A covered component within the University of Oregon is required to apply reasonable safeguards to protect the confidentiality, availability, and integrity of any protected health information (PHI).
- Avoid sending PHI to distribution lists, or list serves.
- Double check the email address before sending information.
- Do NOT send PHI to a personal email address.
- Do NOT auto-forward your University of Oregon email to a personal email account. Others may not be aware that you are auto-forwarding and may send you PHI.
- Be cautious about use of spreadsheets.
- Think before distributing them to a group without a legitimate reason and do not send to personal email accounts.
- Use care when transporting PHI in any medium. Lost paper documents with PHI and electronic media are a major source of breaches.
- Portable devices such as laptops and flash drives should be encrypted.
- Shred paper with PHI when you are finished using it.
Best Practices for Data access, storage, and transmission
- Only collect the personal or sensitive information that you need for the purpose.
- Store any personal or sensitive information for only as long as you have a legitimate business need.
- Only access the minimum amount of information necessary to accomplish the intended purpose.
- Restrict access to personal or sensitive data. You should limit the number of staff that has administrative rights to that information.