2. Who Should Access
Confidential Patient
Information
0 Clinicians during the course of treating a patient
0 The patient
0 Hospital staff that utilizes information for billing and
coding such as Health Information Management
0 Designated persons by the patient that have signed
necessary consent forms

3. Who Should NOT Access
Confidential Patient
Information
0 Clinicians that are NOT involved in active patient care and
treatment
0 Staff that is NOT utilizing patient information for the
purposes of treatment, billing, or coding.
0 “Curious Staff” or persons
0 Any member of the organization who cannot document, as
needed, the reasons for accessing the record

4. How to Keep It Safe
0 Put a footprint in the patient record showing who
accessed the record and their relationship to the
patient as part of the care team.

5. How to Keep it Safe
0 Ensure that each user is educated on the importance of
keeping their password in a safe place and not sharing with
other employees. Have yearly training and re-education on the
importance of privacy within your organization.

6. How to Keep it Safe
0 Have a dedicated compliance and security officer in
place within your organization. Policies and
procedures should be in place regarding privacy that
clearly outline the repercussions of security and
privacy violations.

7. How to Keep it Safe
0 Utilize patient aliases within the patient registration
and electronic health record to ensure the privacy of
famous or “well known” individuals.

8. How to Keep it Safe
0 Shred documentation with patient information
attached
0 Utilize fax cover sheets when faxing or sending
patient records
0 Use general rule of thumb – don’t access ANY record
without a valid reason for reviewing