Policies & Procedures
P&P Home

Institutional Handbook of Operating Procedures (IHOP)

Table of Contents
Official Governance
General Administrative
Employee Related
Fiscal Related
Faculty Related
Compliance Related
Student Policies
Health, Safety and Security


About IHOP (coming soon)
Description of the IHOP Process
Committee Members
Goals of the IHOP Committee
Process Diagram

Other Policies and Procedures

Departmental
Healthcare Epidemiology Policies

UTMB HANDBOOK OF OPERATING PROCEDURES

Section 6 Compliance Policies

Subject 6.2 Privacy Related

Policy 6.2.11 Storage and Securing of PHI

04/11/03 - Originated

07/06/07 - Reviewed w changes

- Reviewed w/o changes

Compliance Office - Author

Storing and Securing PHI

Policy

UTMB protects the confidentiality and integrity of confidential medical information as required by law, professional ethics, and accreditation requirements. UTMB personnel must take adequate steps to secure and store Protected Health Information (PHI) in their possession at all times.

All supervisors are responsible for enforcing this policy. Individuals who violate this policy will be subject to the appropriate and applicable disciplinary process, up to and including termination or dismissal.

Violation of this policy may further result in disciplinary action up to and including termination for employees; a termination of employment relationship in the case of contractors or consultants; or suspension or expulsion in the case of a student. Additionally, individuals may be subject to loss of access privileges and civil and/or criminal prosecution.

Standards

All personnel must strictly observe the following standards relating to securing and storing of PHI:

Securing PHI:

    • UTMB personnel must keep track of all PHI they maintain and secure it when in public locations. Any PHI that is left, dropped or misplaced is a violation of HIPAA and can result in disciplinary action. UTMB personnel are personally responsible for all PHI they maintain while on and off UTMB premises.

    • PHI stored on portable electronic devices such as diskettes, CD’s and jump drives must be secured and not left, dropped or misplaced while being used or transported on and off UTMB premises. PHI stored on electronic devices must be password protected and encrypted. For more information on securing electronically stored PHI, please contact the IS Help Desk.

Storage of PHI:

    Outside of regular working hours, UTMB personnel must clean desks and working areas such that all PHI is properly secured, unless the immediate area can be secured from unauthorized access.

    • Departments or clinics that store PHI in any electronic or paper format, including patient records, must maintain the PHI in locked

Standards, continued

    areas.

    • When not in use, PHI must always be protected from unauthorized access. When left in an unattended room, such information must be appropriately secured.

    • When PHI is being released through teleconference or video feed, UTMB personnel must treat the protection of PHI in the same manner as PHI recorded on paper, thereby securing access to the teleconference or video to authorized personnel only.

    • PHI stored in medical equipment (e.g. EKG, Ultrasound, Flexsig machines) must be kept secure and disposed of according to Policy 6.2.12, Disposal of PHI.

    • If PHI is to be stored on the hard disk drive or other internal components of a personal computer or PDA (Personal Digital Assistant), it must be protected by password and encryption. Unless encrypted, when not in use, this media must be secured from unauthorized access.

If PHI is stored on diskettes, CD-ROM or other removable data storage media, it cannot be commingled with other electronic information.

     

UTMB | Search | Directories | Toolbox | News | Employment | Sitemap 
UT System | Reports to the State | Compact With Texans | Statewide Search
 
 This site published by Ruth Finkelstein for the Policies & Procedures Website.
Copyright © 2005 The University of Texas Medical Branch. Please review our Privacy Policy and Internet Guidelines.