HIPAA and Technologies

Use of Technologies: Ensuring Compliance

During the conduct of research, outreach, and teaching,  SPH faculty member, staff member, and students utilize a variety of technologies.  A critical element of compliance is ensuring confidential and protected health information is secure and protected regardless of the technology type utilized.  The following is a summary of technologies and the appropriate protections to ensure data is secure. Security of data includes not only the technological safeguards (ex. encryption, passwords, etc.) but also the physical safeguards (locked offices, locked filing cabinets, etc.) to ensure data security is maintained.

Computers: Computers should be password protected and encrypted.
Laptops: Laptops should be encrypted.
Databases: Cloud computing and storing of PHI or other confidential information on non-TAMUS secure servers is discouraged. The external sites cannot guarantee the data is secure. 
Tablets: Tablets should not be used to access/store PHI.
Fax/Copiers/Printers: PHI should not transmitted using a fax machine.  In the event confidential or sensitive information must be faxed, a cover sheet should be used and the recipient and sender should ensure they are able to promptly retrieve confidential documents from the fax machine, copier, or printer and not leave the information unattended.
Offices: Appropriate best practices for physical access should be implemented to prevent a confidentiality breach. Confidential data should be stored in a locked drawer and should not be left unattended.