HIPAA Security

HIPAA Security and Privacy Rules work together and govern how we handle patient information. HIPAA Privacy Rules cover how we can use and disclose patient information while the HIPAA Security Rules provide standards for safeguarding and protecting electronic protected health information (ePHI).  

HIPAA Security Rules are the focus of recent regulatory enforcement activity to better protected patient information as we are transitioning to the use of electronic health records for all Americans by 2014. As new technologies evolve, the workforce becomes more mobile and efficient by moving away from paper processes and relying more heavily on the use of computers. The rise in the use of administrative and clinical technologies creates an increase in potential security risks.

HIPAA Security Rules are designed to protect ePHI and at the same time, permit the appropriate access and use of that information by the people who need it for treatment, payment, and health care operations. 

All Patient Information is Protected – Keep it SECURE

Protected health information (PHI) is any individually identifiable information contained in an electronic or paper medical record.  PHI includes a patient’s mental or physical health condition as well as a patient’s billing and demographic information.  All PHI must be used and maintained in a secure fashion.  

Emailing PHI

If PHI is not properly handled, it can get into the wrong hands and be used maliciously. Electronic PHI shared among members of the Baptist Health community, within our firewall, is secure.  

This means that email sent from one Baptistfirst.org e-mail account to another Baptistfirst.org account is automatically sent securely. If PHI must be sent electronically to another provider, a payor, or to the patient, it is traveling outside the Baptist Health firewall and must be encrypted to be secure.  

Protecting Your Personal Data and that of Baptist Health

Any time that you walk away from your workstation, protect the PHI that you are using by logging out of your computer. Otherwise passers-by or other employees might gain access to PHI they are not authorized to use.  

Your password is private and personal. It is the connection to your paycheck, benefits and everything you save on your computer. Never write your password on a Post-it note and place it on your computer.

Passwords are for your individual use. One password should never be shared by a group of employees. Each person should have a separate password.

Never ask someone for their password or give someone yours, even if you supervise their work. The correct approach is to use a shared drive to make files available to more than one person. If you need a shared drive, contact the HelpDesk.

Disposing of PHI

Information can never be fully erased from the memory of an electronic device. Computers and portable media devices that are used to store PHI must be sanitized before they are disposed or reused. There are very specific procedures for cleansing and disposing of electronic equipment. If you need to get rid of electronic equipment that contains PHI, please call the HelpDesk.

When paper medical records are no longer needed, they must be disposed of in designated shredding containers. Paper records containing any type of PHI should never be recycled or thrown in the garbage.