Protected Health Information (PHI) Policy
Purpose:
To establish a mechanism to protect the confidentiality of the individuality of individually identifiable
patient/member health and financial information (PHI) from any unauthorized intentional or unintentional use or
disclosure in accordance with the Privacy Standards adopted by the U.S. Department of Health and Human Services,
45 C.F.R. parts 160 and 164, subparts A and # (the “Privacy Rule”) and the Security Standards adopted by the U.S.
Department of Health and Human Services, 45 C.F.R. parts 160, 162, and 164, subpart C (the “Security Rule”).
Policy:
The ATC Health Science Program Instructors, Health Science students, and ATC affiliated
employees and agents are expected to treat all PHI in any form (paper, electronic, verbal, etc.) as confidential in
accordance with government regulations, professional ethics, legal requirements, and accreditation standards.
Definitions:
1. Individually Identifiable Information – Information, that when linked with health or medical information,
constitutes PHI. The following identifiers will be removed in order for the information to be de-identified:
a. Names of the individual and relatives, employers, or household members of the individual
b. Geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code,
and their equivalent geocodes, except for the initial three digits of a zip code if:
1. The geographic unit formed by the combining all zip codes with the same first three numbers
contains more than 20,000; and
2. The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people
is changed to 000.
3. All elements of dates, except year, or dates directly related to an individual including birth date,
admission date, discharge date, date of death and all ages over 89 and all elements of dates
(including year) indicative of such age, except that such ages and elements may be aggregated
into a single category of age 90 or older;
4. Telephone numbers
5. Fax numbers
6. Electronic mail addresses
7. Social security numbers
8. Medical record numbers
9. Health plan beneficiary numbers
10. Account numbers
11. Certificate/license numbers
12. Vehicle identifiers and serial numbers, including license plate numbers
13. Device identifiers and serial numbers
14. Web Universal Resource Locators (URLs)
15. Internet Protocol (IP) address numbers
16. Biometric identifiers, including finger and voice prints
17. Full face photographic images and any comparable images
18. Any other unique identifying number, characteristic, or code
2. Patient - Any individual who is receiving or registered to receive medical treatment.
3. Protected Health Information (PHI) - Any individually identifiable health or financial information, whether
verbal, written, electronic, or otherwise recorded in any form or medium that:
a. Is created or received by a Health Care Facility or one of its affiliated entities or one of their
employees, agents, or assigns,
b. Relates to the past, present, or future physical or mental health or condition of an individual; the
provision of health care to an individual, or the past, present, or future payment for the provision of
health care to an individual.
Requirements: Students will adhere to the following:
A. PHI will not be released without a complete and valid written consent or authorization signed by the patient,
parent, or legally authorized representative unless a release of the PHI is specifically allowed by State
and/or Federal law without a valid authorization.
B. PHI will not be divulged unless the patient, parent, or legally authorized representative has properly
consented to the release or the release is otherwise required or permitted by law and in accordance with the
Health Care Facility Policy – Use and Disclosure of Protected Health Information.
C. PHI will only be accessed and released in accordance to the Minimum Standard Necessary.
a. Students are only authorized to access those medical records or PHI for patients within the scope
of the learning environment.
b. Students are not authorized to access or release medical records or PHI belonging to their own
family, themselves, health care facility employees, friends, or neighbors.
D. Only the minimum necessary amount of information required by the requestor will be disclosed when a
release is appropriately authorized.
E. Appropriate steps will be taken to prevent unauthorized re-disclosures of PHI received from any source.
Confidentiality Statement: All students are required to sign the ATC Health Science Program Confidentiality
Statement before they can attend the hospital orientation.
Training: All students are required to be trained in regard to HIPAA, confidentiality, and PHI to the extent necessary
to carry out their assigned functions while participating in hospital rotations at the health care facility. This training
will be documented and retained in the student’s permanent file.
Training will occur in the following manor:
1.
2.
3.
4.
5.
Classroom lecture and discussion
Written assignments
Quizzes
Mandatory Hospital HIPAA Test – Pass 100% on the first attempt without modification or assistance.
Hospital Orientation
Sanctions: Unauthorized or improper access, use, and/or disclosure of PHI by a student will result in disciplinary
actions and permanent removal from Hospital Rotations. Other possible sanctions include civil fines and/or
penalties, criminal sanctions, and/or lawsuits and judgments against the student for civil damages.
Reporting: A student who believes they have observed a violation of HIPAA will report it to their Health Science
Instructor. There will not be any retaliation taken against the student for making such a report in good faith
Reference: 45 CFR, Subchapters 160 and 164, Federal Register Volume 65, No. 250, Issued 12/28/00
45 CFR, Subchapters 160, 162, and 164, Federal Register Volume 68, No. 34, Issued 12/20/03
Texas Health and Safety Code, Chapter 44, Subchapter D, 44.071 et seq
Texas Health and Safety Code, 241.151 et seq
Texas Mental Health Code Chapter 611
Texas Occupations Code Chapter 159
9/15
Denton ISD does not discriminate on the basis of race, religion, color, national origin, sex, or disability in providing education or providing access to benefits of
education services, activities and program, including vocation programs, in accordance with Title VI of the Civil Rights Act of 1964, as amended: Title IX of the
Educational Amendments of 1972; Section 504 of the Rehabilitation Act of 1973, as amended; and Title II of the Americans with Disabilities Act. Inquiries
regarding these policies should be directed to the Executive Director of Human Resources (940) 369-0000.
Agreement and Release of Liability for
Educational and Hospital Rotations Experience
I acknowledge and agree to the following guidelines:
1. It is understood that if the student becomes ill or injured while at the health care facility ,the facility will
provide immediate emergency treatment, however, the parent/guardian will accept responsibility for all
medical expenses incurred.
2. It is understood that the student must attend the mandatory hospital orientation on the designated day in
order to participate in hospital rotations. There will not be a make-up day for orientation.
3. It is understood that the student will not receive or accept monetary compensation, employee benefit, or
other type of remuneration for the learning experience during hospital rotations.
4. It is understood that it is the student’s responsibility to keep all PHI which they become privy to during their
learning experience confidential and shall not discuss it with anyone, except to the extent necessary to
complete their educational experience.
5. It is understood that the student will comply with all local, state, and/or federal laws, ordinances and/or
regulations that apply while participating in the learning experience at the hospital.
6. It is understood that the student must be up to date with their immunizations, provide current negative Tb
test, submit to the random drug screen administered by Texas Health Resources Employee Health, and
comply with the Health Care Facility’s Policies and Procedures.
7. It is understood that the student must be in satisfactory health and free of any communicable disease that
would create a health risk to any patient at the Health Care Facility in order to participate in hospital
rotations.
I do hereby hold the Advanced Technology Complex, Health Science Program and Instructors, Denton ISD along
with the Health Care Facility, its trustees, directors, officers, employees, agents, volunteers, patients, and medical
staff harmless from and against any and all liability for personal injury, sickness, disease, death, or damage to
property that results from my direct or indirect participation in the educational experience at the Health Care Facility.
This is a legal release of liability form. I have read this form carefully and have had all questions answered before
signing.
_____________________________________________________
Print Student Name
______________________________
Student Date of Birth
_____________________________________________________
Student address
______________________________
Student ID #
_____________________________________________________
Signature of Student
______________________________
Date
_____________________________________________________
Parent/ Guardian Signature
______________________________
Date
9/15
Student Confidentiality Agreement and Acknowledgement
As a student receiving training, it is understood that I must keep confidential all information about a patient’s identity,
health, and/or finances (also known as PHI – Protected Health Information) that I may hear, see, or read through my
learning experience during my hospital rotation at the Health Care Facility.
I agree to keep this confidence forever, even after I am no longer assigned to the Health Care Facility or in the Health
Science Program.
I understand that legal action may be taken against me if I:
1. Have , use, copy, or read PHI which is outside the scope of my assigned duties
2. Give or allow access to any PHI which is not authorized or otherwise allowed by law
In addition, I understand there are Federal and State laws in regard to confidentiality of PHI and that if I do not follow
the above requirements, it could result in the following:
1. Civil fines, penalties and/or criminal sanctions against me and/or the Health Care Facility along with the
Denton ISD and Health Science Program and Instructors.
2. Civil lawsuit and judgment against me personally and/or the Health Care Facility along with the Denton
ISD and Health Science Program and Instructors.
I understand that if I do not follow these legal requirements, it will result in disciplinary actions against me up to and
including termination of privileges to continue participating in hospital rotations and continuing in the Health Science
Program.
We have read and discussed the above information. It is understood the consequences and legal implications for the
student’s non-compliance.
_____________________________________________________
Print Student Name
_______________________
Student ID#
_____________________________________________________
Student Signature
_______________________
Date
_____________________________________________________
Print Parent/Guardian Name
_____________________________________________________
Parent/Guardian Signature
________________________
Date
9/15