HIPAA Alert: Tips to Safeguard PHI and Other Confidential Information

Although certain Health Insurance Portability and Accountability Act (HIPAA)* sanctions are being waived during the current health crisis, we must be diligent in safeguarding patients’ protected health information (PHI)** and Methodist Health System’s confidential information***. 

Here are some helpful tips to help us achieve that:

Managing your home network. Ensure your home wireless router traffic is encrypted and password-protected. Avoid using your neighbor’s Wi-Fi or other unsecure Wi-Fi. When using a Methodist Health System device from a remote location, the VPN provided by Methodist should be used. Please power off your device after disconnecting from the VPN. Limited personal use of Methodist Health System devices in accordance with the IT Acceptable Use Standard. Family, friends, etc., should not use Methodist Health System devices or personal cellphones that have been configured to receive Methodist emails. It’s a HIPAA violation to allow others any kind of access to PHI. 

Protecting PHI. Keep your laptop locked when not in use. Be sure to encrypt emails when sending PHI to anyone outside of the health system. Keep all PHI in a secure and locked place, and shred all PHI when not in use.  Be aware of your environment when discussing PHI. 

Be vigilant when videoconferencing. Employees should schedule meetings using WebEx. WebEx is approved by Methodist IT and meets HIPAA guidelines. If confidential material is being discussed in a meeting, ensure that the meeting name doesn’t suggest that it’s confidential. If an unauthorized or unknown individual joins a meeting, ensure they are promptly removed before discussing any confidential information. Be aware of your environment when discussing confidential information.

If you have any questions regarding safeguarding PHI and confidential information, contact the Privacy Department with any HIPAA concerns and the  IT Department with IT concerns.

Wishing you health and happiness this holiday season.

Privacy and IT departments

Note: 

*HIPAA is the Health Insurance Portability and Accountability Act, a federal regulation that sets standards for safeguarding Protected Health Information (PHI)

**PHI is the combination of any health-related information (diagnosis, diagnosis codes, etc.) and a unique personal identifier (name, address, email address, IP address, etc.) 

***Confidential information is all medical, personal, proprietary and financial information derived from any source. This includes, but is not limited to, written information, electronic information, and verbal communication.