Rule 82-4-1-.18. Confidentiality
Rule 82-4-1-.18. Confidentiality
- 1. The C & A CSU shall have records management policies, procedures and practices to manage and to protect the confidentiality and protected health information of individuals' records, to include electronic records.
- 2. The C & A CSU's records management policies shall support secure, organized records and shall be consistent with all applicable policies and procedures and federal and state laws and regulations.
- 3. The C & A CSU shall ensure that the individual's rights regarding his or her own confidential and protected health information are protected, including but not limited to, access to protected health information, requesting amendment to the clinical record, requesting restriction of disclosure, and requesting an accounting of disclosures that have been made.
- 4. The C & A CSU shall have a Notice of Privacy Practices regarding confidentiality of the individual's protected health information, which Notice shall comply with the requirements of Health Insurance Portability and Accountability Act (HIPAA).
- 5. The C & A CSU shall post the Notice of Privacy Practices at all times in the admissions area and in prominent locations where it is reasonable to expect individuals to be able to read the notice. Additional copies must be available for distribution upon request.
- 6. The C & A CSU shall provide a copy of the Notice of Privacy Practices to the individual and his or her legal guardian, as defined by state law, upon the individual's admission.
7. The C & A CSU shall have policies, procedures and practices that are compliant with the requirements of HIPAA regarding:
- a. Complaints regarding violation of confidentiality and privacy rights;
- b. Reports of breaches of HIPAA to the Department, and as required by law when applicable to the individual, to the United States Secretary of Health and Human Services, and to the media;
- c. Sanctions of employees for violations of HIPAA; and
- d. Identifying business associates, as defined by HIPAA, of the C & A CSU and obtaining satisfactory assurances of the business associates' compliance with the requirements of HIPAA.
- 8. The clinical record, information about an individual contained in incident reports and any documents that are not part of the clinical record, and all information about an individual whether oral or written, and regardless of how stored, is confidential.
9. Unless authorized in writing by a valid authorization signed by the legal guardian, or by applicable law, the C & A CSU shall not:
- a. Confirm or deny whether an individual is receiving or has received services from the C & A CSU; or
- b. Disclose any confidential or protected health information regarding the individual.
Authority: O.C.G.A. Secs. 37-1-29, 37-3-166, 37-7-166.
History. Original Rule entitled "Incident and Complaint Reporting and Investigation Procedures" adopted. F. Jun. 27, 2011; eff. July 17, 2011.
Repealed: New Rule entitled "Confidentiality" adopted. F. Mar. 9, 2015; eff. Mar. 29, 2015.