CENTER FOR EYE CARE

 

CONFIDENTIALITY AND PRIVACY POLICY

 

The purpose of this policy is to protect a patient's right to confidentiality and privacy.  Patient information will be regarded as confidential and will be available only to authorized users for approved purposes. Every attending, staff, student, volunteer or contractor will use only the minimum amount of confidential patient information to accomplish their assigned duties. Access to confidential information is only permitted for direct patient care, billing, or administrative hospital operations (such as utilization review, quality assurance, or compliance auditing), and may also include approved administrative / supervisory functions, or with Institutional Review Board approval.

 

Confidential information obtained either during assigned duties or by accident shall not be released to any person or institution except in accordance with Center for Eye Care policy and applicable federal and state laws. No Center attending, staff, student, volunteer, vendor, or contractor shall seek access to confidential information out of curiosity, for malicious purposes, or for financial gain.  Discussion or consultation involving a patient’s care of confidential information should be conducted in private. Individuals not directly involved in the patient’s care should not be present without the patient's permission.

 

Policy Elements:

 

1.    Discuss patient information with authorized personnel only and only in a private location where unauthorized persons cannot overhear.

 

2.    Keep medical records secure and unavailable to persons not involved with the patient’s care.

 

3.    Follow specified procedures for use of electronic information systems, including use of individual passwords, logging off when finished, proper data entry techniques, and protection of displayed or printed information from unauthorized users.

 

4.    Omit the patient's name and other unique identification when using case reports for educational purposes.

 

            5.   Verify with the patient what information may be given to the patient's family and friends with the patient’s knowledge and permission.

 

6.    Screen requests for access to all patient information so that those items that are minimally necessary are made available only to those persons who are legitimately involved in patient care, billing or administrative Center operations.

 

            7.   Release patient medical records to external sources only upon receipt of written authorization from the patient.

 

8.  Use appropriate information security procedures for users of electronic information systems