4.1.D HIPAA/Privacy: General Rules - Safeguarding and Storing PHI Policy

  • POLICY:

    Lister Healthcare Corporation will reasonably safeguard protected health information from any intentional and unintentional use or disclosure in violation of the Lister Healthcare Corporation's privacy policies and procedures, the Privacy Rule, and other applicable privacy laws and regulations.  Reasonable safeguards must be taken to prevent disclosure of information beyond that which is minimally necessary and to prevent disclosure of information to persons who do not need the information to perform their job function. 

    PROCEDURE:

    Lister Healthcare Corporation will use the following safeguards for protecting the privacy of protected health information:

    • Administrative safeguards include, but are not limited to:
      • policies and procedures relating to the use and disclosure of PHI by members of LHC's workforce, other providers of healthcare services and business associates.
      • training and education on the privacy policies and procedures.
      • designation of workforce that identify the level of access to PHI that is necessary to perform their job function.
    • Technical safeguards include, but are not limited to:
      • use of computer log-in names and passwords to limit access to electronic records and other controls that give access based on degree of necessity.
      • maintenance of electronic storage, backup and destruction systems.
      • maintenance of all computer systems in compliance with security requirements applicable to PHI.
    • Physical safeguards include, but are not limited to:
      • locked medical record storage units.
      • environment that is secure from unauthorized individuals for areas where hard copies of PHI are used.
      • appropriate protection from fire or water damage.

    Revised 12/2013

  • Date Format: MM slash DD slash YYYY