Protecting Information

It is easy to become careless about the information we handle in our work area because we have authorized access to this information. But just as we should familiarize ourselves with LLUMC procedures and fire safety rules, we need to know what to do to protect ourselves and others from a breach of confidentiality and/or break in information security. It is even more important to prevent access by unauthorized persons. Here are some ways to protect the security and confidentiality of information:

Be very cautious in providing information requested by phone callers:

• Verify the identity of the caller if possible – if not possible tell the caller you will call them back.
• Verify the caller's need to know the requested information – refer any unusual requests to a supervisor.
• DO NOT give out any unauthorized information – if you are not sure…ASK your supervisor.
• Be aware of other people in the area who could overhear your conversation.

DO NOT discuss confidential information in areas where it can be overheard:

• Inside or outside of cafeterias
• Waiting for or inside of elevators
• In patient waiting areas or on the phone in general access hallways or meeting rooms.

Additionally you must:

• Establish “need-to-know” before discussing information with co-workers and others.
• Politely challenge unauthorized visitors or other curiosity-seekers.
• Appropriately label confidential or sensitive documents.
• Clear your work or desk area of all papers at the end of the day.
• Lock sensitive documents in a drawer, cabinet, or safe (if available) – keep the access keys hidden.
• Properly discard any paperwork that contains confidential information by, for example, shredding it.

AND REMEMBER . . .
DO NOT access any information (including computerized, written, or otherwise) about other employees, patients who are also employees, or your own family or friends who are also patients. - (Breaches of information security and confidentiality of this type are the most common).

Computers are used throughout the institution to input, print out, change, re-arrange, and store all kinds of information as noted in the previous sections. If you have computer access, your password gives you access to multiple sources of information, and is intended for your work use only. You are responsible for any access made under your user ID and password. If you work with a computer system, here are some of the ways you can protect both the computerized information and your password access to this information:

• Make sure that anyone using a computer terminal in your area is authorized to do so.
• When confidential or sensitive information is on the screen, be sure that no one else can view it.
• Be sure to sign-off or log-off when you leave the computer terminal, or you have completed your computer tasks…even if you plan to return to the computer, or continue to work in just a moment.
• Protect your password: DO NOT share it with anyone or allow anyone to borrow it, not even once.
  • Change your password periodically.
  • Immediately change a password you suspect may have been stolen or if others know what it is.
  • Choose "hard-to-guess" passwords.
  • Sign-off or log-off when you have completed your computer tasks.
  • Enter your password in private.
• ONLY access computerized information that is necessary for your job tasks…this does not include accessing information for personal use or curiosity.
• If you need to allow someone access to your computerized information while you are away or on vacation, arrange for your supervisor to access the information.