Question: We're an academic medical center and we must routinely teach our medical students and trainees about HIPAA's privacy rule and how they must safeguard PHI. What do you think is the most important piece of information to impart to students about HIPAA who are just being introduced to patient privacy? Answer: "The thing we were most concerned about was students taking PHI from a training setting and disclosing it back in a classroom," says Rebecca Hutton, privacy officer at the University of Wisconsin - Madison. "That's what we were trying to emphasize the most -- that [students] could not use identifiable information except in the training setting."
New York Subscriber
Hutton says sometimes students would bring protected health information back from a training site and disclose it among classmates for, say, a class presentation. So, informing students of their responsibilities with PHI was of grave concern to her and other professionals at UW.
Additionally, Hutton tells Eli that students often have trouble de-identifying PHI. "If you look at what you have to do to de-identify PHI under HIPAA, not all of that is really intuitive and identifiers can easily slip out in a conversation."
Tip: Make sure you provide your trainees with a list of the 18 identifiers that make up an individual's PHI. You can download the list at www.hhs.gov/ocr/combinedrules.pdf on pp. 29-30.