University of Minnesota Duluth
MyU | Search | People | Departments | Events | News


Department of Communication Sciences & Disorders

Privacy and Confidentiality


Protecting Client Privacy is Everyone's Responsibility.

As part of your educational experience in the University of Minnesota Duluth Communication Sciences and Disorders (CSD) program, you may be permitted access to protected health information for educational purposes. You have a personal responsibility to safeguard the privacy and confidentiality of private healht information as required by the University of Minnesota and the ASHA Code of Ethics.

The client-clinician relationship is based on trust. When protecting the confidentiality of a client´s health information, students and clinic instructors are expected to abide by:

You may only access or view private health information or medical records about clients specifically assigned as part of your education. You are not authorized by the University of Minnesota to access, use, disclose, or share private health information in any format for any purpose not directly associated with your educational program at the University.

A student intern or clinical instructor must not reveal to unauthorized persons any private health information obtained from the individual s/he serves professionally without that person´s permission.

  • It is inappropriate to discuss clients anywhere outside of the Department of Communication Sciences and Disorders.
  • It is inappropriate to discuss clients with any person who is not on a "need to know" basis regarding the client´s care.


Complete the University of Minnesota Privacy Training.

Before having contact with clients, students are required to complete the University of Minnesota Privacy and Data Security on-line training modules. 

Initial courses are assigned to students through the Clinic Director. Students complete the on-line courses 1,2,3,and 6.  Students then provide a record of completion to the CSD Department. 

Instructions to access assigned courses

Subsequent "refresher courses" may assigned through the University of Minnesota Office of Privacy and Security.

Print Client-Related Documents on the Fileroom Computer designated for this purpose.

The Pay-to-Print lab printer is not secure.  Do not use it for printing any documents containing Protected Health Information.


No Private Information in Emails.

Email: Email is not considered a secure means of communicating about a client or to a client. It is not acceptable to communicate about a client using private health information in your correspondence to other individuals. This restriction includes banning use of private health information in correspondence with clinic instructors.

At times a client or guardian may wish to use email as a means of information exchange. If that is the case, interns and instructors must notify the client/guardian of the risks of email correspondence, must get permission, and must save all correspondence in the client chart, in accordance with the following University of Minnesota Policy: HIPAA Provider/Patient email Communication Working Procedure. (last update: January 6, 2014).

The client should be presented with the Guidelines and Consent for Email Correspondence.  The signed form should be submitted to the clinic office for filing BEFORE email correspondence commences.  Interns should talk with their instructors before any email correspondence occurs.


De-identification of clinic documents for assignments.

Before you can use a client document in CSD courses  please clear any Protected Health Information (PHI) from your document and submit it to your ciinic instructor for review.

You are responsible for following the federal laws regarding protection of private health information.  Failure to do so can lead to University of Minnesota sanctions.

Checklist for De-Identifying Health Information:

  • Name(s) of client, parents, care providers, other health professionals, etc.

  • All geographic subdivisions smaller than a state (business, street address, city, county, precinct) Note: zip code or equivalents must be removed, but can retain first 3 digits if the geographic unit to which the zip code applies if the zip code area contains more than 20,000 people.

  • For dates directly related to the individual, all elements of dates, except year (date of birth, admission date, discharge date, date of death).

  • All ages over 89 or dates indicating such an age, except that you may have an aggregate category of individuals 90 and older.

  • Telephone number

  • Fax number

  • Email address

  • Social security number

  • Medical record number

  • Health plan number

  • Account numbers

  • Certificate or license numbers

  • Vehicle identification/serial numbers, including license plate numbers

  • Device identification/serial numbers

  • Universal resource locators

  • Internet protocol addresses

  • Biometric identifiers, including finger and voice prints

  • Full face photographs and comparable images

  • Any other unique identifying number, characteristic or code


Report Suspected Breaches of Confidentiality.

You are required by University policy to report any suspected or known breach of privacy to the CSD Clinic Director.

Privacy Procedures for the Robert F. Pierce Speech-Language-Hearing Clinic

The Robert F. Pierce Speech-Language-Hearing Clinic in the Department of Communication Disorders at the University of Minnesota Duluth adheres to privacy guidelines established by the University of Minnesota.

A. Definitions:

1. Private health information includes:

  • Any individually identifying information (name, address, telephone or email contact).
  • Information about the clinical case, including history, test results, diagnosis, treatment plan, recommendations, and other pertinent details related to case service delivery.

This information may not be released to unauthorized users in any form (e.g., orally, in written form, or electronically) without a signed formal written consent (Consent to Release Private Data).

2. Authorized access toprivate health information is granted to:

  • Departmental Clinical Supervisors and Faculty
  • Departmental Graduate and Undergraduate Student Interns working with a client
  • Departmental Undergraduate students assigned to observations for course requirements
  • Departmental Faculty consulting with a supervisor or student on a specific case
  • Departmental support staff assisting with clinical administration or record keeping (e.g., reception staff, practicum student assistant)
  • Contracted professionals to provide clinical services under grant projects

3. Unauthorized access:

  • External supervisors or providers not a part of our department. These parties may only have access to this information with signed formal written consent (Consent To Release Private Data).
  • Casual parties (roommates, family, friends, and co-workers)

B. Implementation Strategies:

1. Every client who attends the RFP Clinic will sign a Release for Clinical Education Purposes at the time of the first visit. This release expires 10 years from the date of signature. Individuals who are not willing to sign this release may not be seen for services in this clinic. Clients may contact the clinical supervisor or the Clinic Director for more information or questions about this policy.

2. All private health information for all clients who attend RFP Clinic will be secured by faculty, staff, and students in the Department of Communication Disorders.

  • No PHI and no original clinical records (test forms, raw data, videos, protocols, reports) or folders may leave the Department.
  • Records containing private health information must always be kept secure in the personal possession of the authorized user, or in a supervisor's office or a central clinical filing cabinet in a locked space. In nonpublic areas (e.g., filing cabinets, schedule books, billing records, etc.), every faculty, staff, and student must secure records that contain private health information (e.g., locked storage, password protected computer files shared networks).
  • All clinical reports must be generated with CSD Department Lab computers on the designated clinic shared network using strong passwords that will change yearly. When clinical reports are printed, they must be removed promptly from the printer and never be left unattended.
  • Do not store private health informationon hard drives.

3. Assign and use a clinical code to prevent unauthorized access toprivate health information.

  • Students may take copies of de-identified case-related paperwork (e.g. daily treatment plans) to other study areas or to their home to work on them, but they should never include discernable identifying information.
  • Students and supervisors also rely on electronic communications for case-related planning, feedback and paperwork. All communications should be de-identified.  Email should be avoided.
  • De-identify all case-related paperwork leaving the Department or being left in unsecured places such as unsecured department mailboxes, (chart notes, daily tx plans, feedback regarding sessions, including e-communications)

4. Prevent unauthorized access toprivate health information(verbal, written, or electronic) by maintaining case confidentiality.

  • Remove individual identifiers from all public areas, including reception areas, clinical suites, offices, and student rooms.
  • Discussions about specific aspects of a clinical case are permissible as long as no identifying information is released to unauthorized users.
  • Be mindful of departmental settings that are vulnerable for breach of confidentiality, including the observation room, student workrooms, waiting areas, hallways, public copy machine, your backpack, and space outside the clinic rooms.
  • Do not make verbal remarks about the client or related clinical information in the presence of anyone other than an authorized user.

5. If a privacy is violated, notify the clinic instructor and the director of the RFP Clinic. The CSD Department will work together with the client and the university to remediate any breach as efficiently as possible.

6. Students in the CSD Program will complete privacy training in preparation for completing internships. This training will take the form of on-line courses, class discussions, and assessment.  Students will complete the following on-line Privacy Training courses:

Course 1.        Data Security in Your Job
Course 2.        Securing Your Computer Workstation
Course 3.        Using University Data
Course 6.        Essentials for Managing Health Data

University workforce members and student with access to Private Information must complete the University-directed Privacy training as assigned by the University of Minnesota. Assignment of courses to workforce members comes throught the CEHSP Privacy Coordinator in the Dean's Office. 




CSD current
© 2015 University of Minnesota Duluth
The University of Minnesota is an equal opportunity educator and employer.
Last modified on 04/07/15 10:09 AM
University of Minnesota Campuses
Crookston | Duluth | Morris
Rochester | Twin Cities | Other Locations