Print this page

/Institutions/University-of-Maryland-School-of-Dentistry/json/Clinic-Manual/Dental-Hygiene-Program-local.json

/Institutions/University-of-Maryland-School-of-Dentistry/json/Clinic-Manual/Dental-Hygiene-Program.json

Confidentiality of Patient Information

I. Policy Statement

It shall be the policy of the University of Maryland, School of Dentistry that all information regarding care of the individual patient

II. Policy Purpose

The purpose of this policy is to protect the patient, the clinical team, and the University of Maryland, School of Dentistry from inappropriate dissemination of information

III. Definitions

Aggregate Data: A collection of patient care or clinical information which does not reveal the identity of individual patients.

Central Repository of Patient Information: A physical archive or storage area where one or more of the several components of patient information are permanently maintained. E.g. Axium, Dolphin Imaging and Romexis.

Clinical Staff: Attending, courtesy, honorary, and visiting physicians, house officers and fellows, special purpose trainee staff members and nurses having practice privileges for the diagnosis and treatment of patients at the University of Maryland, School of Dentistry clinics.

Confidential Information: Any individually identifiable health information received, used or accessed by personnel of the School of Dentistry or its affiliated entities must be treated as protected and confidential.

Data Steward: Individual or department having access to patient information and having capability of providing for storage or transfer of patient information subject to this policy.

Due Care: That degree of care which other prudent, competent, persons providing patient services would exercise in similar circumstances.

Inappropriate Dissemination: Seeking access to and/or disclosing confidential information, regardless of intent, in verbal, written or electronic form:

• To individuals not involved in the care, treatment or clinical operations of that the University of Maryland Dental School patient; or
• To individuals who are involved with or know the patient but have no need to know the information; or
• In a setting where that information could be overheard by individuals who have no need to know (e.g., in elevators, lobbies, waiting rooms, hallways, dining rooms, etc.); or
• In a setting where information can be read or transferred from an unattended computer monitor; or
• Through sharing another person's electronic password.

Need to Know: Necessary to fulfill the mission or charge of the University of Maryland, School of Dentistry and its clinical staff, employees, trainees, students, volunteers, or vendors to provide quality patient care, education and research.

Patient Information: All information, data and/or knowledge relating to the care of a the University of Maryland, School of Dentistry sites and Health Centers patients, including but not limited to:

• The medical record, including data recorded on paper, on microfilm, or in a computer data base; or
• Pictorial, graphic, or multimedia representations (e.g. photographs, x-ray films ECG tracings, videotape); or
• Tissue specimens obtained for histological examination; or
• Administrative data, such as the data included in the University of Maryland School of Dentistry clinic management system; or
• Business or Financial Records.

Personnel: Any faculty, staff, students, and visitors of the School of Dentistry.

Trainee: Any individual involved, directly or indirectly, in the provision of patient care, one aspect of which is to further that individual’s knowledge; includes house officers, dentistry students, nursing students, and other health care professions students. A trainee may or may not receive financial compensation from the University of Maryland, School of Dentistry.

Vendor: Any individual or organization that sells or otherwise provides a good or service to the University of Maryland, School of Dentistry.

Volunteer: Any individual providing a service to the University of Maryland, School of Dentistry, coordinated through the Director of Volunteers in each corporate area, who receives no financial compensation from the University of Maryland, School of Dentistry for that service.

IV. Policy Standards

1. In order to ensure confidentiality, patient information collected and/or generated within the University of Maryland, School of Dentistry shall be maintained in such a manner
2. It shall be the responsibility of management in each department to determine what information its members need access to in order to complete their job functions. Viewing
3. It shall be the responsibility of management staff in each department in conjunction with the HIPAA Officer and/or Security Officer
4. It shall be the responsibility of respective data stewards in conjunction with the HIPAA Officer and/or Security Officer
5. In order to help ensure that only those employees with a need to know patient identifiable information are granted access to such information, data stewards will, on an annual basis,
6. Hard copy printouts and patient-identifiable electronic data will be stored in a secure area and maintained in a confidential manner as is currently required of paper medical records.
7. Every clinical staff member, employee, trainee, student, vendor, and volunteer at the University of Maryland, School of Dentistry shall be responsible for maintaining confidentiality of all information entrusted to them. All personnel of the School of Dentistry is expected to exercise due care in any discussion or use of patient information.
8. Every clinical staff member, faculty, trainee, student, vendor, and volunteer at the University of Maryland, School of Dentistry shall be responsible for taking annual HIPAA training and passing the HIPAA quiz in order to have access to clinical systems.
9. The University of Maryland, School of Dentistry characterizes as unethical and unacceptable any activity through which an individual:
   1. Voluntarily allows or participates in inappropriate dissemination of confidential patient information; or
   2. Interferes with the intended use of the information resources; or
   3. Without authorization, destroys, alters,
   4. Without authorization invades the privacy of individuals or entities
10. Infractions of this confidentiality policy shall be subject to the disciplinary action
11. Requests for access to patient identifiable data needed for research purposes must be accompanied by IRB approval.
12. Communication regarding confidentiality policies and monitoring of these policies for clinical staff shall be channeled through the Clinical Affairs Office or the Office of Information Technology.