Do you need to use clinic equipment as part of your research? If so, for security reasons, we must document access to the equipment, provide unique user identifications and passwords, and give a short training on proper equipment use. Whether you already have access to the equipment as a clinician or not, there is an easy procedure to follow to request permission to use clinic equipment under an IRB-approved research protocol. The new procedure mirrors the procedure to request access to Compulink for research. In addition to this procedure, researchers are reminded that use of the equipment for research is superseded by its use for clinic. If you need to see subjects during clinic hours, call Deanna Hecoax (2-1445) first. The procedure is outlined in a document (“Procedure – research access to clinic special testing equipment”) saved in the Research folder on the I drive. Contact Greg Nixon with questions.

Compulink terminals have default printer settings to direct print jobs to printing units in secured areas, like keycard protected consultation rooms or designated staff-only work areas. On occasion, those default settings can be disrupted, resulting in clinic print jobs showing up on printers in unrestricted areas. This creates a risk for a privacy breach by exposing PHI to unauthorized individuals. To mitigate this risk, please check the destination of the print job as listed in the print pop-up box prior to executing a print job from Compulink.

Annual renewal of current HIPAA standards and regulations is required for all faculty, staff, and students within the college to meet federal compliance measures. Updates to this year’s university training course are currently being finalized. Look for an upcoming email later this month detailing the process for accessing and completing your training in BuckeyeLearn by the October 1st deadline.

Kudos to Deanna Hecoax for turning her HIPAA training into action. After leaving work one day, she discovered some loose pieces of paper outside Fry Hall that contained a list patient names with PHI. This list was promptly given to our Privacy Officer, Cathy Beatty, who reported it to university officials. It was discovered this list was from another department within the OSU health system. Deanna’s actions resulted in that information not falling into the wrong hands and for the appropriate sanctioning procedures to occur within the affected department.

We have always highlighted Cathy Beatty, our HIPAA Privacy Officer, and Geoff Wiggins, our HIPAA Security Officer, as your onsite resources to report any concerns relative to a potential breach of HIPAA compliance. The university also has a resource allowing anonymous and confidential reporting of any unethical or inappropriate activities or behavior in violation of OSU policies, including those that may relate to HIPAA. Call 1-866-294-9350 or click https://secure.ethicspoint.com/domain/media/en/gui/7689/index.html to access the anonymous system.

Health and Human Services (HHS) Overview for Professionals: http://www.hhs.gov/hipaa/for-professionals/index.html

Frequently asked questions: https://www.hhs.gov/hipaa/for-professionals/faq