Patient Privacy and Confidentiality
We are committed to following federal and state laws that require us to protect patients’ Protected Health Information( PHI). We take this seriously and exercise caution when accessing and discussing PHI. You must not abuse your access to confidential information or even worse, abuse your position to discover confidential information that your job does not require you to know. Any violations of the confidentiality or HIPAA policies must be reported to the Privacy Officer. If questions arise regarding an obligation to maintain the confidentiality of information or the appropriateness of releasing information, you should seek guidance from your team leader or the Privacy Officer.
Q. I work in the Village Pavilion and do not provide direct patient care. Do I need to lock my computer when I leave my workstation unattended?
A. You must lock your computers when you leave any workstation unattended to avoid any breaches of PHI and / or confidential information. Regardless of your specific role within the organization and whether or not you provide direct patient care, you must lock your workstation when leaving it unattended.
Q. I am a pharmacist and accidentally faxed a prescription to the incorrect external pharmacy. What should I do?
A. This incident is considered an impermissible disclosure. An impermissible disclosure is defined as any disclosure of PHI to a person or entity that does not have lawful rights to such information. If you are aware of an actual or potential impermissible disclosure of PHI, immediately contact the Privacy Officer within the Corporate Compliance Program. All impermissible disclosures must be reviewed by the Privacy Officer to determine if they meet the requirements for notification under the HIPAA Breach Notification Rule.
Q. I am a nurse who provides direct patient care. A patient’ s legal guardian requested I print off medical records from the patient’ s last two clinic appointments. Am I allowed to print and provide such medical records as requested?
A. Per Children’ s Colorado policy, patients and individuals who have the legal right to access the patient’ s medical records must obtain records through the Health Information Management( HIM) representative( 720-777-6343).
Q. One of my child’ s classmates was admitted to the hospital. Since I am a team member, may I look at the child’ s medical record?
A. If you are directly involved with the care of the child, the answer is yes, but only to the extent necessary to perform your job functions. You may not share this information with any individuals not authorized to receive the patient’ s Protected Health Information( PHI), including anyone at your child’ s school. If you are not involved with the child’ s care, you may not read the child’ s medical record as this would constitute as a snooping violation. For example, if you work as a physical therapist and have not been consulted to provide care, reading the chart would breach patient confidentiality. When accessing PHI, ask yourself: Do I really need to know this information in order to do my job?
Q. My child is currently a patient at Children’ s Colorado. I would like to know his lab results, but I do not want to wait for his doctor to call me. Since I have access to the electronic medical record, is it okay for me to look it up?
A. You should not use your access granted through your professional role for personal reasons. In this particular situation, you are the consumer of healthcare and must access your child’ s Protected Health Information( PHI) only through the proper channels per Children’ s Colorado policy just as any other patient’ s parent / guardian.
9