Maintaining the confidentiality of both business and private information relating to any and all aspects of Appalachian Regional Healthcare System (ARHS) are considered critical to our health care environment. Releasing confidential or private information without proper approval, either intentionally or casually, may result in disciplinary action, including termination or disassociation with the System.
Specifically, individuals associated with ARHS, in whatever capacity, must not discuss information concerning patients, staff, physicians or business relationships within or outside the System unless the party to whom you are speaking has authorized access to and need for the information. This also implies an obligation to maintain an awareness of your surroundings to assure that the information is not shared with unauthorized individuals accidentally.
Protected Health Information (PHI):
Protected Health Information means information relating to the health or condition of a patient, the provision of care to a patient, or the payment for the provision of health care to a patient that identifies the patient and is transmitted or maintained electronically or otherwise.
As an employee, volunteer, student, or other individual associated with ARHS, you are personally responsible for maintaining the confidentiality and integrity of the protected health information you have access to in the scope of your duties (position).
Therefore, you are held accountable for:
1. Ensuring the protected health information you have access to relating to the patient’s medical records and/or to the patient’s account is protected, i.e. the disclosure of this information outside the medical center or outside the scope of the patient’s care is prohibited. Disclosure means the release, transfer, provision of access to or divulging in any other manner protected health information.
2. Ensuring the protected health information may not be seen (viewed) via computer screen by unauthorized personnel, i.e. a visitor or an employee not associated professionally to the patient’s care.
Furthermore, you shall NOT:
1. Access protected health information from a patient’s medical records or from the patient’s electronic data file for any other reason other than that which is necessary to adequately perform one’s specific job responsibilities. Access to a function on the computer does not imply that it is proper to search this information at will to satisfy curiosity.
2. Make unauthorized copies of the patient’s medical records or of the patient’s electronic file. Hard copy records are accessed by request to the department responsible for safeguarding the document and should be signed out appropriately.
This is to inform you that as an employee of ARHS or one of its subsidiaries and as a user of this institution’s computer services, you are personally responsible for:
1. Using the service only to perform your specific job responsibilities.
2. Protecting your computer access information (password) from all other persons at all times.
3. Reporting to your supervisor immediately any computer violations that you discover.
4. Limiting internet usage and/or email to only what is necessary to perform job related duties.
Furthermore, you shall NOT:
1. Attempt to access any computer resources, including the internet, for which you do not have permission explicitly granted by this institution.
2. Physically damage the computer system or its functions or environment in any way whatsoever, nor knowingly allow any other person to do such damage, regardless of intent.
3. Remove, add, or modify any hardware, software, application programs or data from the computer system, or its environs, whether physically, mechanically, or electronically without explicit permission from the Information Technology Department.
4. Copy any software products owned or licensed by ARHS for your personal use.
5. Install or use on ARHS’s computer system any hardware or software not specifically authorized by the Information Technology Department.
6. Download anything from the internet unless approved by Information Technology personnel.
I have read and understand the above statement. Furthermore, I understand all ARHS workforce members must respect the privacy of all patients, become informed and trained regarding all privacy policies, comply with ARHS’s privacy policies and report to the Privacy Officer any breach of such policies whether the breach was committed by the individual or another member of the workforce. I agree to maintain the confidentiality of any protected health information relating to ARHS. I understand that violation of the above provisions may be cause for disciplinary action not excluding termination and/or prosecution by the law.