Tips to Safeguard Protected Health Information(PHI) and Prevent Breaches

A covered component within the University of Oregon is required to apply reasonable safeguards to protect the confidentiality, availability, and integrity of any protected health information (PHI).

  • Avoid sending PHI to distribution lists, or list serves.
    •  Double check the email address before sending information.
  • Do NOT send PHI to a personal email address.
  • Do NOT auto-forward your University of Oregon email to a personal email account. Others may not be aware that you are auto-forwarding and may send you PHI.
  • Be cautious about use of spreadsheets.
    •  Think before distributing them to a group without a legitimate reason and do not send to personal email accounts.
  • Use care when transporting PHI in any medium. Lost paper documents with PHI and electronic media are a major source of breaches.
  • Portable devices such as laptops and flash drives should be encrypted.
  • Shred paper with PHI when you are finished using it.

Best Practices for Data access, storage, and transmission

  • Only collect the personal or sensitive information that you need for the purpose.
  • Store any personal or sensitive information for only as long as you have a legitimate business need.
  • Only access the minimum amount of information necessary to accomplish the intended purpose.  
  • Restrict access to personal or sensitive data.  You should limit the number of staff that has administrative rights to that information.