Skip to Main Navigation
Skip to Main Content
The University of Texas at Dallas

HIPAA Privacy Manual

Section 15: Storage of PHI

UTD has a duty to protect the confidentiality and integrity of confidential medical information as required by law, professional ethics, and accreditation requirements. This policy defines the guidelines and procedures that must be followed for the storage of PHI.

  • Outside of regular working hours, UTD personnel must clean desks and working areas such that all PHI is properly secured, unless the immediate area can be secured from unauthorized access.
  • When PHI is being released through teleconference or video feed, UTD personnel must treat the protection of PHI is the same manner as PHI recorded on paper, thereby securing access to the teleconference or video to authorized personnel only.
  • PHI stored in medical equipment must be kept secure and disposed of according to Disposal of PHI.
  • When not in use, PHI must always be protected from unauthorized access. When left in an unattended room, such information must be appropriately secured.
  • If PHI is to be stored on the hard disk drive or other internal components of a personal computer or PDA (Personal Digital Assistant), it must be protected by either a password or encryption. Unless encrypted, when not in use, this media must be secured from unauthorized access.
  • If PHI is stored on diskettes, CD-ROM or other removable data storage media, it cannot be commingled with other electronic information.