Policy: PRIVACY OF PATIENT HEALTH INFORMATION
The Nurse Manager of Care Net Owensboro is designated as, and assigned to be, the Privacy Officer of the Clinic. In this role, the Nurse/Clinic Manager will implement the procedures described below together with such other procedures as may be necessary to protect the privacy of patient health information.
1. Patient health information will be kept secure. Electronic records will be password protected. Other records will be maintained in secure files and kept under lock and key. Internal access to individual health information will be limited to such personnel who have a reasonable need to use such patient health information.
2. Use or disclosure of health information will be allowed to occur without the patient’s prior authorization when undertaken for purposes of treatment or for purposes related to the clinic’s healthcare operations. For other uses or disclosures, Care Net will seek prior authorization from the patient, except when such use or disclosure may be required by law, required for public health reasons, required to avert a threat of harm to the patient or a third person, or when other circumstances may reasonably warrant such use or disclosure without prior authorization.
3. Each patient will be given a written notice about the way in which health information may be used or disclosed by Care Net, including a description of the instances in which advance authorization for use or disclosure may or may not be sought and a description of the steps that the patient may exercise with respect to her own health information.
4. Written authorization will be obtained from each patient for any use or disclosure of health information for which such prior authorization is warranted as described above (see Forms).
5. Any outside disclosure of health information will be limited only to that minimum amount of information that is reasonably necessary to accomplish the specific purpose(s) of the disclosure.
6. For each patient, an accounting will be made of each outside disclosure of health information and those records will be kept for at least 7 years after the last such disclosure.
7. Each patient will be notified that she may inspect and copy her health information, that she may request restrictions on the use or disclosure of their health information, that she may request amendments to their health information and that she may find out what disclosures have been made to outside persons. Requests for inspection and copying shall be responded to within 30 days. Requests for restrictions on use and disclosure or requests for amendments of health information shall be responded to within 60 days. In the event of denial of any requests to restrict the usage or disclosure of health information or the denial of any requests to amend health information, the patient will be given a written notice of such denial and an explanation of the reasons.
8. All Care Net employees and volunteers will be trained concerning these procedures.