Staff members with access to PHI are not allowed to disclose PHI outside of the
                                             applicable S&P service area other than for purposes stated in GESMN’s Privacy
                                             and Data Security policies or without authorization from the Director of
                                             Information Technology, Privacy and Data Security or without obtaining a
                                             signed authorization form from the participant at issue.

         Employees and others    DP113.3     The organization will adhere to all applicable laws, regulations, policies, and
         with Access to PHI                  procedures and HIPAA requirements when maintaining, using, and disclosing PHI.
         Employees and others    DP113.5     PHI will always be classified as Privacy‐Restricted Information. See DP112 – DATA
         with Access to PHI                  CLASSIFICATION POLICY.






































































          GES CONFIDENTIAL                                                                                   51