Heading hidden

POLICY AND PROCEDURE
_____________________________________________________
TITLE: CONFIDENTIALITY/PRIVACY RULE

APPENDIX A

PURPOSE

To ensure patient privacy and confidentiality, to prevent alteration, unauthorized use of, or damage to, patient information. To adhere to HIPAA’s (Health Insurance ortability and Accountability Act) privacy rule.

POLICY
Patient’s personal health information (PHI) is discussed only with those who have a need for the information as related to treatment, payment and operations (TPO). Discussions take place only where they will not be overheard. Written communication is also safeguarded. Only those involved in the patient’s care, those who have the patient’s permission, those involved in health care
education and any office personnel who file client information in the charts are authorized access to the client’s charts. This includes access to computer information about the patient. If patient information is used for education purposes, the patient is not identified by name.

PROCEDURE
1. All OTFPL are oriented to the policy/procedure for confidentiality of the patient’s PHI. The importance of confidentiality is stressed upon interview and a copy of the policy is given to the employee with all other interview information. This is reinforced during the annual policy/ procedure in service.

2. OTFPL privacy notice will be given and explained to staff at the time of orientation.

3. With written consent of the patient (if a minor, the parent’s written consent), limited information, which is essential for TPO, is obtained prior to initiation of treatment (See Appendix A). Patients/caregivers will confirm their receipt of OTFPL’s privacy notice by signing the consent form (See Appendix B).

4. Applicable regulatory accrediting organizations, such as the Department of Health, may have access to patient records as required by law, survey or accreditation.

5. All business associates of OTFPL who receive or have access to PHI must follow OTFPL confidentiality and privacy regulations. A business associate is an organization of person(s) other than an employee of the agency who receives protected health information from OTFPL to provide services to, or on the behalf of, OTFPL. Examples of business associates of OTFPL include:
 Sub-contracted delivery services
 Management and operations consultants
 Accreditation services
 Outcome management firms
 Accounting and legal services
 Patient information software vendors
 Billing vendors
 Electronic certification vendors
A contract/agreement with each business associate will be maintained.

Information will be specifically listed relating to OTFPL confidentiality and privacy
regulations of the patient’s personal health information.

POLICY AND PROCEDURE
_________________________________________________________
TITLE: CONFIDENTIALITY/PROVACY CONSENT FORM

APPENDIX B

Dear Patient/Guardian:

Your signature on this document is affirmation that you received the attached confidentiality and privacy agreement (Appendix A), which states our purpose, policy and procedure for releasing patient information as related to treatment, payment, and operations (TPO). Please read appendix A and sign below. Signing this document will permit OTFPL to release patient information with adherence to the HIPAA (Health Insurance Portability and Accountability Act) privacy law.

Patient Name (Print): __________________________________

Patient Signature: _____________________________________Date: __________
(Parent/ caregiver signature for minors)

 

Print Friendly, PDF & Email