HIPAA Notice

HIPAA

NOTICE OF PRIVACY POLICY AND MANAGEMENT AND PROTECTION OF PERSONAL HEALTH INFORMATION

 
PURPOSE: This policy establishes a uniform process for disseminating privacy standards and policies required by the Health Insurance Portability and Accountability Act (HIPAA) regulations within the Department of Children and Families.
 
SCOPE: This policy applies to all employees and volunteers of CCA. References:

a. Health Insurance Portability and Accountability Act of 1996 (HIPAA).
b. Title 45 C.F.R. Subparts 160, 162 and 164, Security and Privacy of Individually Identifiable Health Information.
 

POLICY

• This policy is developed in accordance with the Privacy Standards for Individually Identifiable Health Information in federal regulations promulgated pursuant to a HIPAA requirement to maintain the process, in writing, that designates to whom, how, and when the Notice of Privacy Policy and Management and Protection of Personal Health Information Policy will be distributed.

• HIPAA requires CCA to assure the privacy and confidentiality of protected personal health information of clients and patients. CCA employees and volunteers shall not permit the unauthorized disclosure of protected health information except as permitted or required by law. Each CCA Staff and Other contracted service providers and volunteers shall be furnished a paper or electronic copy of this policy and is expected to read and comply with CCA policy.

• CCA is required to designate a HIPAA Privacy Officer. The Executive Director of CCA will serve as the HIPAA Privacy Officer and will be the single point of contact for the agency. Any and all potential breaches in PHI shall be reported immediately.

• CCA is responsible for ensuring that employees are provided a Notice of Privacy Policy and that all clients, and parents and guardians of clients, with the exception of forensic clients, are provided a Management and Protection Health Information Policy Practice Statement.

Note, for employees working with the Department of Children and Families, staff will rely on the Department’s Notice of Privacy Policy and comply with its requirements as outlines below:

1. The Notice of Privacy Policy shall be maintained and visible at all times in an area or areas that result in the Notice being accessible to all employees.

2. The Management and Protection of Personal Health Information Policy Statement (Attachment 2) shall be visibly posted at any service location serving clients.

3. All patients/clients/parents or guardians of the client/patient, caregivers, foster and adoptive parents, with the exception of forensic clients, will receive the Management and Protection of Personal Health Information Policy at the time of initial face-to-face contact.

4. If a reason exists as to why the Management and Protection of Personal Health Information Policy is not provided to the client, parent, or guardian at the first face-to-face contact, (i.e. incompetent, child in facility and parent/guardian not available, etc.) the record shall be documented accordingly and the policy shall be provided to the guardian, parent, etc. at the first opportunity.

5. The requirement to ensure that each client/patient/parent or guardian of the client/patient, caregiver, foster and adoptive parent will receive a copy of the Management and Protection of Health Information Policy shall be included in each provider’s contract as a compliance requirement.