Page 13 - Privacy_Program
P. 13
DP101.14.c Electronic PRPI. Electronic PRPI on computers will be held in password
protected files with access allowed only by those staff members (which herein
includes contractors, interns and temporary employees) with need for the
information because their work requires it. Staff members with computer
access to participant information will log off when leaving their computer
unattended. Before transporting approved mobile devices containing PRPI,
staff members must log off and shut down the device to require encryption log
on to open the device.
Staff members may only download PRPI if authorized to do their jobs on
GESMN authorized devices. Examples are encrypted GESMN laptops or
encrypted non‐ Fairview desktops, and approved desktops at 553 Fairview.
Downloading of PRPI to smart phones, unencrypted jump drives and disks, or
other unauthorized devices is strictly prohibited. Staff will use approved
encryption software (i.e., ZixMail) when e‐mailing PRPI outside of the
organization.
DP101.14.d Staff will make every effort to protect PRPI from incidental disclosures or
disclosures that violate the policies and procedures. Examples of methods
designed to protect PRPI from incidental disclosures are:
• Staff will not leave PRPI in plain view. This includes cubicles, by
mailboxes or other common spaces.
• Visitors will be escorted when visiting secure areas containing PRPI.
• Staff will not hold conversations involving PRPI in public areas.
All Employees with DP101.15 Staff will take necessary steps to verify the identity and legal authority of
Access to PRPI persons requesting disclosure of PRPI. This could include asking for a badge if
in person an authority identifies themselves as a law enforcement officer;
requiring that a request be provided (faxed, mailed or delivered) on
letterhead, or other steps as needed. Also see DP‐ 134 PERSONAL
REPRESENTATIVES for a description of when to treat a person as a personal
representative of a participant with respect to disclosure of PHI or other PRPI if
under applicable law.
All Employees with DP101.16 Disclosure of PRPI for Judicial or Administrative Proceedings
Access to PRPI
In certain situations, staff may receive a request to disclose PRPI pursuant to a
warrant, subpoena, order, or other legal process issued by a grand jury or a
judicial or administrative tribunal presumed to constitute legal authority. Staff
must forward these requests immediately to the Director of Information
Technology, Privacy and Data Security.
All Employees with DP101.17 Mitigating Effects of Unauthorized Use or Release of PRPI
Access to PRPI
Any use or disclosure of PRPI not authorized by GESMN Privacy Policies will be
immediately reported to the program manager or director, as applicable, and
to the GESMN Director of Information Technology, Privacy and Data Security
upon discovery of the release and all steps deemed necessary by GESMN will
be taken to mitigate any harmful effect that disclosure may have on the
individual
GES CONFIDENTIAL 13
