Privacy Policy

Policy

The Sharon Health Care System is committed to protecting patient privacy. The purpose of this Protecting Patient Privacy Policy is to inform all System Workforce of the appropriate standard of conduct for safeguarding the privacy and confidentiality of PHI and PI. This policy is designed to comply with the HIPAA Privacy Regulations.

Scope

This policy applies to all employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a Sharon covered entity, is under the direct control of such entity, whether or not they are paid by the System (“Workforce”). This policy applies to all entities owned, controlled or operated by the Sharon Health Care System that are Covered Entities and Business Associates.

Definitions

Personal Information (PI): Generally, an individual’s first name or initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security Number; (b) driver’s license number or state-issued identification card number; or (c) financial account numbers, passwords and access codes. Specific state law definitions may vary.

Protected Health Information (PHI): Information, including genetic information, that identifies an individual and concerns the 1) the past, present, or future physical or mental health, or condition of an individual; 2) provision of health care to an individual; or 3) payment for the provision of health care to an individual, unless that individual has been deceased for more than 50 years.

Information identifies an individual if it includes the individual’s name or any other information that taken together or used with other information could allow someone to determine the individual’s identity such as:

  1. Name
  2. A geographic subdivision smaller than a state (including street address, town, zip code, county)
  3. An element of a date other than a year (including dates such as birth dates, admission dates, discharge dates, date of death, all ages over 89 and all elements of dates (including year) indicative of age, except that such ages and elements may be aggregated into a single category of age 90 or older)
  4. Telephone number
  5. Fax Number
  6. E-mail address
  7. Social Security number
  8. Medical Record number
  9. Health plan beneficiary number
  10. Account numbers including driver’s license numbers, bank account numbers, credit card numbers
  11. Certificate/License numbers
  12. Vehicle identifiers and serial number, including license plate number
  13. Device identification or serial number
  14. Web URL
  15. Internet IP address
  16. Biometric identifier
  17. Full face photographs or comparable image
  18. Any other unique number, characteristic or code

Procedure

A. General Requirement

  1. When using or disclosing PHI or PI, Workforce are required to take steps to protect the confidentiality of such information in accordance with the requirements of this policy and with the Sharon Health Care Notice of Privacy Practices.

B. Using PHI or PI within Sharon Health Care

  1. Workforce may use PHI and PI only as minimally necessary to perform their job duties.
  1. Workforce may never use PHI or PI for personal purposes.
  1. Workforce may not discuss PHI or PI with other people except as necessary to perform their job duties.
  1. Workforce is prohibited from discussing PHI or PI in public areas such as reception areas, elevators, elevator lobbies and public hallways where they could be overheard.
Site Search
In This Section