HIPAA gives individuals rights and protection of personal health care information. The consequences of allowing others who should not have access to see this personal information can be severe for you and your organization, even if this happens by accident.

Under HIPAA, protected health information (PHI) is individually identifiable health information that is oral, electronic, or on paper and relates to an individual’s past, present or future physical or mental health, healthcare provided to an individual and the past, present, or future payment for health care that identifies an individual

A “breach” is any unallowable use or disclosure of PHI that compromises the security or privacy of the PHI. No matter how small a violation may seem, it can still result in fines and a damaged reputation.

Report concerns to HIPAA Privacy Officer: Benita Johnson, 903-234-4220 or 903-736-3350.

Common PHI identifiers include: Name, street address, city, county, zip code, all dates except for the year related to the person including birth date, admission date, and discharge date, date of death, telephone number, fax number, email address, social security number, account number and insurance number.

• Take a picture of individuals served and post it to social media.

• Text your friend that you can’t believe who you just saw.

• Tweet about the encounter even if you don’t post a photo.

Organizational policies and procedures address the privacy, security and integrity of Health Information and intentional destruction of health information. Only staff who are designated can remove health information.