Policy Manual sample

MDT Home Health Care Agency, Inc. PROTECTION OF DATA IN THE MANAGEMENT INFORMATION SYSTEM PURPOSE: To formulate and implement procedures for processing, storing, and discarding patient data and identified agency data in the agency computer system in order to protect the data against unauthorized use. POLICY: · Utilization or the agency’s Information System gives the employee access to confidential communications, information, and records regarding patients, employees and the organization. The Information System is not to be used for employee’s personal purposes. · Agency employees will utilize only those Information System functions that are necessary to complete work assignments. It is the policy of this agency that all employees will keep confidential all communications, information, and records within their work area Confidential communications, information, and records shall include, but are not limited to, the following: Patient demographic, financial, and account status information. Patient diagnosis, care plan, visit reports, and any other communication information, and records regarding the medical care program, Information System programs and applications, Information System access operator codes and passwords. Electronic PHI must be protected by password, encoding process, encryption, security backup maintained in secured protected area, under the responsibility of the Administrator or Designee. PROCEDURE: Unauthorized access and/or disclosure of confidential communications, information, and records by an employee is considered a serious violation of appropriate conduct. In the event that such a violation is revealed, disciplinary action will be taken against the employee (as detailed by agency Personnel Policy). Employees will be sign a System Access Request and Password Confidentiality Statement form to request access to the agency Information System. Forms should be submitted to the Administrator for approval and then maintained in the personnel record. Employees will be assigned an Information System operator code, password, and appropriate program access by the Alternate Administrator as necessary to complete work assignments. · Administrative staff in the Business Office will have access to information that directly pertains to their job. · Clinical staff will have access to the Master Patient File, to orders/485s, and clinical notes as applicable. The Master Patient File contains patient demographic and billing data. · The Alternate Administrator, the Director of Nursing, Clinical Manager, and the Manager of QI will have access to the entire Information System. · The Clinical Managers and Clinical Care Coordinators will have access to clinical information and selected management reports. Home Health Agency Policies A-111