| Confidential
information. Confidential information about UTMB's
students, employees, patients, strategies, and operations is a
valuable asset. Although an employee may use confidential information
to perform a job, it must not be shared with others, inside or
outside of UTMB, unless the individuals have a legitimate need
to know and the information is shared in compliance with applicable
laws, policies, and procedures. Confidential information includes
personnel data, student information, patient information, financial
data, strategic plans, marketing strategies, employee lists and
data, supplier and subcontractor information, and proprietary
computer software. When UTMB collects information from individuals,
such as students and patients, it is required to disclose to the
individual their rights under the federal Privacy Act. However,
we should all remember that unless specifically excluded by law,
all documents we generate in the performance of our jobs may be
made available to the public under the terms and conditions of
the Texas Public Information Act. The UTMB IHOP policy 9.2.11,
Confidentiality of Patient Information, may be accessed at the
following web site: http://www.utmb.edu/policy/ihop/
The Health Information
Portability and Accountability Act of 1996 (HIPAA). This
law establishes national standards for the privacy and security
of health information. In the United States, every health care
provider and every employee of a health care provider must comply
with these new standards. The privacy and security standards have
an extreme effect on the way UTMB and its faculty, staff, and
students use, disclose, and store health information. As an example,
the national privacy and security standards require UTMB and its
employees to keep health information private and secure by:
- Using passwords on computers,
- Following record retention schedules and destroying records
as appropriate, and
- Obtaining a special consent to allow UTMB and its employees
to use and disclose health information.
These are just a few of many new HIPAA requirements. UTMB has
a duty to investigate any violation of these standards. Improper
uses, disclosures and storage of health information can lead to
both monetary fines and in some cases criminal punishments for
individuals and the institution.
If you would like more information regarding these HIPAA standards
and how they may impact you, you may view the UTMB HIPAA web site
at http://www2.utmb.edu/compliance/hipaa/
or call the Institutional Privacy Office at (409) 747-8705.
Computer
information security. It is a violation of the Texas
Penal Code to disclose computer passwords. Penalties range from
a Class B misdemeanor to a felony depending on the related monetary
damage. Therefore, computer passwords should be considered highly
confidential. Never disclose your computer password to anyone.
Furthermore, do not write or otherwise document your passwords
in a place that is accessible by others. Information regarding
computer access, passwords, and other confidential information
may be obtained via the Internet at http://www.utsystem.edu/BPM/53.htm
The UTMB IHOP policy 2.19.6, Information Resources Security, may
be accessed at the following web site http://www.utmb.edu/policy/ihop/
|
|
Q |
My
neighbor asked me to use the computer system to look up
some lab data about her daughter-in-law. May I give this
data to my neighbor? |
A |
No.
The daughter-in-law should receive this information from
her physician. All medical information is strictly confidential.
You should never provide any health information to anyone. |
Q |
While
typing a note for my physician supervisor, I noticed that
my neighbor is scheduled for simple surgery. I mentioned
this to my husband, and he said something to my neighbor.
Now my neighbor is angry with me. Have I done anything wrong? |
A |
Yes.
You must not reveal any medical information about any individual
to any other person. |
Q |
I am
out of town and need confidential information from my office
computer. I call the office and ask my secretary to get
the information for me. To do so, I must tell her my computer
security password. Have I violated the Standards of Conduct
Guide? |
A |
Yes.
It is both a violation of the Standards of Conduct Guide
and the Texas Penal Code to disclose computer passwords.
Computer passwords should be considered highly confidential
and should never be disclosed to anyone. Data that is protected
by passwords is now vulnerable to damage, theft, or disclosure.
You may forward e-mails to your secretary or other designee
to be read while you are away, but you should never disclose
your password. |
|
