RubinBrown Team Member Manual

POLICY CONTINUED Policy Title: Policy Number:

Section: Protected Health Information Privacy and Security Including Release of PH 1203 Risk Management

If PHI is used or maintained off the client’s premises the information must be kept private and secure as follows:

• PHI should not be left in open work areas when the information is not being used • PHI should only be shared with team members that need to work with this information • PHI should be kept in file cabinets or drawers when not in use to limit its exposure • If being transported to or from the client work site, PHI:

1. Should be kept locked in the trunk or back of a car, 2. Should never be left in a car overnight, 3. Should never be in checked luggage,

4. Should be taken off of a team member’s hard drive as soon as reasonable 5. Should not be viewed or worked with in public areas including public transportation

PHI in electronic form should be in compliance with the security standards established by RubinBrown policies and procedures related to all secure and private client information including password protection, virus protection, back up and disaster plans, and user identification. PHI being discussed verbally either with the client or other engagement team members, should be done in an office or conference room with closed doors. If discussions are with the client or engagement team member on the phone, every effort should be made to do so in an office or conference room with the door closed or in a work area that limits others from hearing the conversation.

RUBINBROWN TEAM MEMBER MANUAL | 110