PURPOSE: This policy establishes a uniform process for disseminating privacy standards and policies required by the Health Insurance Portability and Accountability Act (HIPAA) regulations within the Department of Children and Families.
SCOPE: This policy applies to all employees and volunteers of CCA. References:
a. Health Insurance Portability and Accountability Act of 1996 (HIPAA).
b. Title 45 C.F.R. Subparts 160, 162 and 164, Security and Privacy of Individually Identifiable Health Information.
• HIPAA requires CCA to assure the privacy and confidentiality of protected personal health information of clients and patients. CCA employees and volunteers shall not permit the unauthorized disclosure of protected health information except as permitted or required by law. Each CCA Staff and Other contracted service providers and volunteers shall be furnished a paper or electronic copy of this policy and is expected to read and comply with CCA policy.
• CCA is required to designate a HIPAA Privacy Officer. The Executive Director of CCA will serve as the HIPAA Privacy Officer and will be the single point of contact for the agency. Any and all potential breaches in PHI shall be reported immediately.
2. The Management and Protection of Personal Health Information Policy Statement (Attachment 2) shall be visibly posted at any service location serving clients.
3. All patients/clients/parents or guardians of the client/patient, caregivers, foster and adoptive parents, with the exception of forensic clients, will receive the Management and Protection of Personal Health Information Policy at the time of initial face-to-face contact.
4. If a reason exists as to why the Management and Protection of Personal Health Information Policy is not provided to the client, parent, or guardian at the first face-to-face contact, (i.e. incompetent, child in facility and parent/guardian not available, etc.) the record shall be documented accordingly and the policy shall be provided to the guardian, parent, etc. at the first opportunity.
5. The requirement to ensure that each client/patient/parent or guardian of the client/patient, caregiver, foster and adoptive parent will receive a copy of the Management and Protection of Health Information Policy shall be included in each provider’s contract as a compliance requirement