10 Health Insurance Portability and Accountability Act (HIPAA)
HIPAA: Patient Privacy Standards
Confidentiality of patient information is an ethical standard that must be maintained by the student during the course of the student’s education.
Students are expected to protect patient information by following HIPAA guidelines and all additional hospital guidelines related to patient information security. HIPAA guidelines must be followed when using personal social media. Students will refrain from discussing any clinical experiences via Facebook, Twitter, text, etc.
Students are expected to complete annual training and education in HIPAA and Mobile Device security as part of their compliance requirements. These training certificates are saved in the student’s file and updated each year.
https://compliance.iu.edu/compliance-areas/hipaa/training.html
In addition to the annual HIPAA training, students are required to sign a form prior to starting clinical courses, which confirms their understanding that they are not to discuss patient/hospital information (even if it is not a patient they x-rayed) at any time through social media and that doing so is a HIPAA violation and grounds for immediate program dismissal.
Students may not access patient information or examinations unless the information is needed for educational purposes. Students requiring patient information or examination images are to respect the privacy of the patient and remove patient names from such information and images. Additionally, patient ID numbers are to be removed from all images and information unless the faculty member specifically indicates that numbers are to remain.
Students are to refrain from discussing patients and patient information except as related to their education.
Please refer to Indiana University’s Health Sciences Compliance Plan for detailed information regarding the Health Sciences Compliance Policy. https://compliance.iu.edu/compliance-areas/hipaa/training.html
Violations of Patient Privacy
Students who fail to comply with the patient privacy policy will be disciplined on an individual basis. Action may include reprimand, probation, removal from a specific hospital, and course failure and/or program dismissal depending on the severity of the situation.