It Is the Policy of CETPA, Inc. to Protect the Privacy of Individually Identifiable Health

POLICY TITLE:
HIPAA Disclosure of Health Information with Authorization / POLICY #:
6.04 / PAGE 1 of 2
CATEGORY:
Rights of Persons Served / POLICY #:
6.04 / PAGE1 of2
POLICY TITLE:
HIPAA Disclosure of Health Information with Authorization (Release of Information) / ISSUED:
July 1, 2002 / LAST REVISED:
April 4, 2016
WRITTEN BY:
Norma Zuniga-Cardoza, COO / APPROVED BY:
Pierluigi Mancini, Ph.D., NCAC II, CEO

Policy:

It is the policy of CETPA, Inc. to protect the privacy of individually identifiable health information in compliance with federal and state laws governing the use and disclosure of protected health information (PHI) and confidentiality.

It is also the policy of CETPA to provide for the client’s voluntary authorization for use or disclosure of his or her PHI. Any authorized disclosure/release of client PHIwill be time limited, and specify the exact PHI to be disclosed, and to whom.

Procedure:

1. Authorization for the disclosure of protected health information (PHI) should normally be sought using the Release of Information, written in plain language and specifying:

1. The full name of the client;
2. Type of Authorization
3. Release to;
4. Obtain from;
5. Communicate with
6. The name, address and phone number of person and/or agency to whom the PHI is to be disclosed;
7. A specific description of the PHI to be disclosed;
8. The purpose or need for the disclosure of PHI;
9. A statement that the authorization is subject to revocation in writing by the client at any time unless protected health information has already been disclosed;
10. A description of how to revoke;
11. A statement that with the exception of information relating to substance abuse, the information disclosed may be subject to re-disclosure by the recipient and no longer protected by the Privacy regulations of HIPAA;
12. The witnessed signature of client or authorized representative, and the date of signature.
13. If signed by a representative, a description of the authority of that person to act for the client;

1. Any disclosures that occur shall be limited to the minimum amount of information necessary to meet the purpose of the use or disclosure. Exceptions to the minimum necessary requirement are as follows:
2. When the client authorizes the disclosure.
3. Disclosures required by law.
4. PHI may only be disclosed without authorization in the followingsituations:
5. To a public health authority (audits, investigations, inspections, and licensure);
6. To report child abuse/neglect situations, and other situationsinvolving abuse, neglect or domestic violence (if disclosure isallowed by law);
7. To judicial or administrative proceedings (lawsuits, subpoenas);
8. To law enforcement (but only in certain circumstances; includingwhen they present a grand jury subpoena; information concerning forensic clients; to locate a missing person, suspect, or fugitive; or at the discretion of the head of the facility when the information isrequested to assist law enforcement in their investigation;
9. To avert a serious threat to health or safety;
10. Governmental functions (such as national security; veteransinformation);
11. To medical examiners and coroners;
12. To funeral directors;or
13. As required by law.

Attachment:Release of Information Form

6.04