The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides a Federal law to protect privacy and confidentiality by preventing a release of an individual’s (patient’s) individually identifiable health information (i.e., information in a medical record).
The Medical University of South Carolina (MUSC), The Medical University Hospital Authority (MUHA), University Medical Associates (UMA), and Carolina Family Care (CFC) supports and rigorously abides by all Federal and State laws and regulations for the protection of the privacy of individually identifiable health information. Each MUSC student must realize the necessity to maintain the privacy of a patient’s individually identifiable health information.
As a Medical University, all students viewing individually identifiable health information must complete HIPAA Privacy Rule training. Typically, this Privacy Rule training must be completed by the end of the student’s first semester. Individual colleges will provide additional information to the student on the completion of this training.
MUSC students may view individually identifiable health information for treatment purposes. In other words, MUSC students must be involved in the care of the patient to view a patient’s individually identifiable health information (i.e., the contents of a medical record).
In order to access a patient’s individually identifiable health information when the student is NOT involved in the patient’s treatment, the student must obtain permission from a member of the faculty of the student’s college. For example, if a MUSC student learns about a particular case of interest and this student is NOT involved in the care of the patient, the MUSC student will need permission to view the individually identifiable health information for “educational purposes”. Unless the faculty member is physically present when the student accesses the individually identifiable health information (i.e., the medical record), permission should be granted via written documentation (for example, an e-mail).
Individually identifiable health information may be stored in a variety of formats including paper, electronic (computers), video, audio, and photographs. Regardless of the format, all individually identifiable health information must be protected.
MUSC students can follow basic Do’s and Don’ts to protect a patient’s privacy. All of these are just a common sense approach to protect the privacy of individually identifiable health information.
- Do ask yourself, “Do I need to look at this patient’s health information to provide treatment to the patient?” before looking at the record.
- Do keep a patient’s room door closed when providing care or discussing health information;
- Do speak softly when discussing health information while others are present;
- Do follow proper procedures when disposing of a patient’s health information;
- Do log off computer systems when you are finished accessing health information;
- Do report any privacy violations to your college or the privacy officer.
- Don’t talk about a patient’s health information in public places;
- Don’t choose a computer password that can be easily guessed, such as your last name;
- Don’t share your computer password with anyone;
- Don’t let faxes or other printed papers with a patient’s health information lie around unattended;
- Don’t walk away from open medical records;
- Don’t leave phone messages about a patient’s health information with anyone but the person you are trying to reach;
- Don’t leave messages containing a patient’s health information on an answering machine; and
- Don’t give out a patient’s medical condition or location without making sure the patient has agreed to be listed in the facility directory.
In addition, each MUSC student must realize that mental health, HIV/AIDS, sexual assault, and alcohol/drug abuse records are protected by additional Federal and State laws. Therefore, these types of individually identifiable health information must be protected with greater care.