Social Media: Do not post any patient information or patient photos on any social networking sites.
Secure Faxing: Confirm the fax number before dialing. Program frequently dialed numbers into the fax machine. Avoid manual dialing, which may lead to misdirected transmissions. Locate the fax machine in a secure work area.
Safe Emailing: Confirm the accuracy of the email address. Don’t open, forward, or reply to suspicious emails. Delete spam.
No texting of PHI: Texting of patient health information is not allowed, for example: “John Smith on 3rd floor needs skilled PT eval”.
Safe Internet use: Don’t download unknown or unsolicited programs. Accessing sites with questionable content often results in spam or release of viruses.
Password Protection: Don’t share your ID or password. Create a strong password of at least 8 characters, with at least one uppercase letter, one lowercase letter, a number, and a punctuation mark.
Conversations: Discuss a resident’s health information in a private area, only with the resident, the resident’s family, and other healthcare providers involved in treatment. Avoid discussions in elevators or lobbies where others could overhear.
Therapy Department Security: Use locked cabinets/file rooms and limit access to therapy records.
Discarding of Papers: Don’t discard papers and other records with PHI in trash bins or unsecured recycle bins. Shred, or place in secured shredder bins.
Computer Security: Log off your computer when done, or if you walk away, even for a few minutes. Don’t install programs unless approved by IT Support.
Know where you left your paperwork: Check printers, faxes and copiers when you are done using them. Ensure paper charts are returned to the appropriate area.
Removal of Records: Don’t remove documentation (paper or electronic records) from the facility for any reason, except copies if needed for invoices and as requested by government agencies, fiscal intermediaries and carriers.
Storage of Records: Maintain records in a secure area that is not available for public view and access.
Building Access: Do not share keys or codes to enter the facility. Immediately report lost or stolen cards, keys or badges. Do not allow others to enter a secure facility area by letting them walk in behind you.
Verification of Requests Related to PHI: Verify with facility staff the identity of any person or organization requesting access to a patient’s PHI. The facility is responsible for determining the person’s authority to have the PHI requested.
Sharing of PHI with an Authorization: Don’t disclose a patient’s PHI to any outside entity, unless the facility has obtained written authorization if required, and given Select Rehabilitation permission to disclose the information.
Disclosure of PHI to Friends and Family Members Involved in a Patient’s Care: When the patient is present and also has the capacity to make healthcare decisions, give the patient an opportunity to agree or object to the disclosure of PHI to friends or family involved in the care, before the disclosure occurs.