-
Protecting Confidentiality of Electronic PHI
-
All workstation monitors in public areas that contain PHI must be positioned in a way to
avoid observation by unauthorized individuals
-
All screens or unattended workstations containing PHI must be returned to the logon
screen or have a password-enabled screensaver
-
All workstations must be locked after business hours
-
Employees must protect their IDs and passwords and never share them
-
Employees must never share workstations while logged in
-
Passwords must never be written or in plain sight
-
Employees must never store electronic reports, spreadsheets, databases, or other
documents containing PHI on their workstations
-
Laptops at the health centers that are used for EHR purposes must be stored in locked
areas
-
Employees must never conduct business communications containing PHI using:
o An email account not provided by PPSWO (i.e. Hotmail, yahoo, gmail, or MSN)
o Text messaging unless it is a PPSWO text program
o Telephone voice message unless provider-to-provider in an emergency situationor provider-to-patient if the patient provided prior consent.
-
If a patient requests their PHI as an electronic file, it must be in an encrypted form
(patient portal, locked file, encrypted email)
-
Business emails should include a confidentiality notice
-