It’s important for all Cooper team members to remember that patient privacy is a part of our job responsibilities. Having access to a patient’s records is a privilege and you should only access patient records for business reasons.
Cooper team members are allowed to access their own Epic record (view and print only): however, accessing ANY other patient’s record for any reason other than payment, treatment or operations is a HIPAA violation and can result in an HR sanction or possibly termination. To be clear, if you are not involved in the patient’s billing, part of the patient’s treatment team, or if the access is not within your normal daily workflow, accessing a patient’s record is not permissible.
HIPAA policies are not here to prevent you from doing your job. They provide guidance, assist us with ensuring patient privacy, and keeping Cooper compliant with NJ state and HIPAA guidelines.
It’s every team member’s responsibility to treat all patient information they may come in contact with as confidential.
- Information on paper needs to be covered when leaving the area, even if only for a moment.
- Lock your computer screen when you walk away from your screen; remember, you are responsible for what happens with your ID.
- Take proper precautions when having confidential conversations. For example, where possible, conduct confidential conversations in private settings.
- Only access a patient’s record for business reasons, such as payment, treatment, or hospital operations.
- Never share your password.
- Never use the same password for multiple applications; e.g., the same password for Epic that you use for your banking application.
- All data on mobile devices and emailed outside of Cooper must be encrypted,
- Be careful of what you post on social media—no patient information.
- Never open email attachments or click on a link in an email from someone you do not know.
- Only use TigerConnect to text PHI.
- Keep track of all paper containing patient information. Lock it up at the end of the day.
Every Cooper team member should know the following information:
- Location of Corporate Policy and Procedure Manual
- Location of Departmental Policy and Procedure Manual
- Location of Infection Control Manual
- Location of MSDS for your Department
- Location of the department emergency plan
- How information in your department is secured
- How to continue business if the computer systems are not available
- Policies and procedures on the intranet (Cooper Pulse > Cooper Policy Network (CPN).
- Location of the trifold housed in each department containing emergency/disaster plan.
If you have any questions regarding the above information, please contact your HR Business Partner at HRBusinessPartners@CooperHealth.edu. For Privacy and HIPAA-related questions, please contact the Privacy Office at PrivacyOfficer@CooperHealth.edu.