Medical Record Security Plan

It is the policy of this company that all personnel must preserve the integrity and the confidentiality of medical and other sensitive information pertaining to our residents. The purpose of this policy is to ensure that all staff have the necessary information to provide the highest quality of care possible while protecting the confidentiality of that information to the highest degree possible so that residents do not fear to provide information to the facility for purposes of treatment. To that end, the facility will:

  •  Collect and use individual medical information only for the purposes of providing services and for supporting the delivery, payment, integrity, and quality of those services.
  •  The company will not use or supply individual medical information for non-health care uses,
    such as direct marketing, employment, or credit evaluation purposes other than as
    authorized by the Health and Human Services Privacy Regulations (“HHS”) (“privacy
    regulations’).
  •  To provide proper diagnosis and treatment.
  •  With the individual’s knowledge and consent/authorization.
  •  Recognize that medical information collected about residents must be accurate, timely,
    complete, and available when needed. The company will:
       o Use their best efforts to ensure the accuracy, timeliness, and completeness of data
    and to ensure that authorized personnel can access it when needed.
       o Complete and authenticate medical records in accordance with the law, ethics, and
    accreditation standards.
       o Maintain records for the retention periods required by law and professional
    standards.
       o Not alter or destroy an entry in a record, but rather designate it as an error while
    leaving the original entry intact and create and maintain a new entry showing the
    correct data.
       o Implement reasonable measures to protect the integrity of all data maintained about
    residents.
  •  Recognize that residents have a right of privacy. The facility will respect residents’ individual
    dignity at all times.
  •  Act as responsible information stewards and treat all individual medical record data and
    related financial, demographic, and lifestyle information as sensitive and confidential.
    Consequently, the company will:
       o Not divulge medical record data unless the resident (or his or her authorized
    representative) has properly consented to the release or the release is otherwise
    authorized by the privacy regulations and/or other law, such as communicable
    disease reporting, and child abuse reporting.
       o Remove resident identifiers when appropriate, such as in statistical reporting and in
    evaluation studies.
    MedicalRecordSecurityPlan.MEDICAL 2
       o Not disclose financial or other resident information except as necessary for billing or
    other authorized purposes as authorized by the privacy regulations, other laws, and
    professional standards.
       o Recognize that some medical information is particularly sensitive, such as:
    § HIV/AIDS information
    § Mental health and developmental disability information
    § Alcohol and drug abuse information;
    § and other information about sexually transmitted or communicable diseases.
    The disclosure of such information could severely harm residents, such as by
    causing loss of employment opportunities and insurance coverage, as well as the
    pain of social stigma. Consequently, the company will treat such information with
    additional confidentiality protections as required by law, professional ethics, and
    accreditation requirements.
       o Recognize that, although the company “owns” the medical record, the resident has a
    right of access to information contained in the record. The company will:
  •  Permit residents to access and copy their protected health information in
    accordance with the requirements of the privacy regulations.
  •  Provide resident an opportunity to request correction of inaccurate data in
    their records in accordance with the requirements of the privacy regulations.
  •  Provide residents an accounting of uses and disclosures other than those for
    treatment, payment, and healthcare operations in accordance with the
    requirements of the privacy regulations.
  •  All employees will receive annual in-services/trainings on HIPPA regulations and general confidentiality standards.
  • Clients can request their medical records at any point and time.
  • Medical records are kept on file for a total of 3 years.

All employees must adhere to this policy. The company will not tolerate violations of this policy. Violation of this policy is grounds for disciplinary action, up to and including termination of employment and criminal or professional sanctions.