Skip to main content.
Donate Now!

  1. Protecting Confidentiality of Electronic PHI

    •   All workstation monitors in public areas that contain PHI must be positioned in a way to

      avoid observation by unauthorized individuals

    •   All screens or unattended workstations containing PHI must be returned to the logon

      screen or have a password-enabled screensaver

    •   All workstations must be locked after business hours

    •   Employees must protect their IDs and passwords and never share them

    •   Employees must never share workstations while logged in

    •   Passwords must never be written or in plain sight

    •   Employees must never store electronic reports, spreadsheets, databases, or other

      documents containing PHI on their workstations

    •   Laptops at the health centers that are used for EHR purposes must be stored in locked

      areas

    •   Employees must never conduct business communications containing PHI using:

      An email account not provided by PPSWO (i.e. Hotmail, yahoo, gmail, or MSN)
      Text messaging unless it is a PPSWO text program
      Telephone voice message unless provider-to-provider in an emergency situation

      or provider-to-patient if the patient provided prior consent.

    •   If a patient requests their PHI as an electronic file, it must be in an encrypted form

      (patient portal, locked file, encrypted email)

    •   Business emails should include a confidentiality notice