Faculty, staff, Residents, and students are reminded of their professional obligation to protect private patient information. All use of computer based patient information must be in compliance with HIPAA guidelines. Logging into a patient’s HIPAA protected record and then leaving the computer unattended thereby allowing unauthorized individuals to have access is a violation of HIPAA and will result in loss of access privileges.
Faculty, staff, Residents, and students must insure that they keep their axiUm and their network password secure. Absolutely no one should have access to another individual’s access information. Failure to secure this information is a violation of HIPAA and will result in loss of access privileges.
Faculty, staff, Residents and students use of clinical patient photographs is acceptable for educational purposes. All patient-related identification must be removed from the photographs and as well as from the file names of the image documents. Full-face images must have the eyes blocked out sufficiently to prohibit patient identification, unless the patient has specifically signed a document releasing the right to use such images.
Note: Pacific has acquired and deployed a large secure email attachment system from Accellion. Accellion Secure File Sharing allows you to share files securely with recipients both inside and outside of the University. Read More about Accellion ›>
Faculty, staff, residents, and students must not store protected patient information on individual computers, hard drives, jump drives or mobile electronic devices, or in printed media or cloud storage. This applies to devices on or off campus. All protected patient information storage must occur only on University servers using software and locations specifically designated by IT for this purpose. Failure to adhere to the policies in this paragraph places private patient information at risk HIPAA violation and will result in loss of data access privileges.
Students may store their patient names and phone numbers, for their assigned patients, on non-server devices for use in after-hours contact of patients for scheduling purposes. In this case the patients’ last names should be abbreviated as much as possible to minimize the chance of patient identification by non-SDM personnel.