Employee Handbook

14.31 Computer Terminals and Workstations

14.31.1 Policy Statement

Computer terminals and workstations will be positioned/shielded to ensure that protected health information (PHI) is protected from public view, view by those without a need to know whether inadvertent or otherwise, or unauthorized access.

14.31.2 Policy Interpretation and Implementation

Positioning/Shielding Workstation/Terminals

Insofar as practical/feasible, computer terminals/workstations shall be positioned or shielded so that screens are not visible to the public and/or to unauthorized staff.

 

 

Access Limitations

Only authorized users are granted access to individual and Health Plan information. Such access is limited to specific, denied, documented and approved applications and level of access rights.

 

 

Leaving Workstations or Terminals Unattended

A user may not leave his/her workstation or terminal unattended for long periods of time (e.g., breaks, lunch, meetings, etc.) unless the terminal screen is cleared and the user is logged off. Each user must log off at the end of his/her work shift.

 

 

Clearing Terminal Screens

A user must clear the terminal screen if the workstation or terminal is left briefly unattended.

 

 

Securing Hard Copy Data

All hard copy printed information must be positioned in such a manner that it cannot be viewed or read by the public and/or unauthorized staff. Such data must be placed in designated secure areas upon leaving the work area and at the end of the work shift.

 

 

Sharing/Piggyback of Password/User ID Code

A user may not (1) share or disclose his/her password or ID code with other staff members or other non-staff members, or (2) allow staff members or other non-staff members access privileges (e.g., piggyback access) while the user is logged onto the information system used by the Health Plan.

 

 

Record Retention

A copy of all HIPAA covered information and any revisions shall be maintained for a period of at least six (6) years. Such retention may be in printed or electronic format, or both.

 

 

Privacy Officer

The Privacy Officer is responsible for the development and implementation of the HIPAA policies and procedures. The Privacy Officer is also the contact person for any questions or complaints regarding HIPAA. Questions or concerns about HIPAA rights should be directed to the HIPAA Privacy Officer during regular business office hours Monday through Friday, except holidays at (651) 696-6280.

 

 

Violations

Violations of this policy will be subject to discipline.