Education
New Mexico Cannabis Orientation

Orientation: HIPPA & You

Complete & Continue Next Lesson Learn More

HIPPA

Medical Patients are also subject to HIPAA law protection of private information, therefore handling of information in any environment should be done with great care. Please review the HIPAA Do’s and Don'ts quick reference sheet to understand how to maintain integrity of Patient Health Information (PHI);

HIPPA Do's

  • Learn the client’s HIPAA privacy and security rules for each assignment and comply with the client’s policies

  • Always protect and keep confidential all PHI.

  • Password protect your computer with strong passwords and change your passwords regularly

  • Log-off and secure your workstation when finished or leaving it unattended and secure paper records that contain PHI.

  • Ensure that computer monitors displaying PHI are not able to be observed by unauthorized persons.

  • Always limit the use, disclosure of, and requests for PHI to the minimum amount necessary to carry out your job duties

  • Properly identify all unknown individuals before disclosing any requested PHI (e.g., clergy, physicians, insurance companies, and fax numbers), and only disclose the minimum necessary information to those who are authorized to receive it. 

  • Destroy, shred or put in the designated bins all papers that contain PHI before discarding them

  • Immediately report to your client supervisor if you know or suspect that there has been any improper use or disclosure of PHI.

  • If you have any questions about a client’s HIPAA and computer-usage policies, contact your client supervisor. 

HIPPA Dont's

  • Don’t leave physical or electronic PHI unattended or unsecured at any time—especially in public areas

  • Don’t use or disclose PHI, except as permitted or required by the client.

  • Don’t share or give anyone your logins or passwords, and don’t allow a fellow employee to access PHI on a workstation that you are logged into.

  • Don’t be responsible for another person’s abuse by neglecting to lock your workstation or sign off. 

  • Don’t physically or electronically remove or take PHI from the client’s premises. This includes, but is not limited to, laptops, flash drives, hardcopy documents, and e-mail.

  • Don’t use or disclose PHI to anyone unless s/he has a need-to-know and is authorized to have or see such information.

  • Don’t discuss PHI in public areas and/or with anyone not authorized to receive such information (e.g., coworkers, family, friends, and RHI Branch personnel).

  • Don’t copy, duplicate, or move PHI without proper authorization from the client.

  • Don’t disclose PHI to any person in an RHI Branch Office.

  • Don’t download and execute software or pursue risky behavior such as improper Web surfing and/or instant messaging.