Patient Confidentiality Philosophy

The Ohio State University College of Dentistry (CoD) recognizes the importance of patient confidentiality and is committed to protecting patient privacy in compliance with applicable state and federal privacy regulations. It is the philosophy of the CoD to maintain the confidentiality of patients’ medical and dental information. All CoD employees, students, volunteers and outside contractors working with Protected Health Information (PHI) are required to maintain and respect the patient's right to confidentiality. All information made known in the course of providing treatment or generated in connection with patient care activities is confidential. Confidential patient information is not to be disclosed without the patient's consent, except as required by law.

1. Medical and Dental Information

Medical and dental information is considered any information regarding the health status, provision of health care or payment for health care that is created or collected by the CoD that can be linked to a specific individual. Additionally, information that is a subset of health information, including demographic information collected from an individual, and is created or received by the CoD is considered confidential. Furthermore, information generated through interaction between patients and health care providers at the CoD is considered confidential. The expectation of confidentiality extends to all forms of information regardless of how the information is maintained and stored, including, but not limited to hard-copy, photocopy, microform or automated/electronic form.

2. Access to Patient Information

Individuals with access to PHI may only obtain information that is necessary for job performance. Access to medical/dental information is restricted to CoD faculty, staff, residents, students, observers, volunteers and outside contractors that have a legitimate business need to access such information. It is the responsibility of all faculty, staff, residents, students and volunteers/observers to limit their access to PHI to the minimum necessary when required to perform their jobs. All individuals, including employees and students whose friends or relatives are treated at the CoD, must request patient information through established procedures. Regardless of the format in which information is obtained, such as verbal, written, or electronic, it must be treated with the same level of confidentiality. Accessing PHI (including self) other than what is required to do your job is not permitted. Accessing PHI is not to occur simply to satisfy a curiosity. It is unacceptable to look up PHI in any data system on yourself, family members, friends or co-workers unless it is required to perform your job functions. Any person accessing information electronically must utilize his/her own authorization log-in and password to do so. Furthermore, in order to protect the confidentiality of medical/dental records and to control hard copy medical/dental records in the patient care clinics, hard copy medical/dental records must be signed out for authorized use whenever they are physically removed from the clinic or records room (e.g., to accompany the patient to another appointment within the CoD).The CoD has established procedures to limit the uses, disclosures and requests for PHI, internally and externally, to the minimum necessary for the intended purpose(s) of the use, disclosure(s) or requests of such information.

3. Third Party Carrier Patient Information Requests

All third party carrier requests for PHI for all current and non-current patients must be referred to the CoD Patient Financial Services office. Faculty, staff, residents, students and
volunteers/observers should follow the CoD established procedures on third party disclosures. The release of information must be documented by the individual making the disclosure in axiUm.

4. Protected Health Information

PHI, as well as Individually Identifiable Information, may not be displayed where it is visible from any public area. Reports, documents and other media, including in electronic form, with patient identifiable information, which are to be discarded, must be disposed of by shredding or other legally effective means of destruction. The security and accessibility of medical and dental information must be assured by the individual to whom the medical and dental information has been entrusted. PHI may only be discussed with other faculty, staff, residents, students and volunteers/observers if they are participating in the care of such patient.
Discussions involving the treatment and care of patients should be held in treatment areas or other areas where the public is not likely to overhear the discussions. Recognizing that not all treatment areas are completely private, reasonable effort should be made to minimize the potential for unintended incidental disclosures of PHI. It is the responsibility of all faculty, staff, students and volunteers/observers to refrain from discussing information about CoD patients in public places such as elevators, reception areas, hallways or the cafeteria.

5. Implementation and Compliance

All faculty, staff, residents, students and volunteers/observers are responsible for protecting the patient's confidentiality. It is to be considered an important aspect of an individual’s performance evaluation program. Inappropriate disclosure(s), intentional or unintentional, may subject faculty, staff, residents, students and volunteers/observers to disciplinary action, up to and including termination or dismissal from the CoD program. Divisions/clinics are encouraged to develop area-specific procedures to promote patient confidentiality consistent with the philosophy of the CoD. Additionally, faculty, staff, residents, students and volunteers/observers are encouraged to contact the CoD Privacy Officer regarding questions or concerns around patient confidentiality and privacy.

Effective Date: 02/01/2018

Patients