Privacy Policy

Maintaining Security of Client Protected Health Information

Policy

Aspire Addiction Recovery Center (AARC) shall establish and maintain appropriate administrative, technical and physical safeguards to protect the privacy of protected health information from loss, tampering, defacement and unauthorized access. Safeguards shall be in place to protect information from any intentional or unintentional use or disclosure. Compliance with all laws governing access, confidentiality, security, and disposal of records will be followed.

Procedure

  1. All client service records shall be maintained in a secure and confidential manner. Hard copy records shall be in either locked files or room which can be locked. Electronic records of confidential information that is stored in an automated data processing system (computer), shall be password protected to insure controlled access to such information.
  2. Records can be accessed directly only by duly authorized persons. All others who may have legitimate access to confidential client records shall apply to the Executive Director and/or the Clinical Director. All duly authorized employees shall have a key to the appropriate facility, alarm code information, and access to the key that unlocks the appropriate storage system.
  3. AARC will utilize the services of appropriate information technology professionals to insure that electronically stored confidential information is safeguarded to insure controlled access to such information.
  4. Records may be removed from the designated program's site only under the following conditions (note: whenever a subpoena to produce documents is received, the Executive Director must be contacted):
    1. In accordance with a subpoena to produce documents or objects, or other court order or when client records are needed for a district court hearing.
    2. Whenever service records are needed for treatment/habilitation or audit purposes.
    3. In situations where it has been determined that it is not feasible or practical to copy the client record or portions thereof, client records may be securely transported to a local health provider, provided the record remains in the custody of a delegated employee.
  5. Client's records shall be transported between facilities by staff of AARC. The Executive Director will be informed if a record needs to be removed from the facility. The following procedures will be followed.
    1. A double log sheet will be used to document when a record is moved from a facility. A master log will be maintained at the facility from which the record is being removed from and a copy of same will be placed in the record.
      1. The log sheet shall record the date and time the record was removed, name of staff along with staff signature acknowledging their assuming legal responsibility for the safety and contents of the record, reason for removal of the record, destination of record, and time and date record is returned.
      2. When clients' records are removed from the facility premises, efforts shall be made to ensure that the records are packaged safely and securely in plain manila envelopes with no client identifying information evident. When clients' records are transported by motor vehicle, the records shall be secured in a locked compartment (e.g. locked car, locked trunk).
  6. Unless circumstances warrant otherwise, when a client's record is required in response to a subpoena or other order of the court, or for district court hearings, a copy of the record is to be made and delivered and the original shall be maintained on site.
    1. Clients or a client's legally responsible person may have access to the client's records.
      1. When a record is being reviewed, it shall remain at all times within the direct sight the appropriate designated employee who shall be responsible for the security and physical integrity of the record, and who shall document the review in the record.
      2. When a record is being reviewed, a AARC staff will provide security of the record and will provide interpretation for only information generated by AARC.
  7. AARC will not charge a fee for the review of a record on premises by a client or the client's representative. AARC may impose a fee for any reproduction of all or part of a record.
    1. Fees for reproduction may be waived in the following situations:
      1. Professional courtesy when records are requested by physicians, psychologists, hospitals, or other health care providers.
      2. Third party payers when AARC will derive direct financial benefits.
      3. Attorneys representing the Attorney General's Office and Special Counsel.
      4. Other situations determined by the Executive Director, or designee, to be for good cause.
      5. When indigent clients request pertinent portions of their records necessary for the purpose of establishing eligibility for SSI, SSDI, Medicaid, or other legitimate aid.
  8. When AARC receives confidential information from another agency, or individual, such information shall be treated as any other confidential information generated by AARC. Security and disclosure of such information shall be governed by this policy.
  9. Once information has been correctly placed in a client's record, such information shall remain a permanent part of the record. Reports shall be proofread and corrected before they are signed as a final copy and filed in the client's record.
  10. Employees and other individuals who have access to client information will receive specific training regarding the confidentiality of client information.
  11. All facilities will develop procedures and purchase necessary equipment or services to assure proper disposal of printed information that may identify a client.

Confidentiality of Client Record and Protected Health Information

Purpose

To establish clear, appropriate and acceptable confidentiality of protected health information (PHI) and all aspects of confidentiality, and to establish and maintain processes and resources for reporting, investigating, and resolving potential violations of applicable Federal and State laws within the organization.

Policy

It is the policy of Aspire Addiction Recovery Center to establish a mechanism to protect the confidentiality of individual identifiable member health and financial information from any unauthorized intentional or unintentional use or disclosure in accordance with the requirements set forth in HIPAA 45 CFR 164.

Definition

Protected Health Information (PHI) – Any individually identifiable health or financial information, whether verbal, written, electronic, or otherwise recorded in any form or medium that is:

  1. Created or received by AARC or one of its employees, agents or contracted service providers.
  2. Related to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual or the past, present, or future payment for the provision of health care to an individual.

The Federal Privacy Regulations further specify that the following 17 pieces of "Individually Identifiable Information" that, when linked with health or medical information, constitutes PHI (45 CFR 164.514):

  1. Names of the individual, and relatives, employers or household members of the individual
  2. Geographic identifiers of the individual, including subdivisions smaller than a state, street address, city, county and precinct
  3. Zip code at any level less than the initial three digits; except if the initial 3 digits cover a geographical area of 20,000 or less people, than zip code is considered an identifier
  4. All elements of dates, except year, or dates directly related to an individual including birth date, admission date, discharge date, date of death and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
  5. Telephone numbers
  6. Fax numbers
  7. Electronic mail addresses
  8. Social Security numbers
  9. Medical record numbers
  10. Health plan beneficiary numbers
  11. Account numbers
  12. Certificate/license numbers
  13. Vehicle identifiers and serial numbers, including license plate numbers
  14. Device identifiers and serial numbers
  15. Web Universal Resource Locators (RLs)
  16. Internet Protocol (IP) address numbers
  17. Biometric identifiers, including finger and voice prints
  18. Full-face photographic images and any comparable images

Procedures

  1. Protected Health Information may not be released without a complete and valid written consent or authorization signed by client, parent or legally authorized representative unless a release of the PHI is specifically allowed by State and Federal law without a valid authorization.
  2. Confidentiality Statement: All AARC staff is required to sign the AARC Confidentiality Statement before they are granted access to PHI.
  3. All AARC employees that suspect, discover, or receive a report of PHI violations from another party have the obligation to report that violation in writing, in person, or by telephone to a supervisor, the Executive Director, or anonymously.
  4. Any personnel or contractors that report a violation should discuss the situation only with direct supervisors or the Executive Director to ensure that confidentiality of the affected area/individuals can be maintained.
  5. For supervisors that receive notice of a potential violation, this is to be communicated to the Executive Director within twenty-four hours (24). The supervisor should not discuss the violation with other parties.
  6. When the Executive Director receives a report of a potential violation, he/she will then prepare a confidential corporate compliance report (if one has not been completed yet). The Executive Director will then conduct an initial investigation based on the report and coordinate with legal counsel if necessary.

Compliance with Applicable Laws concerning Clinical Records

Policy

It is the policy of Aspire Addiction Recovery Center to comply with all local, state, and federal laws governing its operations; to conduct its affairs in keeping with the moral, legal and ethical standards of our industry; and to support the government's efforts to reduce healthcare fraud and abuse. The Aspire Addiction Recovery Center Corporate Compliance Program establishes a culture within the organization that promotes prevention, detection, and resolution of instances of conduct that do not conform to federal and state law, and federal, state, and private payer health care program requirements. Agents, subcontractors, vendors, and consultants who represent the company are expected to adhere to the Compliance Program.

Website Privacy

Information we gather

The only information passed between our clients and Aspire ARC is the information our clients choose to submit to us. We do not share this information and the information is kept confidential between the treatment provider and patient only. Your privacy and security is very important to us and we have invested in technology to protect the information on this site, our forms and how we transmit that safely to our certified addiction recovery specialists.

How we use the information we gather

The personal information is used by Aspire ARC to gain an understanding of who the patient is and how we can best treat them. We do not share ANY info with anyone else. Information provided to Aspire ARC is 100% confidential.

The people that are given access to this information

Your personal information is only accessible by the owner and operator of Aspire ARC and no one else. All of our information is routed from this website through one single person. Your privacy is of the utmost importance to us.

Website Analytics

This site has enabled Google Analytics Demographics and Interest reporting, which gives us insight into behavior information relating to visitor age, gender, and interests on an anonymous and aggregate level. This will help us to understand browsing behavior to give you a better experience while visiting our site. You may opt out of the Google Analytics program here.