• The HIPAA test for non-Vanderbilt University Medical Center Personnel is available at HIPAA-test »

WHY DO YOU NEED TO KNOW ABOUT HIPAA?

Simply by being in the medical center, you will encounter confidential information. You need to be prepared to handle those situations appropriately because there are penalties that could impact YOU and VUMC if the confidentiality rules are broken. VUMC has its own set of rules that incorporate Federal regulations. Disciplinary/corrective action ranges from training/counseling to termination. Everyone who has access to our patients or protected health information (PHI) is required to understand our privacy and information security policies and abide by them. The complete policies and other details can be found on the HIPAA web site: www.mc.vanderbilt.edu/HIPAA.

PROTECTED HEALTH INFORMATION (PHI)

PHI is any information related to health conditions or services that can be linked back to an individual patient. PHI can be in any form: written, electronic or verbal. This means that essentially all information linked to a patient at VUMC is PHI. Even the fact that a patient has received care at VUMC is protected by our policy, and federal regulations.

KEY QUESTIONS TO ASK YOURSELF ABOUT HOW YOU ARE USING PHI

1. Are you authorized to access information about this patient? You should only access and use PHI as required to do your job or when specifically authorized by the patient.
2. What information can be shared? PHI should only be shared on a need-to-know basis.
3. Where & How are you sharing information? Because care is often coordinated in semi-public areas in the Medical Center, it is essential that everyone be aware of their surroundings when using and sharing patient information. Be careful to prevent unauthorized persons from overhearing or overseeing confidential information. Also, take care when faxing, emailing and disposing of PHI.

Security

Below are some key security concepts that you should keep in mind while working at VUMC.

1. Passwords – Never share your password or use someone else’s password. Create a hard to guess password that includes numbers, letters, and special characters (where the system allows).
2. Logging off - When using a computer if you need to walk away either Log Off OR Lock the screen.
3. Mobile Devices (laptops, PDAs, and text pagers) – These devices should always be password protected to prevent unauthorized individuals from accessing them in case they are stolen or left somewhere unattended.

HAVE QUESTIONS? If you have a question your VUMC contact is unable to address call the Privacy Office at (615) 936-3594. You may also visit our website at: www.mc.vanderbilt.edu/HIPAA. If you witness a violation of our privacy policies, you are encouraged to contact the Privacy Office, Help Desk, Compliance Reporting Line, or your manager.

The Medical Student Summer Research Training Program is supported by the Vanderbilt Short Term Research Training Program for Medical Students (NIH grant DK007383) and the Vanderbilt Diabetes Research and Training Center (NIH grant DK20593).