Docstoc

safeguard

Document Sample
safeguard Powered By Docstoc
					          STATE OF ALASKA                                      SECTION:                 Number:     Page:
DEPARTMENT OF HEALTH & SOCIAL SERVICES                         HIPAA                    HIPAA       1
                                                                                        Privacy 7
       DIVISION OF BEHAVIORAL HEALTH                           SUBJECT:

         POLICY & PROCEDURE MANUAL                              Safeguarding Protected Health
                                                               Information
                                                               APPROVED:                    DATE:
                                                                                            July 2003




Safeguarding Protected Health Information


Purpose
To assure that DBH takes reasonable measures to safeguard individuals’ protected health information in
paper and electronic files.

Policy
DBH will safeguard PHI from unauthorized use or disclosure by restricting access to physical and
electronic files and by storing physical and electronic files in a secure manner.

Procedures
Physical Files:
   o The DBH Privacy Officer will periodically review how DBH’s PHI is obtained, transported,
      stored, used, disclosed and disposed of to identify risks to the privacy and security of the PHI.

   o The DBH Privacy Officer will recommend changes in office procedures, office equipment or
     organization to reduce these risks.

   o The DBH Privacy Officer will weigh the potential damage posed by the weakness or risk, the
     likelihood of damage occurring and the cost of reducing the risk.

   o At a minimum, each DBH office and location will arrange for secure storage of documents to be
     shredded and frequent shredding of documents containing PHI.

   o At a minimum, each DBH office and location will limit access to paper files containing PHI by
     providing locked file cabinets or lockable file rooms or other means to protect individuals’ health
     information.

   o No files will be stored in boxes with client names or in cabinets through which client names can
     be seen.

   o Program files, for example, AYI files, and DET files, will be kept separate from each other.

   o Each program’s files will have a file “sign out” card to be used when files are being removed
     from file cabinets.

   o All staff will assure that any paper containing PHI that is no longer needed is shredded and
     disposed of promptly.
          STATE OF ALASKA                                     SECTION:                 Number:     Page:
DEPARTMENT OF HEALTH & SOCIAL SERVICES                        HIPAA                    HIPAA       2
                                                                                       Privacy 7
      DIVISION OF BEHAVIORAL HEALTH                           SUBJECT:

        POLICY & PROCEDURE MANUAL                              Safeguarding Protected Health
                                                              Information
                                                              APPROVED:                     DATE:
                                                                                            July 2003




Electronic PHI:
   o The DBH IT Unit Head is the person responsible for DBH’s electronic security. (SEE P&P on
       Security Officer.)

   o The IT Unit Head will assure that access to electronic files containing PHI is restricted to staff
     whose work requires such access through password protection. (See P&P on Passwords)

   o The IT Unit Head and the Privacy Officer will weigh the potential damage posed by the
     weakness or risk, the likelihood of damage occurring and the cost of reducing the risk.

   o Security arrangements will be consistent with 45 CFR Parts 160, 162 and 164 Final Rule
     Security Standards published February 20, 2003 and will be consistent with DHDD’s standards
     for electronic exchange of PHI and secure storage of electronic PHI. (See HIPAA Security P&Ps)

Electronic Security—see also appropriate HIPAA Security P&Ps

   o E-mail containing PHI will be either printed and then deleted or will be moved promptly to a
     password secure file.

   o Responses to emails with PHI will delete the original PHI.

   o Emails will not use PHI/client names or other identifiers in the subject line.

   o When possible, put PHI into Word or Excel and send it as an attachment.

   o Remember to send only the minimum necessary information as de-identified as possible.

   o Outlook calendar appointments should not use full client names to identify the meeting.

   o The DBH IT Unit Head and the Privacy Officer will periodically review the location and display
     of computer terminals, printers and FAX machines to assure compliance with this policy.

   o Assure workstations that have access to PHI are screened as much as possible or turned from the
     public and otherwise protect PHI. (see P&P Workstation Security)

   o Printers and FAX machines will be located to minimize public access. To the extent possible,
     each program within an office (for example, Substance Abuse and MH) will use separate FAX
     and printer systems. (See P&P on FAX usage and FAX confidentiality statement.)
          STATE OF ALASKA                                       SECTION:                  Number:     Page:
DEPARTMENT OF HEALTH & SOCIAL SERVICES                          HIPAA                     HIPAA       3
                                                                                          Privacy 7
       DIVISION OF BEHAVIORAL HEALTH                            SUBJECT:

          POLICY & PROCEDURE MANUAL                              Safeguarding Protected Health
                                                                Information
                                                                APPROVED:                      DATE:
                                                                                               July 2003


   o All staff will use the following language is used by staff in the emails when the email contains
     PHI:

Note: This communication may contain confidential information. If you are not the addressee, you may
not read, copy, or distribute this e-mail. If you receive this e-mail in error, please advise by return e-mail
and delete the message from your system. Thank you.



   o All staff will use a Confidential FAX cover sheet (attached below) when sending PHI.


Changes to office equipment or procedures to assure compliance with this policy will be documented
and documentation will be retained for 6 years.

References:
DHSS P&P (not yet drafted)

45 CFR 164.530 (c)

Attachment
Faxform
             STATE OF ALASKA                                       SECTION:                 Number:     Page:
   DEPARTMENT OF HEALTH & SOCIAL SERVICES                          HIPAA                    HIPAA       4
                                                                                            Privacy 7
           DIVISION OF BEHAVIORAL HEALTH                           SUBJECT:

              POLICY & PROCEDURE MANUAL                             Safeguarding Protected Health
                                                                   Information
                                                                   APPROVED:                    DATE:
                                                                                                July 2003


                                         STATE OF ALASKA
                           DEPARTMENT OF HEALTH &SOCIAL SERVICES
                                DIVISION OF BEHAVIORAL HEALTH
                       CENTRAL OFFICE                PHONE: (907) 465-3370
                      P.O. BOX 110620                             FAX: (907) 465-2668
                      JUNEAU, AK 99811-0620



         CONFIDENTIAL FAX
DATE                                                   Number of Pages including this one



Deliver to:                                                From:



Phone Number                                               Phone Number: (907) 465-
Fax Number                                                 Fax Number: (907) 465-


Message:




The information contained in this FAX is confidential and/or privileged. This FAX is intended to be reviewed
initially by only the individual named above. If the reader of this TRANSMITTAL PAGE is not the intended
recipient or a representative of the intended recipient you are hereby notified that any review, dissemination, or
copying of this FAX or the information contained herein is prohibited. If you have received this FAX in error,
please immediately notify the sender by telephone and return this FAX to the sender at the address above.
Thank you.


                  If you have any problems receiving this fax please phone (907) 465-

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:11/3/2011
language:English
pages:4