University of Arkansas for Medical Sciences Logo University of Arkansas for Medical Sciences
HIPAA Office

HIPAA Hints

HIPAA is a federal law that protects the privacy and security of patients’ health information. UAMS requires all employees, students, faculty, and staff to sign the UAMS Confidentiality Agreement and to work together to protect the confidentiality and security of patient information and other confidential information.

  1. Use private areas to discuss patient information, if possible.
  2. Keep the volume of your voice lowered when having conversations concerning patients in non-private areas. If you overhear a conversation concerning a patient, keep it to yourself.
  3. When papers containing patient information are no longer needed or required, either shred them or place in a secure shredding bin. DO NOT dispose of paper PHI in a waste basket.
  4. Before talking with a patient’s family members or friends about a patient’s condition, it is best practice to check with the patient first.
  5. Before releasing patient information by phone, verify the caller’s identity – even if it is the patient calling. If it is not the patient, then verify that person’s identity and authority to have the information, or ask that the patient call instead.
  6. Only access/use patient information when needed to perform your specific job duties
  7. Log off your computer or “lock” your workstation using Ctrl/Alt/Del when you will be away from your work area so that patient health information cannot be viewed or accessed in your absence.
  8. Do not share your password with anyone or leave it where someone might see it. Never use the login credentials of another user.
  9. Check to make sure the encounter is not marked private before releasing any information. If it is marked private, simply tell the visitor or caller you have no information about the patient. Do not share that the patient is here at UAMS or the patient’s room number.
  10. Be careful not to leave patient information at copy machines, fax machines, printers or in conference rooms.
  11. When faxing information internally or externally, use an “official” UAMS coversheet and confirm recipient’s fax number and receipt of fax.
  12. Do not post patient information on social media sites (Facebook, Twitter, GroupMe, Snapchat).
  13. When emailing patient information to a non-UAMS email address, type [secure] in brackets in the subject line. This will make it secure and encrypted. Limit the information to the minimum necessary to accomplish the intended purpose.
  14. Emails sent from a UAMS email address to another UAMS email address are automatically encrypted and secure.
  15. Store patient information only on mobile devices (thumb drives and laptops) that are encrypted.
  16. Use privacy screens on computer monitors, or turn or position monitor so that it cannot be viewed by unauthorized persons passing by.
  17. Do not leave messages concerning a patient’s condition or test results on any answering machine.
  18. Protect yourself against phishing attacks. Be cautious of emails that request sensitive information (your login credentials, SSN or bank account number). Be suspicious of emails that appear to be from someone at UAMS who does not normally email you. Be suspicious of emails instructing you to open an attachment or click on a hyperlink. Report suspected phishing attacks to UAMS IT Technical Support Center at (501-686-8555) or through the IT self-service portal at itss.uams.edu
Printable HIPAA Hints Document (PDF)