Students are expected to know and practice data and information security measures when using agency computers or private computers with access to agency data on or off-campus. These measures include, but are not limited to:
- maintaining strong confidential passwords,
- ensuring that computers are password protected and those passwords are changed at least once a semester,
- logging off computer when finished,
- not sharing computer with others once logged into the confidential system,
- ensuring that only those who have a right to know have access to the information,
- immediately reporting any breach in security, including lost or stolen computers, to instructor and appropriate facility staff.
Students may be required to complete computer security training courses prior to or during clinical setting placements.
Students receive training regarding patient confidentiality and are required to comply with the letter and spirit of the Health Information Portability and Accountability Act (HIPAA) at all times. Students should not discuss in any public forum (including public spaces such as elevators, hallways, cafeterias or electronic forums such as blogs or any social media such as Facebook or Twitter) client information or anything occurring in the clinical setting having to do with patients, even if names/clinical sites/treating practitioners, etc. are omitted. Students should refrain from leaving the clinical site with identifying information such as patient stickers, census sheets, etc. Students should monitor with the utmost care any written statements about patients, whether in a personal journal or in the context of classroom assignments such as clinical logs or reports. When stored in the form of data, such as saved assignments on a computer, portable drive, or disk, the student takes full responsibility for the security of this data. Students are strongly advised to protect such data with passwords and the School requests students to leave computers, portable drives or disks bearing any patient information at home. Names and personally identifying information are not to be used in any written assignment or data collection.
Students may not, under any circumstances, utilize their access to electronic medical records through the School of Nursing to directly or utilize a third party to look up medical records belonging to themselves, friends, family, or significant others as this is a violation of the HIPAA laws. Students must go through the proper channels of the individual agencies to obtain personal medical records.
Failure to maintain the security of agency computer systems, and failure to maintain patient confidentiality in any forum is considered a breach of professional and ethical standards and will be reported to the School of Nursing Recruitment, Admissions and Progression Committee. This may result in dismissal from the School of Nursing.