Importance of Confidentiality

Throughout your field training, and especially when you are completing forms and reports, you need to be mindful of confidential information—including patients’ personal or protected health information (PHI)—that you may have access to during your field training. 

Whenever discussing or documenting your field training, ‘de-identify’ or remove all elements that could be used to identify an individual. If a field training site has specific policies related to protected health information and confidentiality, it’s expected that students will be trained in these policies at the field training site.

Protected Health Information and Confidentiality

At all times students and faculty members are subject to the supervision of the Affiliate and are considered part of the Affiliate’s workforce only for purposes of access to and disclosure of protected health information (“PHI”) as defined by 45 CFR 164.501.

Students and faculty must comply with all rules applicable to both students and faculty while at the Affiliate’s facility, and failure to comply shall constitute a cause for terminating a student’s assignment to or a faculty member’s relationship with the Affiliate. Students and faculty members shall respect the confidential nature of all information that they have access to in accordance with the policies and procedures of the University and the Affiliate.

The University and Affiliate acknowledge that students and faculty may use patients’ personal health information for educational purposes at the Affiliate and as permitted by the Health Insurance Portability and Accountability Act (HIPAA). Information removed from the Affiliate for educational use must be appropriately de-identified as that term is defined in 164.514. Information removed for other purposes as permitted by HIPAA must be removed in a manner approved in writing by the Affiliate prior to removal. Identifiable information removed as permitted by HIPAA may not be used beyond the original purpose unless appropriately de-identified as that term is defined in 45 CFR 164.514. Identifiable information as removed by HIPAA must be destroyed or rendered de-identifiable as soon as practicable once the original purpose for the removal has been satisfied.