All patient medical information is confidential, whether in paper or electronic records. Patient consent is required to release information, and access is limited to medical staff with a need to know. All employees accessing electronic records must sign an annual confidentiality agreement outlining penalties for unauthorized disclosure and are assigned unique logins. Computer terminals must not be left unattended while online, and screens should be shielded to protect confidential data from others. Printouts must be shredded after use.

2. PATIENT CONFIDENTIALITY
• The requirement of confidentiality for a patient's medical
information applies to all records, whether or not
computerized
• Patient's medical information may not be released
without the patient's written consent
• Access to, and disclosure of, information only given to
medical staff and other members of the health care team
who have a legally-recognized "need to know."(Brown &
Paine, 1992)

3. CONFIDENTIALITY AGREEMENT
• All employees whose work assignments involve access
to computerized medical records will sign a
confidentiality agreement annually
• Agreement will outline penalties for unauthorized
disclosure
• Each employee will have a unique ID and password to log
into the electronic medical record database which allows
monitoring of record access

4. COMPUTER PROTOCOL
• Do not leave computer terminals unattended
while online
• Use computer screen shields when accessing
confidential data to protect it from un-cleared
personnel
• Paper printouts should be treated with care and
must be shredded after use

5. REFERENCE
Brown, L. C., & Paine, S. J. (1992). Computerized patient records - CPR and
the law: Plan now. Health Systems Review, 25(6), 28. Retrieved from
http://search.proquest.com/docview/218527458?accountid=32521