Security Guidelines for Users
This web page is intended to provide an overview for how faculty, staff, and affiliates of the MPOG should securely handle protected health information (PHI) for all patient care, quality improvement, and research activities.
Our reputation is at stake: It is important that everyone using PHI understand the consequences if they do not take the specific precautions outlined here. One stolen unencrypted laptop containing PHI constitutes a breach, forcing you to publically disclose the breach to patients, possibly on the website, and the mass media.
Nearly every medical center has had an incident involving loss of a patient dataset containing PHI. The risk is focused on data and files that contain PHI for hundreds, if not thousands, of patients. The typical scenario involves a file used for patient care (billing), quality improvement, or research purposes including patient identifiers. Files are stored on a workstation, laptop, or device which is lost, stolen, or otherwise compromised. Although the patient data may never actually be released publicly, the healthcare facility is required to report publicly and contact each patient if the data was not secured to reasonable safeguards. Those safeguards, if followed, make it virtually impossible to unlock the patient PHI. If the safeguards are followed and the device is lost, there is no need to contact report the data loss.
Below is an overview and, as such, is not intended to be all–encompassing. If you have questions or concerns, contact firstname.lastname@example.org
Information and Tips to Secure Data
There are several steps you should take to ensure you are securing your data: