Cone Health has a moral and legal responsibility to protect the confidential information of patients and employees. In compliance with its accrediting agencies, state and federal regulations, Cone Health requires that all affiliates providing care, treatment and services must protect confidentiality. Failure to do so could result in loss of ability to provide services, care or treatment, one to 10 years’ imprisonment, fines from $100,000 to $250,000, or all of the aforementioned as outlined by the Health Information Portability and Accountability Act (HIPAA). HIPAA requires that we keep Protected Health Information (PHI) secure (this includes oral, written, printed and electronic reports). All reports including electronic reports are not to leave the department. Patient names or other identifying information must be removed from papers prior to disposal (e.g., shredded, made unreadable with a heavy black marker or placed in assigned containers/ locations). Sometimes PHI is communicated without intent while performing other normal and permitted activities in our roles and is thus called incidental disclosures. These include semi-private rooms and telephone conversations with other departments, and cannot be prevented using reasonable measures such as a lowered voice. So how can you prevent violations? What do you do if there is a violation? Refer questions about a patient to the nurse. Don’t review charts of patients if you are not involved in their care. Prevent public view of information by closing walleroos and placing charts/records face down. Avoid discussing patients in public areas such as the cafeteria and always be aware of who can hear you. Clearly just state, “I can’t talk about it, it’s private” or “we are required to protect the confidentiality of our patients”. To report violations or if you have any questions about patient privacy, follow the chain of command. Unless a patient objects, we can share name, room number with anyone who comes to or calls Cone Health asking for the patient by name. The chart should always be reviewed for restrictions prior to giving out any information including the fact that the patient is in our facility. If the patient has requested restrictions and you are asked if they are in our facility, simply say, “We have no information about such patient.” Please talk with your preceptor, supervisor, or the patient’s nurse if you have any questions about what information can and cannot be shared. Violation of Cone Health policies regarding privacy and confidentiality or any other breach of confidentiality will result in immediate corrective action, up to and including termination as a Non- Cone Health Employed Individual providing care, treatment and services. You can report any concerns to the Compliance and Privacy Help Line (855-809-3042) or online at www.conehealth.ethicspoint.com. Both methods of communication can be anonymous if you choose and Cone Health has a policy of non-retaliation. PATIENT PRIVACY and CONFIDENTIALITY (Health Information Portability and Accountability Act, HIPAA) It is the intent of Cone Health to maintain sound, ethical standards in all that we do. Policies and procedures in support of these standards are in place throughout Cone Health. Compliance and Integrity policies and guidelines are available on Cone Connects, under Tools and Resources. Non- Cone Health Employed Individuals providing care, treatment and services at Cone Health are required to support those policies and guidelines. There is a Compliance and Privacy Help Line (855-809-3042) or you may report online at www.conehealth.ethicspoint.com if you have any concerns. Both methods of communication can be anonymous if you choose and Cone Health has a policy of non-retaliation. COMPLIANCE and INTEGRITY PROGRAM AFFILIATE ORIENTATION MANUAL 6