You wouldn’t want your Protected Health Information (PHI) strewn all over campus, readily available online, or being talked about in elevators, would you? Research subjects feel the same way about their PHI, which they agree to share when they sign up for certain types of research.
Here are some reminders about safeguarding PHI in the research context:
- Don’t access any PHI that’s not necessary for the research, and don’t discuss private information in public areas.
- Don’t take PHI with you if you leave UAMS. In fact, it’s best to not take it off campus even for a short time, if avoidable. There are physical safeguards in place on campus that aren’t available elsewhere.
- Any mobile device you use to store PHI research data must be encrypted. Contact the UAMS IT department for guidance on which devices are encrypted.
- Never, ever use publicly available cloud storage services such as Dropbox, Google Docs, or iCloud to store or transmit ePHI. UAMS BOX is one data storage option — click on this link to find out more about it.
- Don’t leave any mobile device — encrypted or not — unattended in accessible places such as a car, office, or some public place. Any lost or stolen device that either provide access to UAMS resources or contain UAMS information must be reported to the UAMS Technical Support Center.
Remember that the loss or theft of an encrypted device, such as an encrypted thumb drive, is not a breach under the HIPAA regs. However, the loss of an unencrypted device, is a HIPAA violation and potential breach, which can lead to some significant problems and fines. So remember that taking steps up front to properly access and maintain research-related PHI can prevent some really big headaches later.