HIPAA Policy - PROTECTED HEALTH INFORMATION (PHI) CONFIDENTIALITY STATEMENT
Terms and Conditions
Privacy Policy (HIPAA Protected Health Information (PHI) Confidentiality Statement)
Examples of Misuse
Accessing confidential information that is not within the scope of your duties
- Unauthorized reading of patient account information
- Unauthorized reading of a patient's claim
- Unauthorized access of personnel file information
- Accessing information that you do not "need-to-know" for the proper execution of your duties.
Misusing, disclosing without proper authorization, or altering confidential information:
- Making unauthorized marks on a patient's claim
- Making unauthorized changes to a personnel file
- Sharing or reproducing information in a patient claim or a personnel file with unauthorized personnel
- Discussing confidential information in a public area such as a waiting room or elevator.
Disclosing to another person your sign-on code and/or password for accessing electronic confidential information or for physical access to restricted areas
- Telling a co-worker your password so that he or she can log in to your work or access your work area
- Telling an unauthorized person the access codes for personnel files, patient accounts, or restricted areas.
Using another person's sign-on code and/or password for accessing electronic confidential information or for physical access to restricted areas
- Using a co-worker's password to log in to the MCCF computer system or access their work area
- Unauthorized use of a login code for access to personnel files, patient accounts, or restricted areas
Intentional or negligent mishandling or destruction of confidential information
- Leaving confidential information in areas outside of your work area, such as the breakroom or your home.
- Disposing of confidential information in a non-approved container, such as a trash can.
Leaving a secured application unattended while signed on
- Being away from your desk while you are logged into an application.
- Allowing a co-worker to use your secured application for which he or she does not have access after you have logged in.
Attempting to access a secured application or restricted area without proper authorization or for purposes other than official MCCF business
- Trying passwords and login codes to gain access to an unauthorized area of the computer system or restricted area
- Using a co-worker's application for which you do not have access after he or she is logged in.
The examples above are only a few types of mishandling of confidential information. If you have any questions about the handling, use or disclosure of confidential information please contact your supervisor, manager, or director.