If you find patient information in the recycle bin please remove the items and notify the Office of Compliance Services – Privacy at x48638. Discarding patient information into a recycle bin is the same as throwing patient information into any waste bin or receptacle and it may result in a privacy violation.
Discard the items per your protocol; however, no labels with PHI should be placed into a trash can. IV bags that get thrown into the trash should have the labels peeled off and thrown into the confidential bin on your unit.
Yes. A limited number of Floppy disks and/or CD-ROMS may be disposed in a designated locked shredding container. However, if you have a large quantity, please contact the UCLA EVS Department for assistance.
If you or your area is supported by the UCLA Health System MITS Department contact the MITS Help Desk at 4-4357 (4-HELP).
If you are part of the David Geffen School of Medicine, contact your Computer Support Coordinator for assistance.
It is important to properly delete/erase the materials from the computer before disposing or redeploying it. Any sensitive information (i.e. medical, research, financial, educational) should be removed from the computer to prevent it from being disclosed to an unauthorized user or 3rd party.
If you find this information in a conference room or a clinical area, please ask around to see who might be the “owner” of the documents. If you cannot find the owner, please keep the documents and contact the Office of Compliance Services – Privacy at x48638.
When you have visitors, such as IT personnel, maintenance workers, or third party vendors, to your office or workspace, you should flip pages over so PHI is not exposed, cover items with a blank sheet of paper, or place the documents in a drawer or cabinet.
A protective cover should be used to prevent information being seen or items falling off the cart. The uneven streets and sidewalks create risk for a cart tipping over. A cover keeps the items contained and less likely to blow down the street. Contact your supervisor for assistance with purchasing the protective covers.
It is not recommended. Passwords that are written down can be easily stolen. While receiving a new password you may wish to write down your password until you have a chance to memorize it. If you do this, you should take extreme care not to lose the paper you have written it on. You should destroy the paper (e.g. shred it) once you have learned the password.
It is recommended that you store them in a secure location such as a locked drawer or cabinet. The important thing to remember is not to record them in your rolodex, post them on your computer monitor, or place it under your computer keyboard. Another suggestion is to maintain them in a personal digital assistant (i.e. Blackberry) which is password protected and/or encrypted.
Yes. Please remember to log-off your computer when you are finished with your session. This especially applies to situations where many individuals use the same computers (i.e. inpatient floors, physician workrooms, outpatient clinic) or if you work at a dedicated workstation. It is important because if someone else inappropriately accesses PHI under your userID – you may be held responsible. Play it smart.
Create complex but easy to remember passwords. The more complex a password the more difficult it is to crack. A password based on a dictionary word can be cracked in less than five minutes by a determined hacker with the proper tools. By contrast a complex password (i.e. upper and lower case letters, numbers and symbols), increases the time needed to crack a password to months. An easy way to create a password is to think of a sentence and use the first letter of each word in the sentence, leaving in the punctuation. For example, "I have one child named John!" becomes "Ih1cnJ!".