Standard Operating System

PROCEDURE
Patient Confidentiality & PHI
No.:
Prepared By: Checked By:
Samson Manwa Richard Ngethe
Version: 02
Approved: Date: Eff date:

Review date: 30th September 2014

Responsible Official: Data Managers, All Health Facility Staff including Interns & Volunteers

Patients Confidentiality and Protected Health Information

Standard Operating Procedure (SOP)

1. Purpose

Data collected at care & Treatment facilities is to be strictly confidential and the procedures for
collecting, storing and utilizing this data must ensure the privacy of this information.

Revealing patient identifiable information to someone who does not need to know is a violation of law
and Futures Group will not seek to publish this data, but will use the information to help partners
improve care.

The procedure in this SOP explains how to maintain confidentiality when storing, sending or sharing
information/data.

2. Applicability

This policy is applicable to all partner care & treatment facilities supported by Futures group and its
partners.

3. Definitions.

3.1. CD – Compact Disk

Version 1
Page1
August 29, 2012
 3.2. PHI – Protected Health Information.

3.3. 7Zip – Encryption software.

4. Procedure

4.1. Storage of Confidential data

i) Rooms containing individual medical records or HIV program data must be properly secured
to limit unauthorized access.
ii) Properly secured equipment within facilities – room or cabinets – which are locked and
appropriately monitored.
iii) Backing up data, to enable data recovery in the event of natural disaster or data loss.
iv) All computers need up-to-date anti-virus and intrusion-detection software.

4.2. Sending confidential document – through Flash disk/CD /Electronically

i. De-identify the database

ii. Send the encrypted and de-identified database/doc
iii. 7zip can encrypt the archive contents including file names – that way there is no indication
of the contents of the file to potential hackers

HowtoEncryptUsing7Zip
(a) Highlight the document or database you want to encrypt
(b) Right click and select 7-zip and then select the option called “add to archive” - see
figure 1 below
(c) Give archive a name and use a strong password
(d) Click ok to finish

Version 1
Page2
August 29, 2012
 iv. Do not send password in same email as the link
You do not need to encrypt every attachment you send, consider the sensitivity of the
information you are submitting, if it has no patient identifiers e.g. the monthly report
and CDC reports, then it’s safe not to encrypt it.

4.3. Data sharing - among consortium

i. Provided recipient will be using data for legitimate health purpose

ii. The nature and amount of data shared should always be the minimum amount of data
required to successfully complete the task.

Version 1
Page3
August 29, 2012