Hide and seek -- a weekly HIPAA message

December 10, 2002

picture disc.HIPAA, the "Health Insurance Portability and Accountability Act of 1996," provides federal protection of patient health information. You will be receiving weekly messages to help you understand the topic and how it impacts your job. Today's HIPAA message addresses passwords.

Questions:

1. Is it OK to hide your password under your mouse pad, keyboard tray or in another unsecured area?

2. What should you do if a well-known staff physician says he has lost his password but needs immediate access to his patient's lab results and asks you to look up that patient's records for him?

Answers:

1. No. Passwords "hidden" this way can be easily found. You must take reasonable care to protect your password. Your password should be appropriately secured in areas such as in locked desk drawers or in other secure personal belongings. If you feel that this has been compromised in any way, you should change it and contact Information Technology Services (ITS) as soon as possible.

2. In the interest of patient care, you may look up the patient's records. But you should let the physician know that he should contact the ITS Helpdesk to have his password restored.

picture disc.

If you're a manager, please ensure all of your employees are informed of the contents of these messages and how it applies to your work area. Some ways of sharing the information include discussions during staff meetings, printing and posting this message or asking your employees if they have any further questions.