What does it mean for you

A breach is the unauthorized acquisition, access, use, or disclosure of PHI that compromises the privacy or security of the PHI. We are all responsible for protecting our members’ and patients’ confidential information. If a breach occurs, immediately notify your supervisor or the Security Officer.

Do not peek

• No matter how curious you might be regarding the health of a coworker, a friend, a celebrity, or a familymember, do not access a medical record unless you are authorized to do so.Never access or discuss a fellow employee’s PHI unless it is for purposes allowed by law and required for your job.

Think Twice When You Talk About PHI

• Do not discuss any PHI information at home or outside of work. Avoid discussing PHI in public areas, including talking on a cell phone where others may overhear. Lower your voice when you must share PHI in areas where others might overhear.

Prevent Unauthorized Access to Facilities and Secure Areas

• Keep doors locked and restrict access to areas where sensitive information or equipment is kept. As discussed earlier, you should not have PHI on your laptops. Do not post keypad access codes.- Shield the key strokes when entering an access code to prevent others from seeing the code.

Prevent Unauthorized Access to and Disclosure of Electronic PHI

• Create complex passwords with a minimum of eight characters--at least one number, symbol and/or one letter. Use a mixture of capital and lower case letters. Do not use consecutive identical characters or all alphabetical groups or consecutive characters on the keyboard (e.g., aaaaaa, 111111, qwerty).

• If you suspect your password has been compromised or misused, you should immediately change the password, and report the incident to your supervisor.- Do not share or post passwords or user IDs on your computer. If someone asks to use your password, report it to your supervisor.

• Use a password, and secure or lock your workstation, before stepping away and leaving it unattended for any period of time

• If you share a workstation, only use your own password and logon ID to access data. Log-off when you are finished. Never share your passwords with other users; you could be held responsible if an unauthorized person uses your logon or password to access or disclose PHI.

• Turn your computer screen away from viewing by visitors if you work in an open area.

Provide Physical Security for Portable Computing and Storage Devices

• Store confidential information such as PHI only on Prevail Health’s secured network servers. Never store PHI on a laptop or other portable, endpoint device.

• Know where your portable devices (laptop, PDA, cell phone, hand-held device, mp3 player, flash or jump drive, CD or DVD, etc.) are at all times. Never check them as baggage or leave them unattended or unsecured at home, work, or in transit.Whenever you leave your work area, make sure your laptop is secured by a locking cable, or securely locked in the docking station.

• If you are leaving for the day, take the laptop or other device with you or lock it in a desk or cabinet. If your device is stolen or lost, immediately report the loss to your supervisor.- If the lost or stolen device contained PHI—encrypted or unencrypted—you must report the loss of the data immediately to the Chief Security Officer.

**Violating Prevail Health policies, federal regulations, and state laws and regulations can lead to disciplinary action – up to and including termination, personal fines, civil and criminal penalties and suspension of professional licenses.**

**You are responsible for understanding this information and any additional information necessary to comply with all laws and policies that affect your job.** If you have questions about what you must do, talk to us.