This has been adapted for public access. To see the original story, written and published by UCSF Privacy Office on January 24, 2023, visit UCSF Privacy Office online, MyAccess required.
Whether you work with patients, employees, students, research, or with other confidential information, always follow these Do's and Don’ts to ensure you handle UCSF confidential information with care and in accordance with all applicable laws and UCSF policies.
Examples of confidential employee and University business information include UCSF-approvedhome address, telephone number, medical information, date of birth, citizenship, social security number, spouse/partner/relative names, income tax withholding data, performance evaluations, proprietary/trade secret information, and peer review/risk management information and activities. Additionally, most information in student records is considered confidential.
Do’s |
|---|
| The “Fundamentals” | - Access, collect, and share confidential information only for a valid business purpose (e.g. patient care or operations).
- Access, collect, and share only the minimum necessary information to perform the task.
|
| Sharing Information | - Verify you’re sharing the correct and intended information before sharing.
- Check each page of a document.
- Ask yourself if all recipients have a need to receive the information.
- Verify contact information, including addresses and fax numbers, before sending any confidential information.
|
| Sharing Information (Email) | - Double-check recipient email addresses before sending.
- Always use Secure Email(link is external)when sending PHI or any other confidential information to an external recipient.
- When using Secure Email,never include PHI or any other Restricted information in the subject line.
- Be extra cautious when using ‘reply all.’
- Be extra, extra cautious with the Outlook auto-populate feature.
- To clear your entire Outlook autocomplete list, go to File ->Options ->Mail. On the Mail screen you’ll see an option to turn on/off autocomplete, or clear the entire list.
- To delete individual email addresses, begin typing the recipient’s name into a new message and click the ‘X’ next to their name when it appears in the autocomplete list.
|
| Storing Information | |
| Disposing Information | - Dispose of papers containing PHI or other UCSF confidential information using only cross-cut shredders or UCSF secure disposal bins.
|
| Computers, Smartphones, and Other Devices | - Log out of systems when you are done using them.
- Lock your computer when you step away, even if just for a moment.
- Windows+L on Windows
- Ctrl+Command+Q on a Mac
- Use only encrypted UCSF devices to perform UCSF business.
- If you must use apersonally owned device for UCSF business, you must comply with the UCSF Minimum Security Standards.
- Among other requirements, you must encrypt your personal device(link is external) if you will use it for UCSF business.
- Keep devices (and papers) with any UCSF confidential information on your person when in public.
|
Don'ts |
|---|
- Do not access confidential records (patient, employee or student) out of curiosity, for personal reasons, or any other reason unrelated to UCSF patient care or a business need.
- Do not share PHI or any other UCSF confidential information with anyone not authorized to receive it.
- Do not share UCSF confidential information, including PHI, on social media without prior authorization, even if your account is set to “private.”
- Do not use 3rd party email services (e.g. gmail) for UCSF business.
- Do not store any UCSF confidential information on any device not encrypted and approved for use by UCSF IT.
- Do not store any UCSF confidential information in any cloud-based service not approved by UCSF IT.
- Do not leave your computer logged in when you step away, even if just for a moment.
- Do not let others use your computer while logged in with your username.
- Do not share your passwords with anyone.
- Do not leave your laptop or other devices with PHI or any other UCSF confidential information anywhere in an unattended vehicle.
- Do not take hardcopy PHI or other hardcopy UCSF confidential information off-site unless it is absolutely necessary.
- Do not dispose of papers with confidential information (e.g., PHI, personal information, HR data, financial data) into regular trash or recycle bins.
|
Download the UCSF Documents and Media January Zoom background to spread the word about privacy do's and don'ts.
Do's and don’ts to ensure you handle UCSF confidential information with care and in accordance with all applicable laws and UCSF policies.
