THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU MAY GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY
If you have any questions about this notice, please contact our Privacy Officers:
Mary Jane Creely, MS, RN, PMHCNS-BC, Vice President & QI Officer
Debra Schindler, Program Coordinator, HI
WHO WILL FOLLOW THIS NOTICE:
This notice describes NCCMHC practices and that of:
Any mental health care professional authorized to enter information into your medical record.
All departments and units of the mental health center.
All employees, staff, students and volunteers.
OUR PLEDGE REGARDING MEDICAL INFORMATION:
We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. We need this record to provide you with quality and effective mental health services and to comply with certain professional, regulatory, and legal requirements. This notice applies to all records created by NCCMHC regarding your assessment, care and treatment.
This notice will inform you about the ways in which we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of medical information.
We are required by law to:
Make sure that medical information that identifies you is kept private.
Provide you this notice of our legal duties and privacy practices with respect to medical information about you: and
Follow the terms of this notice that is currently in effect.
HOW WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU:
The following categories describe different ways that we use and disclose medical information. For each category of use and disclosure we will explain what we mean and try to provide an example. Not every use or disclosure will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of these categories.
For Treatment: We may use medical information about you to provide you with mental health treatment and services. We may disclose health information about you internally to psychiatrists, nurses, therapists, case managers, students and volunteers or other professional staff involved in your care. For example: information obtained by a psychiatrist, nurse, clinician or other members of your treatment team will be recorded in your record and used to determine the course of treatment that should best work for you. Members of your mental health team will then record the actions they took and their observations and assessments. In that way the psychiatrist(s) and other treating staff will know how you are responding to treatment interventions.
For Payment: We will use your health information for payment of services if applicable. For example, a bill may be sent to you or your third party payer. The information on or accompanying the bill may include information that identifies you as well as your diagnosis, clinical procedures and professional services provided. You should be aware that third party payers require such information in order to honor a claim for payment.
Health Care Operations: We will use your health information for regular health care operations. For example, members of the medical staff and or, the Quality/ Performance Improvement Team may use information in your health record to assess the care and outcomes in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the plan of care and services we provide.
Appointment Reminders: We may use medical information to contact you as a reminder that you have an appointment with a NCCMHC staff member.
Treatment Alternatives: We may use and disclose medical information to tell you about possible treatment options or alternatives that may be of interest to you.
Individuals Involved in Your Care: With your written permission only, we may disclose to family members or friends significant care and treatment information to support your plan of care.
As Required by Law: We will disclose medical information about you when we are required to do so by federal, state or local law.
Public Health and Safety Risks: We may disclose medical information about you to public health authorities. We may use or disclose information about you to agencies when necessary to prevent a serious threat to the health and safety of you, the public, or another person. These activities generally include:
To prevent or control disease, injury or disability
To report child abuse or neglect
To report elder abuse or neglect
To report severe reactions to medications
To notify people of recalls of products related to your services
To report serious crimes to law enforcement authorities
To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition
To notify the appropriate government authority if we believe an individual has been the victim of abuse, neglect, or domestic violence. We will only make this disclosure when required or authorized by law.
Health Oversight Activities. We may disclose medical information to an authorized health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, licensure & accreditation. These activities are necessary for the government to monitor the health care system, and related government programs, as well as compliance with civil rights laws.
Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in a response to a valid subpoena, discovery request, or other lawful process by someone else involved in the dispute.
Law Enforcement. We may release medical information if asked to do so by a law enforcement official:
In response to a court order, subpoena, warrant, summons or similar process;
To identify or locate a suspect, fugitive, material witness, or missing person;
About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
About a death we believe may be the result of criminal misconduct;
About criminal conduct at NCCMHC and any of its program sites;
In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
Medical Examiners. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death.
National Security & Intelligence Activities. We may release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
Protective Service for the President and Others. We may disclose medical information about you to authorized federal officials so they may provide protection to the President of the United States.
Inmates. If you are an inmate of a correctional or penal institution or under the custody of a law enforcement official, we may release medical information about you to the correctional penal institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others, or (3) for the safety and security of the correctional institution.
YOUR RIGHTS REGARDING MEDICAL INFORMATION ABOUT YOU.
You have the following rights regarding medical information we maintain about you:
Right to Inspect and Copy. You have the right to inspect and be provided a copy of medical information that may be used to be make decisions about your care.
We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by the NCCMHC will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Right to Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by the NCCMHC.
To request an amendment, you request must be made in writing and submitted to the Program Coordinator, Health Information. In addition, you must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
Was not created by NCCMHC, unless the person or entity that created the information is no longer available to make the amendment;
Is not part of the medical information kept by NCCMHC;
Is not part of the information which you would be permitted to inspect and copy; or
Is accurate and complete.
Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures.” This is a list of the disclosures we made of medical information about you to others except for purposes of treatment, payment and operations identified above.
To request this list or accounting of disclosures, you must submit your request in writing to Program Coordinator, Heath Information. Your request must state a time period, which may not be longer than six years and may not include dates before April 14, 2003. The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care of the payment for your care, like a family member or friend.
We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment. Still, you should be aware that there could be circumstances when this request for restriction or limitation on the disclosure of your medical information may not be upheld. For example, we may not honor your request if the disclosure is necessary in providing you emergency treatment or in providing you protection from serious harm, injury or death.
To request restrictions, you must make your request in writing to the Program Coordinator, Health Information. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse or close relative or friend.
Right to Request Confidential Communication. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you by mail or at work.
Right to a Paper Copy of this Notice. You have the right to a paper copy of this privacy notice. You may ask us to give you a copy of this privacy notice at any time by requesting a copy from any member of the NCCMHC personnel.
Changes to this Notice
We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any information we receive in the future. We will post a copy of the current notice in the NCCMHC. The notice will contain on the first page, the effective date. In addition, each time you register at or are admitted to the NCCMHC for treatment or health care services as an outpatient, we will offer you a copy of the current notice in effect.
If you believe your privacy rights have been violated; you may contact or submit your complaint in writing to the Privacy Officer in the Quality Improvement Department of NCCMHC (Mary Jane Creely, MS, APRN, BC). If we cannot resolve your concern, you also have the right to file a written complaint with the Secretary of the Department of Health & Human Services.
Region I - Office for Civil Rights,
U.S. Department of Health and Human Services
J.F. Kennedy Federal Building--Room 1875
Boston, Massachusetts 02203
Telephone: (617) 565-1340
FAX : (617) 565-3809
TDD : (617) 565-1343
The quality of your care will not be jeopardized nor will you be penalized for filing a complaint.
OTHER USES OF MEDICAL INFORMATION
Other uses and disclosures of medical information not covered by this notice or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization and otherwise described in this notice. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you for 6 years after discharge from services.
9.1.19 Access and Physical Safeguards Policy
The QI Administrator and the Privacy Officer
or designee shall ensure that reasonable technical and physical safeguards are
in place to minimize the risk of unauthorized use or disclosure of PHI stored
and/or transmitted electronically within the organization and to external associates. The Director will also be responsible for
written contingency plans to cope with the results of reasonably anticipated
threats, hazards or crises related to the loss of access to electronic media.
Health Information Program Coordinator or designee
shall ensure that reasonable procedural and physical safeguards are in place to
minimize the risk of unauthorized use or disclosure of PHI stored and/or
circulated within the organization and to external associates. The Administrator of Quality Improvement and
the Privacy Officer or designee will also be responsible for written
contingency plans to cope with the results of reasonably anticipated threats,
hazards or crises related to the loss of records.
The following procedures were developed to ensure the physical
protection of records by staff reviewing, processing, storing and handling
records and to prevent theft, destruction, loss and other forms of unapproved
(active) medical records of clients currently in service are maintained in the
Health Information Rooms. Closed
(inactive) records not currently in service are in the Health Information
archives at 127 Johnnycake Hill
Access to the closed records system is limited to Quality
Improvement/Health Information staff, administrators, and emergency services
records are “signed out” to staff daily on an as-needed basis and “logged in”
upon return. Client appointment
schedules of Emergency Services (ES) and Outpatient Services (OPS) are
submitted weekly to facilitate the retrieval of records for staff use.
authorized NCCMHC staff members are provided access to the Health Information
Rooms. Clients and visitors are
restricted from this area.
records are returned to the Health Information Rooms by the end of the business
day. No records shall be housed in staff
records need to be accounted for on a daily basis so that they are available
and accessible at all times for client care.
records do not leave the building except when client needs to be seen urgently
at another site.
documentation (i.e., progress notes, medication administration sheets, monthly
summaries) may be routed to the Health Information rooms from off-site programs
via the interoffice mail system or by staff delivering written materials
directly to the Health Information Room for filing.
sites (AJH, FA) maintain locked file cabinets to secure program-specific client
records. When not in use and unattended
by staff, these cabinets are locked.
of client record information is provided only upon evidence of a valid
“Authorization of the Release of Confidential Healthcare Information.”
ensure that all staff understand and abide by the existing procedures to
protect client confidentiality, all requests for information received or
sent are logged in and out by the Health Information staff. The “releases” are reviewed for
appropriateness as well as validity.
The Health Information rooms are locked when
unattended by a NCCMHC staff member.
It is the responsibility of the HI Department to ensure
the privacy, confidentiality, location and appropriate access of client records
at all times. To fulfill this mandate,
HI shall provide for and maintain a practice of “sign out” by clinical staff
relate to clinical records. In the case
of an emergency, HI will be able to reference the locator/tracking log to
establish the whereabouts of any record.
All records are returned daily to the HI Department (127 Johnnycake Hill
Road, 65 Valley Road).
- All records
removed form the medical record rooms shall be signed out, indicating the
date, time and staff member.
Records removed form the closed archive shall be facilitated by formal
request and identified by an out guide noting the following: staff member’s
name, client’s name, ID number, date of last service (closing date) and date of
signing out. Upon return, all records
shall be signed in.
Access and Physical Safeguards
Policy for Rhode Island Continuum of Care Records and Homeless Management
Information System (HMIS) users
Purpose: The purpose of this policy is to
provide guidance around security measures for HMIS users in order to ensure the
security of information at the workstation and information the workstation may
have access to. Additionally, the policy
provides guidance to ensure the requirements of HIPPA are met and that the
agency ensures compliance with HMIS requirements, including staffing, data
entry, and data quality standards.
Scope: This policy applies to all HMIS user employees with a RI HMIS
user-owned or personal workstation connected to the RI HMIS user network.
Policy: Only licensed and authorized
users will have access to HMIS. NMH will
determine which staff member will have access to the ServicePoint HMIS
(“Authorized Users”) and will determine the access level for each authorized
user. Newport Mental Health will inform
the System Administrator of the name of each Authorized User and their approved
access level. New Users will be provided
training for the ServicePoint software through Rhode Island Coalition for the
Homeless. Newport Mental Health will
notify the System Administrator within two business days if an Authorized User
leaves the agency. The user licenses and
access to ServicePoint will be cancelled immediately by the System
Administrator for any departing Authorized User. The Director of IT serves as the HMIS
Security Officer who will ensure the agency is adhering to the Security
Appropriate measures must be taken when
using workstations to ensure the confidentiality, integrity and availability of
sensitive information, including personal protected information and that access
to sensitive information is restricted to authorized users only. Newport Mental Health shall follow all of the
HUD HMIS Data Security Standards as recorded in the Federal Register.
HMIS users utilizing workstations shall
consider the sensitivity of information, including personal protected
information that may be accessed and minimize the possibility of unauthorized
access. Each HMIS user shall have a separate account on any shared computer.
HMIS users will implement physical and
technical safeguards for all workstations that access electronic protected
health information to restrict access to authorized users. Appropriate measures include but are not limited
to the following:
physical access to workstations to only authorized personnel
workstations prior to leaving area to prevent unauthorized access
a three password-protected screen saver with a short timeout period to ensure
that workstations that were left unsecured will be protected
with all applicable password policies and procedures
installing unauthorized software on workstations
laptops that contain sensitive information by locking laptops up in drawers or
with laptop agreement policy and all MIS Policies and Procedures
Newport Mental Health HMIS Administrative
Staff will ensure the following:
on adults and Children who are homeless as defined by the Department of Housing
and Urban Development (HUD) will be entered into ServicePoint HMIS.
will not enter any client data into the ServicePoint HMIS without client
consent for Data Collection Form signed by the client.
consent may be revoked by the client at any time with written consent. Clients have a right to inspect, copy, and
request changes in their HMIS record.
will not enter any client data in violation of any restrictions or limitations
placed on the use of the data by the client.
HMIS Administrative staff will conduct monthly reports to ensure data quality
standards are met and corrected as needed.
Any employee found to have violated this
policy may be subject to disciplinary actions, up to and including termination