As a member of the workforce of Baptist Health who has received training under Baptist’s Compliance Plan, I accept responsibility to:
1. Take reasonable safeguards to protect patient information.
2. Participate in and complete all required training that is offered to me.
3. Be familiar with the policies and procedures that apply to me and my job.
4. Ask questions of my supervisor or Corporate Compliance when unsure of how HIPAA or Baptist Health’s policies and procedures apply to a situation or the performance of my job.
5. Access, use and disclose protected health information only as permitted by Baptist Health’s policies and necessary for my job classification. I will not access patient information for personal reasons; this includes my own information or that of my family/friends.
6. Protect patient privacy by not photographing, video/audiotaping a patient, visitor or another workforce member using a personal device, e.g., cell phone. I will only use a designated Baptist Health-owned device to photograph a patient after obtaining the patient’s consent.
7. Not post information or photographs about patients, visitors, or other workforce members on social-networking sites such as Facebook, Twitter, LinkedIn, YouTube, etc. in accordance with Baptist Health Social Media Policy.
8. Promptly, immediately upon discovery, report any first-hand knowledge that there has been a violation of HIPAA, Baptist Health’s Compliance Plan or an improper use or disclosure of protected health information.
9. Never share a password with another person; never allow another person to access information under my identity; never access information under another person’s identity; and always comply with Baptist Health’s access controls.
10. Not retaliate against a patient or workforce member who files a complaint or exercises rights permitted by HIPAA or Baptist Health’s policies.
11. Cooperate in surveys, assessments and investigations by Baptist Health seeking information about compliance with its Compliance Plan or HIPAA.
12. Refer patients who ask to see or copy their record, amend their record, obtain an accounting of disclosures, file a complaint, obtain voluntary restrictions on use and disclosure, or receive communications via alternate means, to a department/unit supervisor, Health Information Management or Corporate Compliance.
13. Logoff my computer when unattended and secure any papers that contain protected health information.
14. Upon completion of use, destroy paper containing protected health information by placing it into designated Baptist Health shred bins.
15. Not email or text protected health information to an outside website, email address, etc. without the appropriate encryption and safeguards.
16. Use technology given to me, including remote access/VPN, in accordance with Baptist Health standards and the Acceptable Use of Technology and Remote Access Policies.
17. Report suspected violations of the HIPAA Basic Workforce Responsibilities through the following voluntary reporting mechanisms:
a. Ethics Hot Line: 1-800-621-5966
b. Corporate Compliance Department: 334-273-4442
c. Corporate Compliance Email: firstname.lastname@example.org