The University of Oklahoma Health Sciences College of Dentistry Handbook 2023-2024 5.7.3.1

6.1.2 - Academics and Safeguarding PHI

Updated: 2/16/2024
  • PHI in the Classroom
    • Remove all patient identifiers from materials OR
    • Obtain patient authorization to use PHI (Authorization for Release/Use of Protected Health Information) OR
    • Use commercially-available slides
    • Do not take photos of instructors’ PowerPoint presentations
  • Workforce members are responsible for the PHI they create, collect, store, and send
    • Photos: Do not take photos of patients using your cell phone
    • Flash drives: MUST be encrypted before being utilized for storing any PHI (including photos and x-rays)
    • Portable Computing Devices (e.g., laptops, smartphones, tablets, flash drives) and Desktops: Workforce members must use extreme caution when using Portable Computing Devices and desktop computers to store PHI. PHI should not be stored on Portable Computing Devices and desktop computers unless absolutely necessary; it should be stored on servers in a secure enterprise data center. Workforce members must follow the COD's Administrative, Physical, and Technical Procedures for Accessing PHI on Portable Computing Devices. If PHI is stored on such devices or computers, the device or computer must be encrypted according to HIPAA Security policies and applicable University policies. Portable Computing Devices must never be left unattended in unsecured places. The failure to take the above security precautions will be considered a violation of these Policies, subjecting the user to sanctions.
    • Personal Cell Phones: COD students are encouraged to contact patients using a phone located within the COD (see 5.2.5.1 COD Phones for Student Use). Calling a patient from a personal cell phone constitutes utilizing the phone for university business. Cell phones must be enrolled in Secure Mobile.
      • Patient contact numbers are considered PHI and must be kept secure.
  • The University and/or the individual who breaches HIPAA can be held liable
    • Student clinic suspension may be imposed
    • Fines may be imposed against the University and individuals
    • Individuals may be imprisoned for up to 10 years
  • Resource:

Return to top