without knowing.
To comply with HIPAA and secure patients’ information, keep these
privacy guidelines in mind:
1. Do not access records for a patient who is no longer under
your care because you are concerned about what has happened to him or her.
2. Do not post patient information on a social media site, even when
the posting is done on your own private Facebook page, Twitter account, etc.
3. Do not post or share pictures of your workload or paperwork on
your private social media site. Pictures can be enlarged to reveal
PHI on documents.
4. Do not post pictures of a Johns Hopkins patient on your private
social media site, even when the pictures are taken during your
nonwork hours.
5. Do not download PHI to an unsecured device (such as a laptop, iPad, cellphone, etc.) or desktop computer to make data more accessible for you to perform your job.
6. Do not check the medical record of a co-worker or friend because
you are concerned for his or her well-being.
7. Do not use a medical record to find an address or phone number for personal reasons.
8. Do not share your log-in ID and/or
password.
9. Do not leave your computer unattended while you are logged into a system containing PHI.
10. Do not discuss information about a current patient with his or her
family member without authorization or without knowing that the
person meets the “involved in the patient’s care” standard.
To learn more, visit http://bit.ly/2ekElj