R03-602 Confidentiality

A. A licensee shall develop, implement, and comply with policies and procedures that ensure the confidentiality and security of client records and client-related information is maintained and address that:

1. If maintained other than electronically, the client records and other written client-related information be stored in a locked container or area, or

2. If maintained electronically, the client records and other written client-related information be protected from unauthorized access, and

3. A staff member’s release and discussion of client-related information is conducted according to 42 CFR, Part 2 and the HIPAA of 1996.

Review policy and procedure manual 1. Verify that records are stored in a locked container or area. OR 2. Verify electronic files are protected from unauthorized access. 3. Verify in client records that information has not been released without a client release.

 

B. Licensee shall ensure that a current active client record is maintained for each client and:

1. Is protected at all times from loss, damage, or alteration,

2. Is confidential,

3. Is only released or disclosed as provided in:

a. 42 U.S.C. § 290dd-2 (Supplement V 2002), incorporated by reference, and including no future editions or amendments, available at www.access.gpo.gov/uscode/uscmain.html and from the U.S. Government Printing Office, Superintendent of Documents, P.O. Box 371954, Pittsburgh, PA 15250-7954, or

b. Another applicable federal or state law that authorizes release or disclosure, or

c. Accordance with written permission from the client and, if applicable, the client's parent, guardian, or designated representative, according to subsection (A),

Review policy and procedure manual.

 

C. A licensee shall ensure that written permission for release of a client record or information, as described in subsection (B)(3)(C) and (D), is obtained according to the following:

1. Before a client record or information is released or disclosed,

2. Is obtained in a language understood by the individual signing the written permission in subsection (D), and

3. Is maintained in the client record.

Review policy and procedure manual. Verify by reviewing releases in client file.

 

D. A licensee shall ensure that written permission for release of a client record or information shall include:

1. The name of the program or person disclosing the client record or information,

2. The purpose of the disclosure,

3. The individual, provider, program, or entity requesting or receiving the record or information,

4. A description of the client record or information to be released or disclosed,

5. A statement indicating client permission has been given and may be revoked at any time,

6. The date or condition when the permission expires,

7. The date the permission was signed, and

8. The signature of the client and, if applicable, the client’s parent, guardian, or designated representative.

Review program’s release of information form to verify the form contains all the elements in section R03-602 D 1-8.