Privacy Policy
PURPOSE:
To effectively and efficiently preserve and maintain the privacy and confidentiality of patient, staff and business entity information in compliance with applicable laws, regulations and standards.
DEFINITIONS:
-
Privacy: An individual’s right to limit disclosure of personal information.
-
Confidentiality: The safekeeping of data/information so as to restrict access to individuals who have need, reason and permission for such access.
-
Protected Health Information: Health information that contains information such that an individual person can be identified as the subject of that information.
POLICY:
-
Confidentiality of data and information within Agency applies across all systems and automated, paper and verbal communications, as well as to clinical/service, financial and business records and employee-specific information.
-
All new employees shall receive instructions about Agency’s Privacy and Confidentiality of Information policy and procedure during orientation.
-
Significant changes to Agency’s Privacy and Confidentiality of Information policy are communicated to staff members, including contracted personnel, in verbal and written formats. These formats include inservice programs, staff meetings, memos, e-mails, etc. Receipt of the information by staff members is documented by staff signatures (may include electronic signatures) and retained by the Agency.
-
All patients' personal and health information and billing data is considered confidential and will be disclosed at the direction of Administration only when authorized to do so by the patient or his/her legal representative, when required by law or on a "need to know" basis as necessary to carry out the day to day business activities.
-
Patient information designated as “sensitive”, i.e., psychotherapy notes, HIV/AIDS diagnosis, will be disclosed at the direction of Administration only when authorized to do so by the patient or his/her legal representative, in response to a court order or when required to provide care, treatment or services.
-
All employees' personal data, personnel records, work related information and pay records are considered confidential to be disclosed at the direction of Administration only when authorized to do so by the employee or the employee's legal representative, when required to do so by law or on a "need to know" basis as necessary to carry out day-to-day business activities.
-
All Agency business records and/or dealings are considered confidential to be disclosed only when authorized to do so by Administration when required to do so by law, or on a "need to know" basis as necessary to carry out day-to-day business activities.
-
Home care medical records, personnel records, computerized data systems and billing records shall be protected from loss, alteration, unauthorized use or damage and stored in a locked, secure location.
-
Computer files are password protected against unauthorized use, alteration or damage.
-
Passwords are not to be shared and are not to be displayed. Passwords are changed periodically at the discretion of Administration.
-
Patient, employee and company privacy is protected during performance improvement activities.
-
Information regarding patients shall not be displayed in areas that are available to the public and/or unauthorized personnel.
-
All staff shall limit discussions of patient care, treatment and services to appropriate personnel within Agency and/or pertinent individuals under contract who have legitimate needs for accessibility of the information for delivery of care, treatment or services, effective functioning of the organization, research and/or education.
PROCEDURE:
-
Director of Patient Care Services or the Administrator will review all requests for information to determine whether the request will be honored.
-
Access to information and records, including computer access, is determined by the requesting individual's "need to know” as follows:
-
Professional and field personnel directly involved in providing care and/or services to the patient are permitted access to the patient's medical records.
-
Operational and professional Agency personnel, who require access to patient records, employee records or Agency records in order to accomplish their day-to-day tasks, are permitted access to needed records.
-
Telephone requests for employee or patient information are referred to the Director of nursing Services or the Administrator.
-
Requests for disclosure of patient information to reimbursement organizations, healthcare organizations, physicians, licensing and/or accrediting agencies require a completed and signed consent form and are referred to the Director of Nursing Services or the Administrator.
-
Consents or Release of Information Signatures:
-
Must be the original signature of the patient or employee.
-
May be the signature of the legal representative if the subject has a court appointed guardian.
-
May be a legally authorized representative of the patient or employee.
-
May be the signature of a family member if the patient is unable to sign. If signed by a family member the signature should be witnessed and the reason for the patient's inability to sign documented.
-
If the validity of a signature is questioned, Agency has the right to require a notarized signature.
Safeguarding of Records:
-
Original paper or computer patient medical records, personnel files, payroll records and billing records shall be filed and shall not be removed from the site of origin except by court order or for transfer to and from storage facilities or other authorized sites as needed to accomplish the day-to-day business of the Agency upon direction of Administration.
-
Records should not be left in unattended areas accessible to unauthorized individuals.
-
Records shall be stored in a manner that minimizes the possibility of damage from wind, fire and water.
-
Back-up copies of computer records shall be maintained as necessary to maintain the integrity of the system.
-
Records may be photocopied by authorized employees as necessary to accomplish the day-to-day business of the organization. Clerical and professional personnel may copy documents when authorized to do so as outlined below:
Document(s)
Medical Records or parts thereof: Administrator, Alternate Administrator, Director of Nursing, Alternate Director of Nursing.
Personnel Records or parts thereof: Administrator, Alternate Administrator, Director of Nursing, Alternate Director of Nursing.
Billing Records: Administrator, Director of Nursing.
Payroll Records: Administrator