2019 PrivacyTraining

General Overview

  • All employees must read and attest to their understanding of all security policies and procedures on The Guard by Sept 30, 2019


  • Paper copies of the privacy policies may be found in the Policies and Procedures binder behind Vicki's desk


  • The Privacy Officers for the Eye Center are Vicki Grimsley and Cindy Holt.


  • Patient information of any nature is confidential. This includes information from or about medical records, test results, appointments, and referrals. Even a patient’s presence at our medical practice offices should not be disclosed.


  • Staff must not discuss patient information with anyone who is not involved in the patient’s care and entitled to receive such information. Do not discuss patient information with your family members, friends, in social conversations, etc. Such breaches of privacy may subject employees to disciplinary action, including termination.


  • When in doubt, do not disclose patient information until you ask your supervisor or the Privacy Officer for clarification.


  • As a general rule, patient information may be disclosed when specifically authorized by the patient; when it is necessary for purposes of treatment, payment, or health operations, or when required by law. There are rules that apply to each of these types of disclosures, discussed in more detail in the Eye Center of Central Georgia’s Privacy Policies.


  • Be aware of confidentiality when answering patient questions, providing test results, making appointments, making referrals, checking insurance eligibility, obtaining prior approvals, etc.


  • As a general rule, an adult patient’s information cannot be released to a patient’s spouse or other family member without the patient’s authorization. For example, if a patient’s husband calls asking for the results of his wife’s pregnancy test, our policy is to tell him that “we are sorry, but we cannot release information without the patient’s specific written authorization.”


  • Patient information regarding an adult child should not be disclosed to a parent without the patient’s authorization.


  • For minors, patient information cannot be released to third parties without the consent of the patient’s parent or legal guardian.


  • Employees should not allow medical information on computer monitors to be visible to patients.


  • Backups of electronic health records will be maintained on a secure server off-site.  Backups of the visual field data will be maintained on a USB drive and kept off-site by the Privacy Officer or his/her designate.


  • Do not disclose your passwords to anyone, including other employees. Passwords will be assigned by the IT Team, changed at appropriate intervals, re-issued when there is a concern that passwords are not secure, and revoked when an employee leaves the practice.


  • Keep patient charts, encounter forms, and other documents face down. Never leave such documents where unauthorized persons can see or take them.


  • Dispose of any written material that may contain protected health information in a locked shred bin.


  • Place medical records, test results, and other information in boxes outside exam room doors so that they face the wall.


  • Speak softly to others in person or over the phone.


  • Try to avoid stating the patient’s name whenever possible.


  • The fact that an individual is a patient at the Eye Center of Central Georgia is confidential information.


  • Whenever possible, speak to patients about their medical information in private offices and exam rooms.


  • Do not discuss the patient’s condition, reason for the visit, and other details in the waiting area or in front of those not involved in their care.


  • When making an appointment, ask the patient where they may be reached to confirm the appointment, ask questions, or for other purposes.


  • If you call the patient to confirm an appointment, provide test results, etc. and the patient is unavailable, simply leave a message for them to call you back.  If you get an answering machine or voicemail, leave a message with your name and phone number, asking them to call you back.


  • Unless you are sure we have the patient’s written permission to release information, do not do so.


  • Unless you have the need to know, do not ask patients why they are here, what problems they are having, and the like.


  • If you pull medical records, file information, etc., do not read any more information than necessary to complete the task at hand. For example, if you are asked to pull a patient’s chart, you do not need any more information from the chart than the patient’s name and account number.  If you are asked to find certain information in the chart, do not read any more information than necessary.


  • Information about employees that receive care will be considered confidential just as if they were a patient who is not employed by the Eye Center of Central Georgia.


  • When you see patients outside the office, do not ask specific questions from your knowledge of their patient information unless you can do so privately and it is appropriate.Patient information should never be discussed or otherwise provided in public or other areas where unauthorized persons could obtain protected information.