Keeping You Informed on HIPAA

Health Insurance Portability and Accountability Act (HIPAA)

Treating patient's privacy and confidentiality is of the utmost importance to San Luis Valley Health.  HIPAA was enacted, in part, to ensure proper safeguards were in place to protect this vital information for patients.  Below, we are offering an outline of the practices that San Luis Valley Health employees to ensure compliance with HIPAA.

HIPAA SECURITY

• Requires facility to safeguard electronic PHI (EPHI) by creating and enforcing policies regarding data access, distribution, communication, and breaches.

• Also requires a facility to safeguard employees, EPHI and the building infrastructure from risks of natural disasters and personal threats.

• If you walk away from your workstation or another one that contains PHI, be sure to lock the computer (i.e., CNTLALT-Delete – select Lock or press the Start & L Keys).

• Be sure to never share your login or passwords with anyone.

• Use of a mobile device(s) to maintain PHI – consult with IT for permission and supervisor for user guidelines.

• Employees should approach unescorted visitors and report questionable encounters.

• The facility’s computer systems should never be used for unauthorized personal use or to access, download, transmit or distribute threatening, false, or obscene materials.

• Employees are responsible for safeguarding EPHI and being knowledgeable of the facility’s HIPAA security policies and procedures. For example: properly transmitting and/or storing information via your computer.

• Unauthorized use includes accessing your “own” PHI or EPHL You should facilitate changes to or inquiries about your account information like you would any other external entity you do business with. Employees found accessing or altering their own information will be disciplined.

REGULATORY COMPLIANCE

Concerns about violations of a HIPAA policy should be directed to your direct supervisor or the following members of the HIPAA Committee: Terri Salazar, Privacy Officer, Chuck Laufle, Security Officer, Mandy Crockett, Director of Human Resources. Disciplinary action will never be taken towards an employee for filing a report in good faith, even if the report turns out to be wrong.

Individuals found guilty of compliance and/or HIPAA fraud and abuse may face substantial fines and penalties.