FACILITIES & ENGINEERING SERVICES DEPARTMENT
POLICY & PROCEDURE
X Administrative Manual
X Computer Room Manual
Title: Protecting PHI During
Maintenance and Repairs
F&E.02.10.04 Facility Access Controls
To establish guidelines for maintenance, repairs and modifications to UWHC facilities when
related to the security of Protected Health Information (PHI).
In accordance with the standards set forth in the HIPAA Security Rule, Facilities & Engineering
Services is committed to supporting the confidentiality and availability of all PHI that UWHC
creates, receives, maintains, and/or transmits.
SEE ALSO: UWHC Administrative Policy 1.02 Access to Electronic Information Systems
UWHC Administrative Policy 9.11 Corrective Action for Non-Compliance with
Confidentiality of Protected Health Information
A. We recognize that information about patient care is ubiquitous in the hospital environment
and that encountering PHI may be unavoidable when performing maintenance and repairs.
B. In the case of digitally-stored PHI, it is the computer users’ responsibility to ensure the
security of accessed PHI during maintenance and repairs.
C. All Facilities & Engineering Services personnel will participate in compliance training at
New Employee Orientation and shall follow all related UWHC Administrative policies when
they encounter PHI.
D. We empower Facilities & Engineering Services personnel to report HIPPA violations
encountered in the work place to supervisory staff or UWHC Security.
E. We understand that access to electronic PHI and UWHC computer systems shall be
regulated by Information Services and Security and Facilities & Engineering Services
personnel shall not modify area security measures or compromise access to electronic PHI
without working with the area manager and Security.
F. In those instances where modifications are made to area security measures (i.e. changing
locks, walls or doors) or access to electronic PHI is temporarily compromised, Facilities &
Engineering Services personnel shall document those details in the notes of the
associated work order in the maintenance management system.
IV. References HIPAA COW
45 CFR §164.310(a)(1) – HIPAA Security Facility Access Controls
45 CFR §164.310(a)(2)(iv) –HIPAA Security Rule Maintenance Records
V. Coordination: Continual Readiness Committee
UWHC Security Director
UWHC Information Services Director
Director, Facilities & Engineering Services