Tips to Safeguard Protected Health Information(PHI) and Prevent Breaches

A covered component within the University of Oregon is required to apply reasonable safeguards to protect the confidentiality, availability, and integrity of any protected health information (PHI).

Avoid sending PHI to distribution lists, or list serves.
- Double check the email address before sending information.
Do NOT send PHI to a personal email address.
Do NOT auto-forward your University of Oregon email to a personal email account. Others may not be aware that you are auto-forwarding and may send you PHI.
Be cautious about use of spreadsheets.
- Think before distributing them to a group without a legitimate reason and do not send to personal email accounts.
Use care when transporting PHI in any medium. Lost paper documents with PHI and electronic media are a major source of breaches.
Portable devices such as laptops and flash drives should be encrypted.
Shred paper with PHI when you are finished using it.

Best Practices for Data access, storage, and transmission

Only collect the personal or sensitive information that you need for the purpose.
Store any personal or sensitive information for only as long as you have a legitimate business need.
Only access the minimum amount of information necessary to accomplish the intended purpose.
Restrict access to personal or sensitive data. You should limit the number of staff that has administrative rights to that information.

Search this site

Safety and Risk Services Menu

Chemical Safety Menu

Biosafety Program Menu

Laboratory Safety Menu

Laboratory Safety Manual Menu

Laboratory Safety Advisory Committee (LSAC) Menu

Safety and Risk Services

Tips to Safeguard Protected Health Information(PHI) and Prevent Breaches

Best Practices for Data access, storage, and transmission