Professional Documents
Culture Documents
PROCEDURE
Patient Confidentiality & PHI
No.:
Prepared By: Checked By:
Samson Manwa Richard Ngethe
Version: 02
Approved: Date: Eff date:
1. Purpose
Data collected at care & Treatment facilities is to be strictly confidential and the procedures for
collecting, storing and utilizing this data must ensure the privacy of this information.
Revealing patient identifiable information to someone who does not need to know is a violation of law
and Futures Group will not seek to publish this data, but will use the information to help partners
improve care.
The procedure in this SOP explains how to maintain confidentiality when storing, sending or sharing
information/data.
2. Applicability
This policy is applicable to all partner care & treatment facilities supported by Futures group and its
partners.
3. Definitions.
Version 1
Page1
August 29, 2012
3.2. PHI – Protected Health Information.
4. Procedure
i) Rooms containing individual medical records or HIV program data must be properly secured
to limit unauthorized access.
ii) Properly secured equipment within facilities – room or cabinets – which are locked and
appropriately monitored.
iii) Backing up data, to enable data recovery in the event of natural disaster or data loss.
iv) All computers need up-to-date anti-virus and intrusion-detection software.
HowtoEncryptUsing7Zip
(a) Highlight the document or database you want to encrypt
(b) Right click and select 7-zip and then select the option called “add to archive” - see
figure 1 below
(c) Give archive a name and use a strong password
(d) Click ok to finish
Version 1
Page2
August 29, 2012
iv. Do not send password in same email as the link
You do not need to encrypt every attachment you send, consider the sensitivity of the
information you are submitting, if it has no patient identifiers e.g. the monthly report
and CDC reports, then it’s safe not to encrypt it.
Version 1
Page3
August 29, 2012