PRIVACY PRACTICES SECURITY

 

Applicable DMH components must be assessed for security of PHI that it receives, creates, maintains or discloses, twice per year initially and annually thereafter by designated component staff. Problems identified during the assessment will be reported in writing and include a corrective action plan with a copy provided to the local Privacy Officer for follow up and resolution. Reasonable efforts will be made to mitigate and correct identified problems. Unresolved problems must be reported to the DMH Privacy Officer.

General Guide For Copying, Faxing Or E-Mail Of Protected Health Information

1)  Post a sign near copy/fax machine similar to the following:  “All paper containing Protected Health Information that is no longer needed, including extra copies or sheets that are copied incorrectly, must be put in the recycle bin face down so that it may be shredded.”

2)  Information disclosed should generally be the minimum necessary to accomplish the intended permitted purpose.  This usually means limiting the scope and content of information requested, used or disclosed.  However, complete identifying information may be necessary for Treatment purposes.

3)  For fax cover sheets and e-mail subject matter title and messages referring to a Consumer, unless essential for the understanding of the message (identifying detail may be needed for Treatment, if there is a likelihood of confusion, etc.), de-identify or otherwise limit the identity of the Consumer (e.g., “41yr.old male admission last night”; strike through the name; Consumer‘s first name and last initial only, “Ferris B.”, etc.). 

4)  Double check phone/addresses prior to sending faxes or e-mails. 

5)  Only send to DMH staff who need the information in doing their DMH job.

6)  Do not leave PHI documents at the copy/fax machine once the information has been copied or faxed,

7) Fax and e-mail communications or transmissions that include PHI should identify the intended recipient, the sender (with reply contact information) and include a notice statement substantially similar to the following:

PRIVACY NOTICE:  THIS COMMUNICATION IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO WHICH IT IS ADDRESSED AND MAY CONTAIN SCDMH PATIENT OR OTHER INFORMATION, THAT IS PRIVATE AND PROTECTED FROM DISCLOSURE BY APPLICABLE FEDERAL AND/OR STATE LAW.  IF THE READER OF THIS MESSAGE IS NOT THE INTENDED RECIPIENT OR RESPONSIBLE FOR DELIVERING THE MESSAGE TO THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION OR THE INFORMATION CONTAINING WITHIN IT, IS STRICTLY PROHIBITED AND MAY SUBJECT THE VIOLATOR TO CIVIL AND/OR CRIMINAL PENALTIES.  IF YOU HAVE RECEIVED THIS COMMUNICATION IN ERROR, PLEASE NOTIFY US IMMEDIATELY BY TELEPHONE, REPLY E-MAIL OR FAX USING THE PHONE NUMBER OR ADDRESS  INDENTIFIED IN THIS COMMUNICATION  AND DESTROY OR DELETE ALL COPIES OF THIS COMMUNICATION AND ALL ATTACHMENTS.