|
POLICY NUMBER: AS.065
EFFECTIVE DATE: 9/20/2024
APPROVAL DATE:9/20/2024
REVISED DATE: NA
PURPOSE: To provide additional information on HIPAA’s Privacy and Security Rules specifically relating to the use and disclosure of Protected Health Information (PHI) for educational purposes.
ADDITIONAL AUTHORITY: N/A
SCOPE: Students, faculty, and staff
RESPONSIBLE AUTHORITY: Academic Affairs
RECIPIENTS: Faculty, Clinic Administration, Deans, Students, Staff
PUBLICATIONS: Clinic Student Handbook, Faculty Handbook, Website
DEFINITIONS: Protected Health Information (PHI): – information that is individually identifiable to a patient that pertains to the patient’s past, present, or future physical or mental health or condition or the provision of health care to that patient or payment for the provision of health care to that patient.
Policy Title
Privacy of Patient Information in the Teaching and Clinical Environment Policy
Policy Statement
All Life University employees who are engaged in teaching and/or supervising students may not disclose or publish in any teaching materials information that identifies any Life University health care service to an individual, or that contains parts or portions of identifiers that can reasonably be used to identify a Life University health care service to an individual.
Any disclosures or use of instances of Life University health care services in teaching materials must ensure that such materials are void of any information that would identify the specific individual who is the subject of such service in accordance with the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Family Educational Rights and Privacy Act (FERPA) and Life University policies.
Procedure(s)
If you are supervising or teaching a didactic or clinical course at Life University, the following rules must be followed:
- Undertake the proper safeguards to protect the privacy and security of PHI used or accessed in any academic setting. Become familiar with the policies and procedures applicable to the academic or health care entity you are working with. Example: Never leave patient files unattended in a public area such as a conference room even if you step away for only a few minutes. Never leave open computer screens in a setting where other students or patients may access view of information regarding the provision of a Life University health care service identifiable to an individual.
- You may discuss health care service provided to a patient by Life University to students who are with you while you are actually in the clinical setting and only for the purpose of providing patient care or education/instruction for the student about the patient. All such discussion and disclosures must be made consistent with Life University’s policy on Minimum Necessary Disclosures.
- Do not disclose individually identifiable information about the health care services provided to an individual for purposes other than training or educating students without either (i) first de-identifying the information pursuant to Life University’s Policy on De-Identification of an individual’s Heath Care Service or (ii) first obtaining a signed, written and HIPAA-compliant authorization for the specific use from the individual who is the subject of the health care services..
- If you become aware of, or suspect that there has been, an impermissible acquisition, access, use or disclosure of PHI in a manner not permitted under HIPAA and/or FERPA, you should immediately report the circumstances to the Dean of the respective college or the Director of Clinics, as appropriate.
See Life University’s Policy on De-Identification of Individually Identifiable Health Care Information.
Other Notes
N/A
|