Kern Medical New Associate Orientation Guide

Keeping PHI Secure

The Do’s and Don’ts

• Never discuss PHI in public or within earshot of others.

Do’s

• Access medical records only as necessary to carry out the duties of your job.

• Never share passwords.

• Never post passwords on/near your computer, device or work area.

• Access, carry, discuss and disclose minimum necessary PHI.

• Never post patient PHI on social media or anywhere!

• Always confirm fax number is correct and use a cover sheet.

• Never access medical records for personal benefit or curiosity. This includes your own medical record and the medical records of your family. • Do not carry PHI on you unless necessary for your job duties – you are responsible for the security of PHI at all times. • Do not email PHI to/from an external email account unless it is in accordance with your job duties. o Check with IT and your supervisor before emailing PHI outside Kern Medical. • Never disclose PHI to anyone unless patient has given written authorization to do so, AND you have verified the recipient’s identity.

• Always lock computer when you step away, even for just a few moments; keep computer screens turned away from others’ view. • The only PHI that may be used in the subject line or body of an email when sending externally is the MRN and patient initials. o Emails sent within Kern Medical may have PHI in attachment.

• Use the proper disposal bins when disposing of PHI.

• Always do the right thing and report any concerns!

• If you see something, say something!

• Never leave any PHI unattended anywhere.

Don’ts

55