Confidentiality Policy and Mitigation for Site with Multiple Services
Pacific Solstice exists to improve public health by treating substance use disorders and dual diagnosis needs effectively and affordably. Treatment begins with privacy and individualized care. Pacific Solstice Policy, Client HIPAA Confidentiality Guidelines, helps describe specific measures to ensure every client is treated privately and comfortably regardless of the service(s) scheduled to receive. This Policy addresses how and why patients will not mix and deliver care distinct by license or certification. All documents received and produced regarding a resident's medical and mental state, as well as the treatment of such illnesses, are covered by the Confidentiality Policy. It also relates to how such services are billed and paid for.
Pacific Solstice manages the client and the client’s files and information in accordance with HIPAA and Part 2 of Title 42 of the Code of Federal Regulations, and when state funds are used, Health and Safety Code, Sections 11812(c) and 11977. A copy of the federal regulations shall be available at each program. The federal regulations we adhere to are from:
Superintendent of Documents
U. S. Government Printing Office
Washington, D.C. 20402
Confidentiality Objectives and Plan
Every patient shall receive distinct services based on their service schedule and treatment plan. Both are separated by license or certification type in terms of placement, staff training and secure technology.
Upon arrival, patients shall be situated in their respective group room, rather than sitting in the waiting area. This avoids patients sitting together and learning about why others are here and what specifically someone else is here to receive. Further, any breach of confidentiality is mitigated by a sign in sheet with only initials. Last, patients receiving various services are not mixed together in any appointment or group, including family groups.
Honor the trust and privacy of all patients. Utilize Pacific Solstice Orientation, Learning Management System Modules and Procedures as the Guide to Client Confidentiality, ensuring programs and services do not mix in the service milieu.
Client files shall be accessible only to authorized personnel.
Pacific Solstice resources and communications systems (computer, phone, etc) are to be used for business purposes only and the EHR separates the locations of DHCS services from that of any DSS services. A location is based on the certification or license, not a physical location. As services are separated in different wings and different groups and with separated staff (staff services under a DHCS certification have different duties and roles than staff services under a DSS license), the EHR distinguishes a location for DHCS services as a different and distinct location for DSS services.
You have specific rights when it comes to your health information. This section discusses your rights as well as some of our obligations to assist you.
- Get an electronic or paper copy of your medical record
- You have the right to view or obtain a print or electronic copy of your medical record and any other health information we hold about you. Inquire with us about how to accomplish this.
- We will provide you a copy or a summary of your medical records within 30 days of receiving your request. We may charge a cost-based fee that is appropriate.
- Ask us to correct your medical record
- You have the right to request that we correct any health information about you that you believe is inaccurate or incomplete. Inquire with us about how to accomplish this.
- If we decline your request, we will explain why in writing within 60 days.
- Request confidential communications
- You can request that we contact you in a certain manner (for example, via phone at your home or at your office) or that we send mail to a different address.
- All reasonable demands will be granted.
- Ask us to limit what we use or share
- You have the right to request that specific health information not be used or shared for treatment, payment, or our operations. We are not obligated to comply with your request, and we may decline if it will compromise your care.
- If you pay for a service or health care item in full out of pocket, you can ask us not to disclose such information with your health insurance for the purpose of payment or our operations. Unless a law forces us to divulge that information, we will say "yes."
- Get a list of those with whom we’ve shared information
- You have the right to request a list (accounting) of the times we've shared your health information in the six years leading up to the date you're requesting it, as well as who we shared it with and why.
- All disclosures shall be included, with the exception of those related to treatment, payment, and health-care operations, as well as certain other disclosures (such as any you asked us to make). We'll give one free accounting every year, but if you need another within a year, we'll charge a reasonable, cost-based price.
- Get a copy of this privacy notice
- Even though you have accepted to receive this notice electronically, you can request a physical copy at any time. We will send you a printed copy as soon as possible.
- Choose someone to act for you
- If you have granted someone medical power of attorney or designated someone as your legal guardian, they can exercise your rights and make decisions about your health information.
- Before we take any action, we'll double-check that the individual has this authority and may act on your behalf.
- File a complaint if you feel your rights are violated
- You can make a complaint with the Office for Civil Rights of the United States Department of Health and Human Services by writing to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or going to hhs.gov/ocr/privacy/hipaa/complaints/.
- We will not retaliate against you for filing a complaint.
You can tell us anything you don't want us to disclose about your health information. Talk to us if you have a clear preference for how we disclose your information in the conditions listed below. Tell us what you want us to do, and we'll accomplish it according to your requests.
You have the right and the option to instruct us to:
- Share information with your family, close friends, or others engaged in your care
- Share information in a disaster relief situation
- Include your information in a hospital directory in certain situations
If you are unable to express your wishes, such as if you are unconscious, we may disclose your information if we believe it is in your best interests. We may also disclose your information if we believe it is necessary to address a significant and urgent harm to your health or safety.
We never disclose your information in these situations unless you give us written permission:
- For marketing purposes
- For the sale of your information
- Most sharing of psychotherapy notes
In the case of fundraising:
- We may contact you for fundraising purposes, but you have the option of telling us not to contact you again.
Purpose of Use and Disclosure
Pacific Solstice will only disclose confidential information with your expressed consent.
All content maintained in Company IT resources and communications systems are the property of the Company. Therefore, associates should have no expectation of privacy in any message, file, data, document, facsimile, telephone conversation, social media post, conversation, or any other kind or form of information or communication transmitted to, received, or printed from, or stored or recorded on Company electronic information and communications systems. Staff will not share EHR data with a patient, unless it is secure and not exposed to the general milieu.
The Company reserves the right to monitor, intercept, and/or review all data transmitted, received, or downloaded over Company IT resources and communications systems in accordance with applicable law. Management will periodically check information flow to ensure different, specified, distinct locations, with no reference one to the other. Any individual who is given access to the system is hereby given notice that the Company will exercise this right periodically, without prior notice and without prior consent.
The interests of the Company in monitoring and intercepting data include, but are not limited to:
- protection of Company trade secrets
- proprietary information, and similar confidential commercially-sensitive information (i.e. financial or sales records/reports, marketing or business strategies/plans, product development, customer lists, patents, trademarks, etc.)
- managing the use of the computer system
- assisting associates in the management of electronic data during periods of absence
Confidentiality regarding employee phone use (answering the phone and information the associate may volunteer) adheres to HIPAA and Part 2 of Title 42 of the Code of Federal Regulations, and when state funds are used, Health and Safety Code, Sections 11812(c) and 11977.
Associates should not interpret the use of password protection as creating a right or expectation of privacy, nor should you have a right or expectation of privacy regarding the receipt, transmission, or storage of data on Company IT resources and communications systems.
Associates may not use Company IT resources and communications systems for any matter that you would like to be kept private or confidential. The EHR is the only means to protect patient safety and privacy.
Instead of whiteboard or iPad displaying anything about patients, these matters are private between the client and their counselor or therapist and are stored in the EHR.
Confidentiality regarding files adheres to HIPAA and Part 2 of Title 42 of the Code of Federal Regulations, and when state funds are used, Health and Safety Code, Sections 11812(c) and 11977.
It is the policy of Pacific Solstice to ensure the appropriate use of information and to maintain and uphold all regulations regarding that of client confidentiality. Confidentiality of both written and verbal communication must be maintained at all times.
Permitted Uses and Disclosures
It is the policy of Pacific Solstice that all clients, visitors, staff, consultants, or any other person(s) visiting or participating within the program, strictly abide by and adhere to the rules and regulations pertaining to the safeguarding of confidentiality of clients and any information related to such. Confidentiality of both written and verbal communication must be maintained at all times. Federal Law protects client information and confidentiality. Federal Regulations (Title 42 CFR, Part 2.1-2.67-1) prohibit anyone from making disclosure of information without the specific written consent of the person whom it pertains to, or as otherwise permitted by law.
- Any individual working in the Pacific Solstice treatment program will receive; have access to, create documents, records and information of a confidential and proprietary nature to Pacific Solstice and its customers. During the course of a staff member’s performance of service such information shall only be used in the performance of one's duties directly with Pacific Solstice
- All individuals agree not to use, disclose, communicate, copy or permit the use of any such information to any third party in any manner whatsoever, except to existing employees, stall; independent contractors, or other member of the treatment team at Pacific Solstice OR as otherwise directed by the written consent of tie client in the course of their treatment. OR as for those reason (s) stipulated by any state or federal rules and regulatory guidelines.
- All clients are provided with the statement and acknowledgement for the regulations regarding their right to confidentiality upon admission to the program. (See "Client Rights"').
- All employees, Board Members, Independent Contractors and Volunteers are informed of the rules and regulations regarding confidentiality upon hire. All staff signs a document that they have received a copy of the regulations regarding confidentiality and understand and agree to abide by such rules.
- Staff members are not allowed to acknowledge whether an individual is or is not in the treatment, unless a “Consent to Release Information” is on file for the person(s) inquiring. The consent on file is located in the client chart and contains whom the information is released to, what type of information can be released, the purpose of the release, and the date the consent is to be revoked. Clients have the right to revoke consents at any time.
- All program staff will keep all client information private. Both written and verbal information must remain confidential between the client and the staff. It is the responsibility of the administrative staff to remind the client care staff of the importance of confidentiality.
- Confidentiality will also apply to telephone conversations, faxes, email, social media, blogs, and inquiries from the family and the public unless disclosure is authorized.
- Violation of a client’s confidentiality constitutes a breach of the client’s rights and can result in immediate dismissal.
- An exception to this policy is the event of threats to another person, to comply with the Tarasoff responsibility to others and where State and Federal laws and Regulations mandate that certain crimes be reportable i.e., child, elderly or domestic abuse, and the intent to harm self or someone else.
- We are obligated by law to keep your protected health information private and secure.
- If a breach happens that compromises the privacy or security of your information, we will notify you as soon as possible.
- This notice outlines our obligations and privacy policies, and we must provide you with a copy.
- Unless you give us written permission, we will not use or disclose your information in ways other than those mentioned above. You have the right to alter your mind at any moment if you tell us we can. If you change your mind, please notify us in writing.
If you have any questions, other concerns or would like to learn more about our privacy practices, please contact:
Date of the policy’s effectivity: July 1, 2020