Policy Name/Number: Privacy/HIPAA/Policy Number 4475
Domain: Administration and Management
Date of Adoption: October 8, 2009
Effective Date: October 8, 2009
Date(s) of Revision: January 25, 2012
References: Council on Accreditation: CR .01-1.09; Child Welfare Information Gateway; American Academy of Pediatrics: Child Abuse, Confidentiality, and the Health Insurance Portability and Accountability Act (HIPAA) Vol 125 No. 1 January 1, 2010; Boys Town “Notice of Privacy Practices” Policy 10-2010; National District Attorney Association (National Center for Prosecution of Child Abuse); HHS.gov: Health Information Privacy (Summary of the HIPAA Privacy Rules); NFC Information Technology Security Policy #6050.
DHHS References: Title II (Section 160.203(c);
Legal References: Public Law 104-191, 45 CFR Parts 160, 162, & 164 amended by the Health Information Technology for Economic and Clinical Health Act (HITECH Act), Title XII of Division A, and Public Law 111-5 Title IV of Division B of the American Recovery Reinvestment Act (ARRA) 2009; Patient Safety and Quality Improvement Act of 2005 (PSQIA); PL 93-247 the Child Abuse Prevention and Treatment Act; Nebraska Child Abuse and Neglect Act 28-70 Sections 28-710 to 28-727.
Nebraska Families Collaborative respects the rights and dignity of the children and families it serves. NFC is committed to complying with all federal and state laws regarding the protection of all personal information. NFC complies with federal law as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). NFC agrees to protect an individual’s personal health information, and has a number of administrative, physical and technical safeguards in place to protect all electronic medical records containing child and family personal information. NFC does comply with HIPAA and all associated laws that protect client/patient safety and all electronic records from misuse.
NFC treats and secures the health records and other private information of clients and employees with the maximum security reasonably possible. All personal health information is safeguarded according to applicable legal protections, including HIPAA regulations as described in the comprehensive NFC Information Technology Policy #6050. All files and health records are kept at a minimum under single lock during office hours and double lock when the office is closed.
Nebraska Families Collaborative will comply in disclosing health information when it is required by law in regard to all state mandatory reporting requirements for child abuse or neglect and adult abuse or neglect. In addition, documents obtained from other agencies or individuals may not be released to anyone outside of NFC except as permitted by law.
Parents/Legal Guardians are given written materials describing their rights and responsibilities, this includes information regarding their rights to health information as described in the “Rights and Responsibilities” documents at the first Family Team Meeting, but in no event later than ten (10) days after the family is assigned to the NFC.
All employees must attend a mandatory Health Insurance Portability and Accountability Act (HIPAA) Training as part of a comprehensive new employee orientation and upon completion of the training, they must sign an acknowledgement of their responsibility to maintain confidentiality of the records of the clients they serve (Refer to Nebraska Families Collaborative Employee Orientation Acknowledgement Form). Human resources policies and procedures are in place with detailed actions to be taken if there is a violation of confidentiality with disciplinary actions and mandatory reporting guidelines. (Refer to Nebraska Families Collaborative Discipline Policy #5125).
NFC electronic and computer resources, including voicemail, email, Internet, intranet, and associated hardware and software systems (and all messages sent or received) are NFC property. Employees must ensure that such resources and systems do not negatively impact the security of confidential or protected health information. In addition, access to such resources and systems are primarily for business-related activities.
Under no circumstances may confidential or protected health information be shared by employees, volunteers, interns or contracted professionals with individuals within or outside of NFC, including other employees, volunteers, interns, contracted professionals, family or associates who do not have a need to know such information.
Employees, volunteers, interns, or contracted professionals without professional involvement in NFC client or organizational issues who become aware of confidential or protected health information must take reasonable steps to protect such information.
Employees may not release information about NFC or its activities to individuals outside of NFC or the media unless prior written authorization is given by the executive director or designee who will obtain permission from the Nebraska Department of Health and Human Services, Division of Children and Family Services.
NFC clients’ confidential or protected health information may not be identified or referred to in speeches, interviews or written articles.