Privacy

There are several federal and state regulations that establish requirements for the protection of privacy and security of patient information. Many of our privacy and security requirements originate from the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). These laws have established the framework for “covered entities” such as RUMC that govern the processing, storage, use and release of the “protected health information” of our patients. The privacy of student records is governed under a law known as the Family Educational Rights and Privacy Act (FERPA). There are expectations made for all of us in terms of the information that we encounter or have access to. Some of these expectations include:

• Only access records that you may be assigned to as a student for approved purposes under your academic program of study.

• Use or disclose information only for its intended purposes and limit use and disclosure to what is the “minimum necessary.”

• Use only approved secure communications when sending information electronically and do not auto forward email or store sensitive information on personal devices.

• Provide notice of any known or suspected information privacy incidents.

• Exercise reasonable caution to protect information under your control.

• Understand and follow Rush privacy and security policies.

• Try to remedy any privacy or security problems; discuss the issue with your faculty advisor supervisor/manager and report issues to the Student Complaint Portal at 833-625-3778 (833-MAKERPT) or https://rushstudentcomplaint.ethicspoint.com