All businesses that obtain and maintain healthcare information must provide the highest standards to protect the information from accidental or deliberate misuse or disclosure.
Patient information is disclosed to third-party entities for the following purposes only,
• For treatment
• To obtain payment for treatment
• For healthcare operations
Control Accidental Disclosure
Work practices that reasonably prevent accidental disclosure must be exercised at all times. From a simple procedure of covering protected health information to locking-up unattended filing cabinets, to being aware of the surroundings when discussing patient information is vital. In addition, patient’s protected health information should never be discussed out-side of work under any circumstances or for any reasons.
Restrict the use of Patient Information
The patient’s protected health information (PHI) must be used for healthcare related purposes only.
Apply the Minimum Necessary Rule
The concept of the “Minimum Necessary Rule” is that the very minimum of protected health information (PHI) be used, accessed or released for any purpose or task even if an exception is permitted.
No Marketing Activity
At no time protected health information may be sold or transferred to any third party for the purpose of marketing activity, whether for profit or not, or to introduce a person, business, product, or service.
Control Electronic Transmissions
Prior to transmitting protected health information (PHI) on electronic devices such as computers, fax machines, voice mail, and telephones, it must be determined whether it is secured and if confidentially will be maintained and not compromised.
Control Discarding Protected Health Information
All documents that contain protected health information (PHI) when discarded must be shredded or destroyed, to prevent disclosure. At no time, documents containing protected health information are discarded if confidentiality will be compromised.