If you have a HIPAA privacy question or concern, please call either the Office of HIPAA Privacy at 954-262-4241, or your designated HIPAA Liaison, or the NSU Ethics and Compliance Reporting Hotline at 888-609-NOVA (6682), if you wish to remain anonymous.
The HIPAA Privacy Rule and NSU Health Care Component HIPAA Privacy Policies generally require that we access, use, and disclose only the minimum amount of protected health information (PHI) necessary to complete a work-related duty, and that we do so only when the PHI is needed for that specific task. For example:
Put them in the locked shredder bin in your area. Make sure you always leave your workspace free of paper protected health information (“PHI”) before you leave at the end of your day.
Please refer to Nova Southeastern University's Records Management and Destruction Policy located at https://www.nova.edu/records/policies-and-procedures.html.
Misdirected faxes received by NSU Health Clinics and/or other NSU departments from non-NSU health care facilities may expose non-NSU health care facility patient and other confidential information to individuals who are not authorized to see that information. In the event of this occurrence please proceed as follows:
No, you must use your work access for work-related purposes only. However, you may use the NSU patient portal to access your own health records.
No, in this case, viewing your spouse’s lab results is not job-related and therefore is prohibited. You may only use your work access to view the health records of a family member (or other individual) when necessary to do your job. This is true even if the family member or other person gives you permission. In this case, viewing your spouse’s lab results is not job-related and therefore is prohibited.
However, if you have been authorized to view the laboratory results of other people, (e.g., your spouse) you may do utilizing either the laboratory’s patient portal or the NSU Health Clinic patient portal, if available. Additionally, your spouse may view their information utilizing the laboratory’s patient portal or the NSU Health Clinic patient portal, if available, or requesting a copy their information via a written authorization from the laboratory or the NSU Health Clinic.
No. The HIPAA Privacy Regulations prohibit the use of protected health information (“PHI”) on social media without patient Authorization. This includes posts about specific patients, in addition to images or videos that may result in a patient being identified. Some examples of potential HIPAA violations using social media include:
Safeguard protected health information (“PHI”) at home just as you would if working on campus.