Privacy

Keeping Information Safe

BJC Confidentiality Agreement: You signed this when you were admitted. It means you promised to keep GSON and BJC information confidential.
HIPAA Compliance (The Patient Privacy Law):
- You'll get specific HIPAA training before you access systems with real patient data (like EPIC).
- WHAT YOU MUST NEVER DO:
  - NEVER copy, print, download, photograph, screenshot, share, or remove patient information (PHI) from approved systems or clinical areas unless specifically required and permitted for direct patient care or your assigned schoolwork.
  - NEVER discuss patient information inappropriately (e.g., in hallways, on social media, with friends/family).
  - ONLY access patient information when you absolutely need it for your assigned patient care or specific academic task.
- We're Watching: All access to patient records in EPIC and other systems is tracked and audited.
- Consequences are SERIOUS: Breaking HIPAA or confidentiality rules can lead to:
  - Disciplinary action from Goldfarb (up to being dismissed from the school).
  - Potential fines and even criminal charges under federal law.
College Monitoring: BJC can monitor activity on its network and systems (including email) to keep things secure, investigate rule violations, or comply with legal requests. Don't expect privacy when using College systems. Using them means you agree to this monitoring.
Sending Info Securely:

Regular email (even your GSON Outlook) is NOT secure enough for sending patient information (PHI) or other highly sensitive data.
NEVER email PHI. Follow instructions from faculty or clinical sites on how to share sensitive information securely.