MUSC Medical Links Charleston Links Archives Medical Educator Speakers Bureau Seminars and Events Research Studies Research Grants Catalyst PDF File Community Happenings Campus News

Return to Main Menu

Health Information Privacy, Security Week

April 9 - 15

by Mike Wheeler, Sharon Knowles, Julie Acker
and Melissa Altman
University, MUHA, UMA & CFC Privacy Officers
The landmark federal law ensuring health information is protected and secured turns two years old this week, which has been designated as Health Information Privacy and Security Week.
 
This week (April 9-15) coincides with the anniversary of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule implementation of April 2003 and HIPAA’s Security Rule implementation of April 2005. The privacy rule provides a federal law to protect privacy and confidentiality by preventing a release of an individual’s private health information while the security rule specifies requirements for protecting health information stored in an electronic format.
 
The theme of this week’s designation is “Protecting Patient Privacy, Building Public Trust.” By protecting our patient’s privacy, we also protect their dignity and, ultimately, protect their trust in our ability to provide quality health care. In addition, our MUSC Code of Conduct stresses the need to protect patient privacy by stating: “With regard to professional conduct, those acting on behalf of MUSC should practice confidentiality by protecting the integrity and security of MUSC information such as patient records.”  
 
The top 10 work practices you need to follow to ensure the protection of patient’s health information are:
1. Only access a patient’s medical record for treatment, payment, or health care operations purposes. Remember, our computerized (electronic) patient record systems have built-in audit capabilities that are reviewed on a weekly basis. In other words, each week, we randomly review which medical records were accessed.

2. Never share your computer access passwords. Also remember to log out of computerized record systems before you leave your computer terminal unattended.

3. When discussing health information in a waiting room or areas where others are able to hear your conversation, speak softly and never hold discussions in public places such as elevators, hallways or cafeterias.

4. Never leave a medical record unattended. This practice also includes other items that contain health information such as lab reports, a list of scheduled appointments, faxes, printed e-mails, etc. In addition, remember to close wallaroos  (a portable writing wall unit) containing patient information.

5. Turn your computer screen so a passerby cannot view a patient’s health information. If this is not possible, consider installing a privacy screen so only the person directly in front of the screen can view the information.

6. When disposing of patient information, ensure the information is properly shredded. Do not place patient information in a recycle bin.

7. Never leave a phone message about a patient’s health information with anyone but the person you are trying to reach or leave messages containing patient information on answering machines.

8. Inform your supervisor if you find patient information in an open trash container or recycle bin.

9. Ensure you complete both Privacy and Information Technology Security training prior to accessing any patient health information.

10. Report anyone you see violating privacy or security rules to your supervisor, a privacy officer or the confidential hotline at 1-800-296-0269 (Toll-free, available 24 hours, 7 days a week).

Did you know...
  •  All employees who are admitted to this hospital have their record audited on discharge to ensure that no unauthorized person viewed their information.
  • Looking at a spouse or significant other’s protected health information (information in Oacis or Practice Partner, etc) without prior written permission is a HIPAA violation and subject to disciplinary action.
  • More than 300 audits were done on employee records last year.
  • You need prior written authorization to view the protected health information (PHI) of your child 16 years or older, regardless of who is guarantor for the insurance/medical bill.
  • Three employees were terminated during the past year for unauthorized viewing of patient information.
  • Request an audit of your protected health information in Oacis or Practice Partner by contacting Sharon Knowles at the HIPAA Compliance Office (792-4037) or e-mail knowles@musc.edu.



   

Friday, April 14, 2006
Catalyst Online is published weekly, updated as needed and improved from time to time by the MUSC Office of Public Relations for the faculty, employees and students of the Medical University of South Carolina. Catalyst Online editor, Kim Draughn, can be reached at 792-4107 or by email, catalyst@musc.edu. Editorial copy can be submitted to Catalyst Online and to The Catalyst in print by fax, 792-6723, or by email to catalyst@musc.edu. To place an ad in The Catalyst hardcopy, call Island papers at 849-1778, ext. 201.