HIPAA - PRIVACY POLICY
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Every time a patient sees a doctor or healthcare related person, a record is made of that person’s confidential health information. In the past, these records were physically sealed away in offices and file cabinets. In an attempt to save the health care industry money, HIPPA was enacted which encouraged electronic transactions. Consequently, new safeguards were required to protect the security and confidentiality of personal health information, as private information was no longer simply locked in a file cabinet. These safeguards are referred to as the Privacy Rule.
The HIPPA federal regulation created national standards to protect individuals’ personal health information, and gives patients increased access to their own medical records.
Protected health information is any and all individually identifiable health information (information that can be linked to a client) that is transmitted or maintained by a health care provider regardless of the form of that information (i.e. oral, written, audio tape, video tape, computerized, etc.) This information includes, but is not limited to, an individual’s past, present, and future health, health care, payment for health care, including demographic data, medical and psychological diagnoses and histories, medications, school records, financial records, etc.
There are five basic principles outlined in the Privacy Rule:
It gives patients more control over their health information
It sets boundaries on the use and release of health records
It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
It holds violators accountable with civil and criminal penalties that can be imposed if they violate patients’ privacy rights.
It strikes a balance when public responsibility requires disclosure of some forms of date – for example, to protect public health.
What does this mean for everyday practice?
In many ways, it is business as usual for SOUL CARE providers. It requires that we:
Obtain written authorization to release information about clients to other health professionals, or parties involved with a client’s well-being.
Provide clients with written information (Notice of Privacy Practices) on their privacy rights and how their information may potentially be used.
Be more conscientious of incidental use and disclosure of our clients person information (i.e. talking about clients personal information in a manner that cannot be overheard by others, ensuring that client information is kept secure in the office, that computers have passwords so that unintended users do not gain access to SOUL CARE client information).
Ensure that when disclosure is appropriate and authorized, that information be limited to the amount of information reasonable necessary to accomplish the purpose for which disclosure is sought – i.e. do not provide more information than is necessary for the situation.
Ensure that staff is limited to what is necessary to perform their specific job responsibilities.
Ensure that only authorized staff including the Clinical Director, your therapist and the designated Client Care Coordinator have access to client records. All Soul Care Staff, upon employment are trained in human rights and confidentiality and are required to sign a statement indicating that they have received and understand this training and that they agree to uphold the confidentiality of persons served.
Minimize access to information by locking confidential files in filing cabinets in locked record rooms, by creating passwords on computers that maintain personal information and prohibit unauthorized transport of records. When transport of records is required, records are kept in a locked trunk during transport.
Limit personal use and respecting the ownership of computers/software and other property of SOUL CARE .
The Privacy Rule also has many guidelines for electronic transactions and code set standards, as well as guidelines for marketing, fundraising, research, and other activities in which AFS does not participate.
Notice of Privacy Practices/Disclosure Statement
UNDERSTANDING YOUR HEALTH RECORD/INFORMATION:
As a client of SOUL CARE , a record of your health information is made. This record contains information including, but not limited to, any diagnoses, related symptoms, assessment and test results, treatment plans/goals, and eligibility information. This information, often referred to as your client record, serves as a basis for planning your care and treatment, and serves as a means of communication among the professionals on your treatment team who contribute to your care. Understanding what is in your record and how your health information is used to help ensure its accuracy, to better understand who, what, when, where and why others may utilize your health information, and helps you make more informed decisions when authorizing disclosure to others.
North Carolina Statues (A PSM 45-1) and Federal confidentiality rules (Health Insurance Portability and Accountability Act of 1996, Public Law 104-191) require that written consent be given by the client, or legally responsible party, when disclosing confidential information. However, regarding releasing information without a client’s consent, NC Statue (ASPM 45-1) states the following:
“An agency that maintains client information shall give written notice to the client or
client representative that disclosure may be made of pertinent information without his/her expressed authorizations in situations in which disclosure is in the best interest of the client or interest of public safety.”
While people are receiving supports and services from Soul Care PLLC there may be certain circumstances in which client’s confidential information may be shared without consent. This rarely occurs and would only occur in accordance with NC General Statue 122C-52-56, and only in unusual circumstances including:
1. Sharing information with the persons next of kin if it is determined that it is in their best interest;
2. Sharing information with advocates when it is determined that it is in the persons best interest;
3. Sharing information with law enforcement under certain circumstances and attorneys in certain court proceedings in accordance with NC General Statue 122C-54;
4. Sharing information to report child or adult abuse or neglect situations, and other situations involving abuse, neglect, or domestic violence.
5. Sharing information with the Food and Drug Administration, governmental functions (such as national security) and agencies administering public benefits;
6. Sharing information with a health oversight agency;
7. Sharing information with medical examiners, coroners, funeral directors or for organ donation purposes;
8. Sharing information in the case of imminent danger to a person served where their health or safety or the health or safety of another individual is in danger, or if there is a likelihood of a person served or someone else in their life committing a felony or violent misdemeanor;
9. Sharing information with a public health authority, a physician or other health care provider who is providing emergency medical services to a person served to the extent necessary to meet the emergency; and
10.Sharing information for certain required reporting. In the event that Soul Care PLLC has to share confidential information about a person served without consent Soul Care PLLC will explain the action and the circumstances to the person served or to someone who is legally responsible for that person as soon as possible. Soul Care PLLC will also document it in your service record.
YOUR HEALTH INFORMATION RIGHTS:
Although your health record is a physical property of SOUL CARE , the information belongs to you. You have the right to request a restriction on certain uses and disclosures of your information, via the Director/DESIGNEE of SOUL CARE is not required to agree to a requested restriction). This includes the right to obtain a paper copy of confidentiality policies upon request; to inspect and obtain a copy of your client record upon request; to obtain an account of disclosures of your health information; to request communications of your health information by alternative means or at alternative locations; to revoke your authorization to use or disclose health information except to the extent that action has already been taken.
OUR RESPONSIBILITIES:
SOUL CARE is required to maintain the privacy of your health information, and if requested, to provide you with a notice as to our legal duties and confidentiality practices with respect to information we collect and maintain about you. SOUL CARE is obligated by law to abide by the terms of this notice, to accommodate reasonable requests you may have to communicate client information by alternative means or at alternative locations, and to notify you if we are unable to agree to a requested restriction. SOUL CARE reserves the right to change confidentiality practices and to make subsequent new provisions effective for all confidential information we maintain. Should such practices changes, you will notified. SOUL CARE will not use or disclose confidential information without your authorization, except as described in this notice.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Every time a patient sees a doctor or healthcare related person, a record is made of that person’s confidential health information. In the past, these records were physically sealed away in offices and file cabinets. In an attempt to save the health care industry money, HIPPA was enacted which encouraged electronic transactions. Consequently, new safeguards were required to protect the security and confidentiality of personal health information, as private information was no longer simply locked in a file cabinet. These safeguards are referred to as the Privacy Rule.
The HIPPA federal regulation created national standards to protect individuals’ personal health information, and gives patients increased access to their own medical records.
Protected health information is any and all individually identifiable health information (information that can be linked to a client) that is transmitted or maintained by a health care provider regardless of the form of that information (i.e. oral, written, audio tape, video tape, computerized, etc.) This information includes, but is not limited to, an individual’s past, present, and future health, health care, payment for health care, including demographic data, medical and psychological diagnoses and histories, medications, school records, financial records, etc.
There are five basic principles outlined in the Privacy Rule:
It gives patients more control over their health information
It sets boundaries on the use and release of health records
It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
It holds violators accountable with civil and criminal penalties that can be imposed if they violate patients’ privacy rights.
It strikes a balance when public responsibility requires disclosure of some forms of date – for example, to protect public health.
What does this mean for everyday practice?
In many ways, it is business as usual for SOUL CARE providers. It requires that we:
Obtain written authorization to release information about clients to other health professionals, or parties involved with a client’s well-being.
Provide clients with written information (Notice of Privacy Practices) on their privacy rights and how their information may potentially be used.
Be more conscientious of incidental use and disclosure of our clients person information (i.e. talking about clients personal information in a manner that cannot be overheard by others, ensuring that client information is kept secure in the office, that computers have passwords so that unintended users do not gain access to SOUL CARE client information).
Ensure that when disclosure is appropriate and authorized, that information be limited to the amount of information reasonable necessary to accomplish the purpose for which disclosure is sought – i.e. do not provide more information than is necessary for the situation.
Ensure that staff is limited to what is necessary to perform their specific job responsibilities.
Ensure that only authorized staff including the Clinical Director, your therapist and the designated Client Care Coordinator have access to client records. All Soul Care Staff, upon employment are trained in human rights and confidentiality and are required to sign a statement indicating that they have received and understand this training and that they agree to uphold the confidentiality of persons served.
Minimize access to information by locking confidential files in filing cabinets in locked record rooms, by creating passwords on computers that maintain personal information and prohibit unauthorized transport of records. When transport of records is required, records are kept in a locked trunk during transport.
Limit personal use and respecting the ownership of computers/software and other property of SOUL CARE .
The Privacy Rule also has many guidelines for electronic transactions and code set standards, as well as guidelines for marketing, fundraising, research, and other activities in which AFS does not participate.
Notice of Privacy Practices/Disclosure Statement
UNDERSTANDING YOUR HEALTH RECORD/INFORMATION:
As a client of SOUL CARE , a record of your health information is made. This record contains information including, but not limited to, any diagnoses, related symptoms, assessment and test results, treatment plans/goals, and eligibility information. This information, often referred to as your client record, serves as a basis for planning your care and treatment, and serves as a means of communication among the professionals on your treatment team who contribute to your care. Understanding what is in your record and how your health information is used to help ensure its accuracy, to better understand who, what, when, where and why others may utilize your health information, and helps you make more informed decisions when authorizing disclosure to others.
North Carolina Statues (A PSM 45-1) and Federal confidentiality rules (Health Insurance Portability and Accountability Act of 1996, Public Law 104-191) require that written consent be given by the client, or legally responsible party, when disclosing confidential information. However, regarding releasing information without a client’s consent, NC Statue (ASPM 45-1) states the following:
“An agency that maintains client information shall give written notice to the client or
client representative that disclosure may be made of pertinent information without his/her expressed authorizations in situations in which disclosure is in the best interest of the client or interest of public safety.”
While people are receiving supports and services from Soul Care PLLC there may be certain circumstances in which client’s confidential information may be shared without consent. This rarely occurs and would only occur in accordance with NC General Statue 122C-52-56, and only in unusual circumstances including:
1. Sharing information with the persons next of kin if it is determined that it is in their best interest;
2. Sharing information with advocates when it is determined that it is in the persons best interest;
3. Sharing information with law enforcement under certain circumstances and attorneys in certain court proceedings in accordance with NC General Statue 122C-54;
4. Sharing information to report child or adult abuse or neglect situations, and other situations involving abuse, neglect, or domestic violence.
5. Sharing information with the Food and Drug Administration, governmental functions (such as national security) and agencies administering public benefits;
6. Sharing information with a health oversight agency;
7. Sharing information with medical examiners, coroners, funeral directors or for organ donation purposes;
8. Sharing information in the case of imminent danger to a person served where their health or safety or the health or safety of another individual is in danger, or if there is a likelihood of a person served or someone else in their life committing a felony or violent misdemeanor;
9. Sharing information with a public health authority, a physician or other health care provider who is providing emergency medical services to a person served to the extent necessary to meet the emergency; and
10.Sharing information for certain required reporting. In the event that Soul Care PLLC has to share confidential information about a person served without consent Soul Care PLLC will explain the action and the circumstances to the person served or to someone who is legally responsible for that person as soon as possible. Soul Care PLLC will also document it in your service record.
YOUR HEALTH INFORMATION RIGHTS:
Although your health record is a physical property of SOUL CARE , the information belongs to you. You have the right to request a restriction on certain uses and disclosures of your information, via the Director/DESIGNEE of SOUL CARE is not required to agree to a requested restriction). This includes the right to obtain a paper copy of confidentiality policies upon request; to inspect and obtain a copy of your client record upon request; to obtain an account of disclosures of your health information; to request communications of your health information by alternative means or at alternative locations; to revoke your authorization to use or disclose health information except to the extent that action has already been taken.
OUR RESPONSIBILITIES:
SOUL CARE is required to maintain the privacy of your health information, and if requested, to provide you with a notice as to our legal duties and confidentiality practices with respect to information we collect and maintain about you. SOUL CARE is obligated by law to abide by the terms of this notice, to accommodate reasonable requests you may have to communicate client information by alternative means or at alternative locations, and to notify you if we are unable to agree to a requested restriction. SOUL CARE reserves the right to change confidentiality practices and to make subsequent new provisions effective for all confidential information we maintain. Should such practices changes, you will notified. SOUL CARE will not use or disclose confidential information without your authorization, except as described in this notice.