DRX2-5A – HIPPA POLICY

The client/patient has the right to a confidential client/patient record. The organization ensures this right and follows all policies and procedures to secure client/patient information. Confidentiality policies and procedures include, but are not limited to:

A definition of PHI and confidential information, and the types of information that are covered by the policy, including electronic information, telephone and cell phone communications, and verbal and faxed information

  • Persons/positions authorized to release PHI/EPHI and confidential information
  • Conditions that warrant its release
  • Persons to whom it may be released
  • Signature of the client/patient or someone legally authorized to act on the client’s/patient’s behalf
  • A description of what information the client/patient is authorizing the organization to disclose
  • Securing client/patient records and identifying who has authority to review or access clinical records
  • When records may be released to legal authorities
  • The storage and access of records to prevent loss, destruction, or tampering of information
  • The use of confidentiality/privacy statements and who is required to sign a confidentiality/privacy statement


    • The organization has clearly established written policies and procedures that address the areas listed above are clearly communicated to staff.

    There is a signed confidentiality statement for all personnel and the governing body/owner as required in the organization’s policies and procedures. Personnel and the governing body/owner abide by the confidentiality statement and the organization’s policies and procedures. The organization designates an individual responsible for seeing that the confidentiality and privacy policies and procedures are adopted and followed.

    The individual contacting the client/patient for the first time will provide written information and will discuss confidentiality/privacy of client/patient-specific information as included in the Client/Patient Rights and Responsibilities statement. Documentation of receipt of confidentiality information is maintained in the client/patient record. Client/patient records contain signed release of information statements/forms when the organization bills a third-party payor or shares information with others outside the organization as required by the Health Insurance Portability and Accountability Act (HIPAA) and other applicable laws and regulations.

    In accordance with the provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, any breaches to confidentiality of client/patient PHI must be investigated and the affected individuals must be notified that their health information was breached.