Kern Medical New Hire Guide 2024

Keeping PHI Secure The Do’s and Don’ts Do’s • Access medical records only as necessary to carry out the duties of your job. • Access, carry, discuss and disclose minimum necessary PHI. • Always confirm fax number is correct and use a cover sheet. • Always lock computer when you step away, even for just a few moments; keep computer screens turned away from others’ view. • The only PHI that may be used in the subject line or body of an email when sending externally is the MRN and patient initials. o Emails sent within Kern Medical may have PHI in attachment. • Use the proper disposal bins when disposing of PHI. • Always do the right thing and report any concerns! • If you see something, say something!

Don’ts • Never discuss PHI in public or within earshot of others. • Never share passwords. • Never post passwords on/near your computer, device or work area. • Never post patient PHI on social media or anywhere! • Never access medical records for personal benefit or curiosity. This includes your own medical record and the medical records of your family. • Do not carry PHI on you unless necessary for your job duties – you are responsible for the security of PHI at all times. • Do not email PHI to/from an external email account unless it is in accordance with your job duties. o Check with IT and your supervisor before emailing PHI outside Kern Medical. • Never disclose PHI to anyone unless patient has given written authorization to do so, AND you have verified the recipient’s identity. • Never leave any PHI unattended anywhere.

58