Date of Last Review 6/6/07
SME: Director of Management Information Systems

PHI on Individual Computers and Data Bases

Policy

This policy provides the process to protect, store and remove patient health information (PHI) within and outside of UT-HCPC. All data is considered classified within HCPC according to administration. All Confidential Information is defined by Texas Administrative Code.

All Confidential Information is defined by Texas Administrative Code.

Procedure

1. MIS’s Responsibilities: To encrypt all patient health information data on HCPC’s servers and laptops that leave UT-HCPC.

IT will perform manual spot checks on the computers in high risk areas.

2. HIM Responsibilities:

All release of information goes through Health Information Management Department for approval before saving on individual laptops or leaving UT-HCPC.

3. Departmental Responsibilities:

To inform HIM if electronic or hard copy PHI is going to be stored on an individual laptop or leaving UT-HCPC premises.

All individual PHI information will be stored on UT-HCPC’s servers where the data is encrypted. No PHI is to be stored on the local computers within UT-HCPC.

Inform HIM of any violations that occur against this policy.

4. Ownership Responsibilities:

Owners of the data need to ensure they are the only ones who have access to the data and share the data only on a need to know basis.

5. Administration Responsibilities:

To uphold this policy and ensure management holds those accountable for upholding violating the policy.

Violating this policy can lead up to termination.

6. Oversight and Reporting Plan:

UT-HCPC’s Compliance Committee will oversee the compliance of this policy. Any violations will be reported by HIM in a status report to UT-HCPC’s Compliance Committee and UTHSC’s CIO.

7. Training:

Training is conducted at orientation and annually on Blackboard. Each employee must take the mandatory compliance and HIPAA training on Blackboard.

8. Location of Policy and Distribution:

This policy will be located on UT-HCPC’s policy and procedure website and distributed to each employee


Director of MIS
UT-HCPC

Related standards

The Joint Commission : Management of Information
                                         HIPAA

 

 

 

If you have questions regarding the content of this site please contact the Policy and Procedure Committee. If you experience any technical problems please contact the MIS Department.