PURPOSE: To provide guidance regarding each individual's responsibility to identifiable patient (resident) information. This policy intentional breech of patient confidentiality, including oral, written and electronic communication. This definition will safeguard patient privacy and help minimize exposure and/or liability to individuals and facilities. Each individual is responsible for adhering to this policy by using the minimum information necessary to perform his or her responsibilities, regardless of the extent of access provided or available.

POLICY: Only individuals with a legitimate "need to know" may access, use, or disclose patient information. This includes all activities related to treatment, payment and health care operations on behalf of Eyecare Professionals. Each individual may only access, use or disclose the minimum necessary information to perform hi or her designated role regardless of the extent of access provided to him or her.

• Definition: For the purpose of this policy, protected health information means any individually identifiable health information collected or stored by Eyecare Professionals. Individually identifiable health information includes demographic information and any information that relates to past, present or future physical or mental condition of an individual.
  
  
• Patient (resident) privacy will be supported through authorization, access and audit controls should be implemented for all systems that contain identifying patient information. Within the permitted access, an individual system or health record user is only to access what they need to perform their job.
  
• Each individual is responsible for compliance with the Patient (Resident) Privacy policy.
  
• Enforcement will be consistent with Eyecare Professional's Code of Conduct and human resource policies and procedures.