Privacy Policy



If you have any questions about this notice, please contact our Privacy Officers:

Mary Jane Creely, MS, RN, PMHCNS-BC, Vice President & QI Officer
Debra Schindler, Program Coordinator, HI
(401) 846-1213


This notice describes NCCMHC practices and that of:

  • Any mental health care professional authorized to enter information into your medical record.

  • All departments and units of the mental health center.

  • All employees, staff, students and volunteers.


We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. We need this record to provide you with quality and effective mental health services and to comply with certain professional, regulatory, and legal requirements. This notice applies to all records created by NCCMHC regarding your assessment, care and treatment.

This notice will inform you about the ways in which we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of medical information.

We are required by law to:

  • Make sure that medical information that identifies you is kept private.

  • Provide you this notice of our legal duties and privacy practices with respect to medical information about you: and

  • Follow the terms of this notice that is currently in effect.


The following categories describe different ways that we use and disclose medical information. For each category of use and disclosure we will explain what we mean and try to provide an example. Not every use or disclosure will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of these categories.

For Treatment: We may use medical information about you to provide you with mental health treatment and services. We may disclose health information about you internally to psychiatrists, nurses, therapists, case managers, students and volunteers or other professional staff involved in your care. For example: information obtained by a psychiatrist, nurse, clinician or other members of your treatment team will be recorded in your record and used to determine the course of treatment that should best work for you. Members of your mental health team will then record the actions they took and their observations and assessments. In that way the psychiatrist(s) and other treating staff will know how you are responding to treatment interventions.

For Payment: We will use your health information for payment of services if applicable. For example, a bill may be sent to you or your third party payer. The information on or accompanying the bill may include information that identifies you as well as your diagnosis, clinical procedures and professional services provided. You should be aware that third party payers require such information in order to honor a claim for payment.

Health Care Operations: We will use your health information for regular health care operations. For example, members of the medical staff and or, the Quality/ Performance Improvement Team may use information in your health record to assess the care and outcomes in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the plan of care and services we provide.

Appointment Reminders: We may use medical information to contact you as a reminder that you have an appointment with a NCCMHC staff member.

Treatment Alternatives: We may use and disclose medical information to tell you about possible treatment options or alternatives that may be of interest to you.

Individuals Involved in Your Care: With your written permission only, we may disclose to family members or friends significant care and treatment information to support your plan of care.

As Required by Law: We will disclose medical information about you when we are required to do so by federal, state or local law.

Special Situations:

Public Health and Safety Risks: We may disclose medical information about you to public health authorities. We may use or disclose information about you to agencies when necessary to prevent a serious threat to the health and safety of you, the public, or another person. These activities generally include:

  • To prevent or control disease, injury or disability

  • To report child abuse or neglect

  • To report elder abuse or neglect

  • To report severe reactions to medications

  • To notify people of recalls of products related to your services

  • To report serious crimes to law enforcement authorities

  • To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition

  • To notify the appropriate government authority if we believe an individual has been the victim of abuse, neglect, or domestic violence. We will only make this disclosure when required or authorized by law.

  • Health Oversight Activities. We may disclose medical information to an authorized health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, licensure & accreditation. These activities are necessary for the government to monitor the health care system, and related government programs, as well as compliance with civil rights laws.

Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in a response to a valid subpoena, discovery request, or other lawful process by someone else involved in the dispute.

Law Enforcement. We may release medical information if asked to do so by a law enforcement official:

  • In response to a court order, subpoena, warrant, summons or similar process;

  • To identify or locate a suspect, fugitive, material witness, or missing person;

  • About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;

  • About a death we believe may be the result of criminal misconduct;

  • About criminal conduct at NCCMHC and any of its program sites;

  • In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.

Medical Examiners. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death.

National Security & Intelligence Activities. We may release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.

Protective Service for the President and Others. We may disclose medical information about you to authorized federal officials so they may provide protection to the President of the United States.

Inmates. If you are an inmate of a correctional or penal institution or under the custody of a law enforcement official, we may release medical information about you to the correctional penal institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others, or (3) for the safety and security of the correctional institution.


You have the following rights regarding medical information we maintain about you:

Right to Inspect and Copy. You have the right to inspect and be provided a copy of medical information that may be used to be make decisions about your care.

We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by the NCCMHC will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.

Right to Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by the NCCMHC.

To request an amendment, you request must be made in writing and submitted to the Program Coordinator, Health Information. In addition, you must provide a reason that supports your request.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:

  • Was not created by NCCMHC, unless the person or entity that created the information is no longer available to make the amendment;

  • Is not part of the medical information kept by NCCMHC;

  • Is not part of the information which you would be permitted to inspect and copy; or

  • Is accurate and complete.

Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures.” This is a list of the disclosures we made of medical information about you to others except for purposes of treatment, payment and operations identified above.

To request this list or accounting of disclosures, you must submit your request in writing to Program Coordinator, Heath Information. Your request must state a time period, which may not be longer than six years and may not include dates before April 14, 2003. The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care of the payment for your care, like a family member or friend.

We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment. Still, you should be aware that there could be circumstances when this request for restriction or limitation on the disclosure of your medical information may not be upheld. For example, we may not honor your request if the disclosure is necessary in providing you emergency treatment or in providing you protection from serious harm, injury or death.

To request restrictions, you must make your request in writing to the Program Coordinator, Health Information. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse or close relative or friend.

Right to Request Confidential Communication. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you by mail or at work.

Right to a Paper Copy of this Notice. You have the right to a paper copy of this privacy notice. You may ask us to give you a copy of this privacy notice at any time by requesting a copy from any member of the NCCMHC personnel.

Changes to this Notice

We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any information we receive in the future. We will post a copy of the current notice in the NCCMHC. The notice will contain on the first page, the effective date. In addition, each time you register at or are admitted to the NCCMHC for treatment or health care services as an outpatient, we will offer you a copy of the current notice in effect.


If you believe your privacy rights have been violated; you may contact or submit your complaint in writing to the Privacy Officer in the Quality Improvement Department of NCCMHC (Mary Jane Creely, MS, APRN, BC). If we cannot resolve your concern, you also have the right to file a written complaint with the Secretary of the Department of Health & Human Services.

Region I - Office for Civil Rights,
U.S. Department of Health and Human Services
Government Center
J.F. Kennedy Federal Building--Room 1875
Boston, Massachusetts 02203

Telephone: (617) 565-1340
FAX : (617) 565-3809
TDD : (617) 565-1343

The quality of your care will not be jeopardized nor will you be penalized for filing a complaint.


Other uses and disclosures of medical information not covered by this notice or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization and otherwise described in this notice. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you for 6 years after discharge from services.


9.1.19   Access and Physical Safeguards Policy




The QI Administrator and the Privacy Officer or designee shall ensure that reasonable technical and physical safeguards are in place to minimize the risk of unauthorized use or disclosure of PHI stored and/or transmitted electronically within the organization and to external associates.  The Director will also be responsible for written contingency plans to cope with the results of reasonably anticipated threats, hazards or crises related to the loss of access to electronic media.


Health Information Program Coordinator or designee shall ensure that reasonable procedural and physical safeguards are in place to minimize the risk of unauthorized use or disclosure of PHI stored and/or circulated within the organization and to external associates.  The Administrator of Quality Improvement and the Privacy Officer or designee will also be responsible for written contingency plans to cope with the results of reasonably anticipated threats, hazards or crises related to the loss of records.




The following procedures were developed to ensure the physical protection of records by staff reviewing, processing, storing and handling records and to prevent theft, destruction, loss and other forms of unapproved access.


·         Open (active) medical records of clients currently in service are maintained in the Health Information Rooms.  Closed (inactive) records not currently in service are in the Health Information archives at 127 Johnnycake Hill Road.  Access to the closed records system is limited to Quality Improvement/Health Information staff, administrators, and emergency services personnel. 

·         All records are “signed out” to staff daily on an as-needed basis and “logged in” upon return.  Client appointment schedules of Emergency Services (ES) and Outpatient Services (OPS) are submitted weekly to facilitate the retrieval of records for staff use.

·         Only authorized NCCMHC staff members are provided access to the Health Information Rooms.  Clients and visitors are restricted from this area.

·         All records are returned to the Health Information Rooms by the end of the business day.  No records shall be housed in staff offices overnight.

·         All records need to be accounted for on a daily basis so that they are available and accessible at all times for client care.

·         Client records do not leave the building except when client needs to be seen urgently at another site.

·         Clinical documentation (i.e., progress notes, medication administration sheets, monthly summaries) may be routed to the Health Information rooms from off-site programs via the interoffice mail system or by staff delivering written materials directly to the Health Information Room for filing.

·         Program sites (AJH, FA) maintain locked file cabinets to secure program-specific client records.  When not in use and unattended by staff, these cabinets are locked.

·         Release of client record information is provided only upon evidence of a valid “Authorization of the Release of Confidential Healthcare Information.”

·         To ensure that all staff understand and abide by the existing procedures to protect client confidentiality, all requests for information received or sent are logged in and out by the Health Information staff.  The “releases” are reviewed for appropriateness as well as validity.


The Health Information rooms are locked when unattended by a NCCMHC staff member.


It is the responsibility of the HI Department to ensure the privacy, confidentiality, location and appropriate access of client records at all times.  To fulfill this mandate, HI shall provide for and maintain a practice of “sign out” by clinical staff relate to clinical records.  In the case of an emergency, HI will be able to reference the locator/tracking log to establish the whereabouts of any record.  All records are returned daily to the HI Department (127 Johnnycake Hill Road, 65 Valley Road).


  • All records removed form the medical record rooms shall be signed out, indicating the date, time and staff member.


Records removed form the closed archive shall be facilitated by formal request and identified by an out guide noting the following: staff member’s name, client’s name, ID number, date of last service (closing date) and date of signing out.  Upon return, all records shall be signed in.


9.1.19 B       Access and Physical Safeguards Policy for Rhode Island Continuum of Care Records and Homeless Management Information System (HMIS) users


Purpose:  The purpose of this policy is to provide guidance around security measures for HMIS users in order to ensure the security of information at the workstation and information the workstation may have access to.  Additionally, the policy provides guidance to ensure the requirements of HIPPA are met and that the agency ensures compliance with HMIS requirements, including staffing, data entry, and data quality standards. 

Scope: This policy applies to all HMIS user employees with a RI HMIS user-owned or personal workstation connected to the RI HMIS user network. 

Policy:  Only licensed and authorized users will have access to HMIS.  NMH will determine which staff member will have access to the ServicePoint HMIS (“Authorized Users”) and will determine the access level for each authorized user.  Newport Mental Health will inform the System Administrator of the name of each Authorized User and their approved access level.  New Users will be provided training for the ServicePoint software through Rhode Island Coalition for the Homeless.  Newport Mental Health will notify the System Administrator within two business days if an Authorized User leaves the agency.  The user licenses and access to ServicePoint will be cancelled immediately by the System Administrator for any departing Authorized User.  The Director of IT serves as the HMIS Security Officer who will ensure the agency is adhering to the Security Plan. 

Appropriate measures must be taken when using workstations to ensure the confidentiality, integrity and availability of sensitive information, including personal protected information and that access to sensitive information is restricted to authorized users only.  Newport Mental Health shall follow all of the HUD HMIS Data Security Standards as recorded in the Federal Register. 

HMIS users utilizing workstations shall consider the sensitivity of information, including personal protected information that may be accessed and minimize the possibility of unauthorized access. Each HMIS user shall have a separate account on any shared computer.

HMIS users will implement physical and technical safeguards for all workstations that access electronic protected health information to restrict access to authorized users.  Appropriate measures include but are not limited to the following:

·         Restricting physical access to workstations to only authorized personnel

·         Securing workstations prior to leaving area to prevent unauthorized access

·         Enabling a three password-protected screen saver with a short timeout period to ensure that workstations that were left unsecured will be protected

·         Complying with all applicable password policies and procedures

·         Never installing unauthorized software on workstations

·         Securing laptops that contain sensitive information by locking laptops up in drawers or cabinets

·         Complying with laptop agreement policy and all MIS Policies and Procedures

Newport Mental Health HMIS Administrative Staff will ensure the following:

·         Information on adults and Children who are homeless as defined by the Department of Housing and Urban Development (HUD) will be entered into ServicePoint HMIS.

·         NMH will not enter any client data into the ServicePoint HMIS without client consent for Data Collection Form signed by the client.

·         Client consent may be revoked by the client at any time with written consent.  Clients have a right to inspect, copy, and request changes in their HMIS record.

·         NMH will not enter any client data in violation of any restrictions or limitations placed on the use of the data by the client.

·         NMH HMIS Administrative staff will conduct monthly reports to ensure data quality standards are met and corrected as needed.


Any employee found to have violated this policy may be subject to disciplinary actions, up to and including termination of employment.