axiUm Remote Access HIPAA Compliance and Confidentiality

Keep your personal computer system HIPAA-safe

Faculty, staff, Residents, and students are reminded of their professional obligation to protect private patient information. All use of computer based patient information must be in compliance with HIPAA guidelines. Logging into a patient’s HIPAA protected record and then leaving the computer unattended thereby allowing unauthorized individuals to have access is a violation of HIPAA and will result in loss of access privileges.

Faculty, staff, Residents, and students must insure that they keep their axiUm and their network password secure. Absolutely no one should have access to another individual’s access information. Failure to secure this information is a violation of HIPAA and will result in loss of access privileges.

Faculty, staff, Residents and students use of clinical patient photographs is acceptable for educational purposes. All patient-related identification must be removed from the photographs and as well as from the file names of the image documents. Full-face images must have the eyes blocked out sufficiently to prohibit patient identification, unless the patient has specifically signed a document releasing the right to use such images.

HIPAA and Email
  • HIPAA prohibits the transfer of patient information over non-encrypted email.
  • Protected patient information must not be included in any form of email or social media.

OneDrive Secure File Sharing allows you to share files securely with recipients both inside and outside of the University. Read More about OneDrive ›>

Faculty, staff, residents, and students must not store protected patient information on individual computers, hard drives, jump drives or mobile electronic devices, or in printed media or cloud storage. This applies to devices on or off campus. All protected patient information storage must occur only on University servers using software and locations specifically designated by IT for this purpose. Failure to adhere to the policies in this paragraph places private patient information at risk HIPAA violation and will result in loss of data access privileges.

Students may store their patient names and phone numbers, for their assigned patients, on non-server devices for use in after-hours contact of patients for scheduling purposes. In this case the patients’ last names should be abbreviated as much as possible to minimize the chance of patient identification by non-SDM personnel.