Q:
Who is Carilion's Privacy Officer and how
can I contact her?
A: Carilion's
Privacy Officer is Judie Snipes. She may
be contacted at (540) 981-7751 or her e-mail
address is: jsnipes@carilion.com.
If the Privacy Officer is out of the office
and you need immediate assistance, you can
contact the Carilion's Information Security
Officer.
Back
to FAQs
Q:
Who is Carilion's Information Security Officer
and how can I contact him?
A: Carilion's
Information Security Officer is Tom Newton.
He can be contacted at 540-224-4246 or by
e-mail at tnewton@carilion.com.
If the Information Security Officer is out
of the Office and you need immediate assistance,
you can contact the Carilion's Privacy Officer.
Back
to FAQs
Q:
May the entity notify a patient's family
member or other person that the patient
is at their facility?
A: Where the patient is
alert, or is otherwise available prior to
the disclosure, and has capacity to make
healthcare decisions, we should ask if it
is okay to notify family and other persons.
If the patient agrees or does not object,
we can share. We may also use or disclose
this information to notify the family and
other persons if it can reasonably infer
from the circumstances, based on professional
judgment that the patient does not object.
If the patient is not alert we can use reasonable
judgment to contact the next of kin.
Back
to FAQs
Q:
Is the hospital permitted to contact another
hospital or healthcare facility, such as
a nursing home, to which a patient will
be transferred for continue care, without
the patient's authorization?
A: Yes. The HIPAA Privacy
Rule permits a healthcare provider to disclose
protected health information about an individual,
without the individual's authorization.
We can also release information to another
healthcare provider for that provider's
treatment or payment purposes, as well as
to another covered entity for certain health
care operations of that entity.
Back
to FAQs
Q.
If patients request an amendment to their
medical record or an accounting of disclosures,
what should I do?
A: Have the
requestor complete the proper form for the
amendment or accounting of disclosures.
- Click here
for the Amendment Form.
- Click here
for the Accounting of Disclosures Form.
Forward the form to Carilion's Privacy
Officer. If they would like to discuss their
situation in more detail, they can contact
Carlion's Privacy Officer. If the Privacy
Officer is out of the office and they need
immediate assistance, they can call the
Carilion's Information Security Officer.
Back
to FAQs
Q:
If a patient requests a restriction on their
medical information, what should I do?
A: Never accept
a restriction without first discussing the
situation with Carlion's Privacy Officer,
Judie Snipes. She will discuss the request
with the patient to determine if we will
accept or reject the request.
Back
to FAQs
Q:
If I fax or mail patient information to
the wrong location or person, what should
I do?
A: Call the
location or person and ask them to destroy
the information. Then complete an Unauthorized
Disclosure of Patient Health Information
(PHI) form. This form is located here.
Back
to FAQs
Q:
Can I include patient information in an
e-mail?
A: Recognizing
that a total ban on e-mail use of PHI might
harm patients or limit the organization
from reasonability conducting business,
limited uses may be allowed if precautions
are used. Specifically, many business associates
and others routinely use the Internet for
e-mail communication and these communications
may contain PHI. To protect the confidentiality,
integrity and accessibility of the data,
it is encouraged that each participant use
the least amount of PHI possible to address
the issues at hand. Patient names should
not be used where possible but rather use
account or medical record numbers. E-mails
that do contain PHI must be marked as confidential
and note within the e-mail that the information
should not be forwarded to others unless
they have a legitimate need to know.
Back
to FAQs
Q:
Can I look at the medical information of
relatives, friends and coworkers?
A: NO. You
are not allowed to access health information
or demographic information, including addresses
or birthdays, of your coworkers, friends,
neighbors or family members unless the information
is needed to perform your job responsibilities.
These individuals have a right of privacy
just like all our patients.
Back
to FAQs
Q:
Can I look at my own medical record?
A: Yes. However,
you are not allowed to modify your own medical
record nor create, authorize or sign your
own prescriptions except in pre-approved
situations.
Back
to FAQs
Q:
How can I develop a strong password?
A: Use the
first letters in a phrase, book title or
song. An example would be: Little
Jack Horner
sat in
a corner. The password
would be LJHSNAC.
Back
to FAQs
Q:
Can I share my password with anyone?
A: Once you
have chosen a strong password you must safeguard
it and not disclose it to anyone. You must
not let anyone borrow your password to log
on to our online systems. Similarly, you
must not ask others to use their IDs and
passwords so you can access information.
Each person is held personally responsible
for all activities undertaken using their
user-IDs and passwords.
Back
to FAQs
Q:
How can I protect patient information on
my laptop?
A: In the
course of your day-to-day work, it may sometimes
be helpful for you to download data or create
spreadsheets with patient or employee identifiable
information. Once that data in on your laptop,
PDA or flash drive, you are responsible
for its protection. Protecting the data
means you should not leave the device unattended
in public areas, in plain view in a locked
car or in your office over night and not
locking the device in your desk or file
cabinet.
If possible, de-identify the patient or
employee data on the device. For example,
use account
or medical record numbers and initials for
identification purposes. Never store Social Security numbers on any movable device: laptops, PDAs or flash drives.
Also be sure that your laptop or PDA is
password protected. If you do not know how
to password protect your device, call TSG’s
HelpDesk at 224-1599.
Back
to FAQs
Q:
What should I do if I lose my laptop or
PDA?
A: If the
laptop, PDA or flash drive is lost or stolen,
it is imperative that it is reported
immediately to Carilion Police or Carilion’s
Privacy Officer or Information Security
Officer. Immediate notification
gives us the opportunity to protect you
and the patients while delays in reporting
can increase the chances of identity theft.
Back
to FAQs
Q:
How can I make my work area a more secure
environment?
A: We often
think that information security relies solely
on user IDs and passwords. But physical
security also plays an important role.
- Always keep you computer screen tilted
away from public-access areas.
- Make sure you keep laptops and portable
devices are locked in a safe place when
not in use.
- Do not leave you computer unattended.
Always log off when finished.
Back
to FAQs
Q:
Can I take a picture or make a film of a patient?
A: You cannot take a picture of a patient without their permission for any reason other than care or, in some specific cases, education. These photos are never for cell phones or personal devices like PDAs. No employee can take pictures or other images just because the case is interesting, and this includes students working on projects for school.
Films or other tapes/pictures used for medical education must be used internally only for the specific purpose of education, and those viewing the images must be members of our workforce with a need to see the images. The images in all cases, even for education, should be de-identified to the extent possible before their use. Outside folks (police, audiences at education sessions conducted by Carilion Clinic, or non-Carilion members of committees or task forces) are not to be there if images are identifiable in any manner.
Back
to FAQs
|
