Privacy Frequently Asked Questions
What is Health Insurance Portability Accountability Act (HIPAA)?
A federal law, the intent of which is to protect the privacy and security of patient health information, both medical and dental that is created or maintained by healthcare providers.
What is Protected Health Information (PHI)?
Any type of individually identifiable health information, whether electronically maintained, electronically transmitted, or in any other format (i.e., discussed orally, on paper or other media, photographed, or otherwise duplicated).
How do I report a privacy concern?
What do I do if I see a fax that was received in error?
Misdirected faxes may expose patient and other confidential information to individuals who are not authorized to see that information.
- Notify the sender and return the fax if requested
- Contact the UConn Health Privacy Office
- Shred the original fax
May I use my EPIC work access to view my own medical record?
No, you must use your work access for work-related purposes only. You may use MyChart to access your own medical records. MyChart is UConn Health’s online patient portal and can be accessed here.
My coworker is on medical leave, and I want to send her a card. Can I look up her address in EPIC?
No. You must not access or view anyone’s medical record unless you have a job-related reason to do so. Accessing an employee’s medical record to get their address, telephone number, birthday, or any other information is not appropriate unless doing so is required for your job.
My spouse asked me to look up their lab results. Am I allowed to do so in EPIC?
No. You may only use your work access to view the medical records of a family member (or other individual) when necessary to do your job. This is true even if the family member or other person gives you permission. In this case, viewing your spouse’s lab results is not job-related and therefore is prohibited. Your spouse can access their own lab results using MyChart, and you can too if you have been designated as a MyChart proxy for your spouse.
I need to know my child’s next doctor’s appointment. Can I look it up using my EPIC work access?
No, you are not permitted to use EPIC work access for tasks that are not required as part of your job. However, you may use MyChart to look up your minor child’s appointment.
What is snooping?
Snooping means intentionally accessing patient records without a legitimate work-related reason. Snooping is prohibited by law and UConn Health policies and procedures, regardless of whether it is malicious, well-intended, or out of curiosity. Employees who snoop or otherwise violate UConn Health privacy or information security policies are subject to disciplinary action, up to and including termination.
What does “minimum necessary” mean?
The HIPAA Privacy Rule and UConn Health policies generally require that we access, use, and disclose only the minimum amount of protected health information (PHI) necessary to complete a work-related duty, and that we do so only when the PHI is needed for that specific task. For example:
- If your job requires access to a patient’s demographic information, it would not be appropriate and would violate the “minimum necessary” standard to also access detailed clinical information in the patient’s record.
Can I post about patients on social media?
No. The HIPAA Privacy Rule prohibits the use of PHI on social media without patient Authorization. This includes posts about specific patients, in addition to images or videos that may result in a patient being identified. Some examples of potential HIPAA violations using social media include:
- Sharing workplace frustrations online without the patient’s name, but with enough other details that the patient can easily be identified
- Disclosing PHI in response to negative comments posted online
Posting photographs or images taken from inside a healthcare facility where a patient or PHI are visible.
How can I protect patient privacy while working from home?
Safeguard protected health information (PHI) at home just as you would if working on campus.
- Make sure PHI is not visible to others.
- Make sure that family members and others are not able to read or access your computer.
- Conduct phone calls in an area where PHI cannot be overheard.
- Be mindful on video calls: Is PHI visible to people on the call? To people in your home?
- As always, do not discuss PHI with others in your home.
What is FairWarning?
FairWarning is a privacy monitoring technology that analyzes EPIC user activity to detect potentially inappropriate access to patient information and other privacy violations. Any potentially inappropriate activity that is detected is reviewed and investigated, as necessary. UConn Health uses FairWarning to monitor for possible privacy violations, such as coworker snooping.