Please know that you are responsible for maintaining the confidentiality of any images that contain Protected Health Information (PHI).
PHI is any information which was created, used, or disclosed in the course of providing a health care service and can be used to identify a patient. This includes images. PHI is protected under HIPAA and all students, faculty, & staff who come into contact with Protected Health Information are obligated to follow HIPAA compliance guidelines regarding how to avoid disclosing it in order meet the requirements of the law.
In order for health data to be considered PHI and regulated by HIPAA it needs to be two things:
Types of PHI include:
OHSU employee and student information is not considered PHI. However, a HIPAA authorization form must be obtained before PHI is disclosed and media release forms are required to use OHSU member information. It is the responsibility of the individual uploading images to the DAM to ensure that proper permissions have been granted to use images of OHSU employees and students, including media release authorization for OHSU staff and students and HIPAA authorization for the use of PHI.