CaliforniaStateUniversity, Long Beach
HIPAA Regulations
Must be read and signed by each student in clinic
Confidentiality of all medical information, client intake, progress notes, and discharge information are maintained in accordance with the Information Practices Act, the Confidentiality of Medical Information Act, the Health Insurance Portability and Accountability Act (HIPAA), the American Speech and Hearing Association (ASHA) code of confidentiality and CSU policy.
The Security Rule is a key part of HIPAA, the Health Insurance Portability and Accountability Act.
The rule applies to electronic protected health information (EPHI) which is individually identifiable health information (IIHI) in electronic form. The objective of the Security Rule is to maintain the confidentiality, integrity, and availability of EPHI when it is stored, maintained, and transmitted.
Health care providers must maintain reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of their EPHI against any reasonably anticipated risks. Civil and criminal penalties can result from noncompliance. There are administrative,
physical, and technical safeguards.
The HIPAA Privacy Rule protects personal health information. The Rule prohibits a health care provider from using or disclosing protected health information unless authorized by patients. The Privacy Rule permits a health care provider to use and disclose protected health information with certain limits and protections, for treatment, payment, and health care operations activities. Reasonable safeguards and minimum necessary policies and procedures are expected such as:
- Speaking quietly when discussing a client’s condition with family members in a waiting room or public area
- Avoiding using client’s names in public areas
- Isolating/locking file cabinets or record rooms
- Providing passwords on computers maintaining personal information
Individuals who need access to protected health information to perform their job duties are allowed access. If an employee has access to a client’s protected health information and it is used for any reason other than that which is necessary for his/her job, a violation of the law may have occurred. Please review the following numbered points each semester with students
Students should be aware of the following:
1. Only persons authorized by the clinic director may gain access to the locked and key-padded File Room (117B) where the charts are locked and maintained. The Clinic Director oversees the access given to graduate students and practicum faculty who are enrolled in the semester of clinical practicum. ALL videotapes must remain in the department and not to be removed unless supervision is available. They are stored in the locked file room. They can be accessed with authorization from the clinical director and/or practicum supervisor.
2. Clients (adult or parent of the child) document their consent for evaluation and treatment through their signatures on the initial report, the original medical release of information, additional medical reports, attendance policy, and the final evaluation
3. Electronic information should never contain any identifying information (no names, birthdates, or other identifying information)
4. Any client documentation that a student is working on that has identification on it must be in locked areas only. Reports should not be left in unlocked areas.
5. Reports or other documentation with identifying information cannot be saved on the clinic computers. If saved on your flash drive/memory stick,theyshould not contain identifying information.
6. Reports or other documentation saved on memory sticks should not contain any identifying Information and if stored on memory sticks, should be erased after it has been used.
7. Working files with identifying information (SOAP notes, etc.) must be kept in a locked area when not directly being used. All other forms, schedules, documentation with client names must be kept confidential.
8. Client’s files must be used in the locked file room. Client files are maintained by the student clinician each semester. Duplicated reports are kept in a separate location in the LAB building and are not backed up on a computer for security purposes.
9. .Videotapes of clients are not to be removed from the locked file room unless authorized by the Clinic Director/Clinic supervisor for parent education and/or teaching purposes.
10. To ensure that client reports are filed, stored, and utilized in a manner that provides maximum confidentiality, each faculty member/graduate student signs this document biennially for the record of management procedures.
11. The clinic secretary has the only access to the scheduling of the clients each semester on her computer. The clinic secretary has a designated password that changes daily and the intake forms for these clients are stored in a locked cabinet in the clinic office.
If you are not sure of specific HIPAA rules, please consult with Dr. Wallach,
Compliance Office for the Communication Disorders Department. Violation of rules can result in serious penalties including termination in the department.
______
Printed Name of graduate student, SLPA, instructor, faculty member
Signature______Date______
Revised 2/11 E.Ward