Professional Ethics and Law in California, 2nd Edition _ ____________________________________________
In addition to reasonable safeguards, covered entities are required to develop and implement policies and procedures that limit the sharing of protected health information and to implement them as appropriate for their practices. The poli- cies must limit who has access to protected health information and specify the conditions under which it can be accessed and designate someone to be responsible for ensuring that procedures are followed (privacy officer). It may seem that the law serves only to place limits on the sharing of information. However, it does allow the sharing of protected health information as long the mental health worker takes reasonable precautions with the information. Some steps professionals can follow include: • Ensure that protected health information is kept out of sight. This could mean keeping it in separate locked files, covering or turning over any material on your desk, or setting your computer to “go blank” after a minute or two in case you walk away. • If you must discuss protected health information in a public area such as a waiting room, hospital hallway, or courtroom, make sure you speak quietly and others cannot overhear your conversation. If privacy cannot be assured, move to another area or schedule another time to discuss the information. • Use email carefully. Make sure you send the information only to the appropriate people. Watch the “CC” lines to make sure your email is not copied to unauthorized parties. Use passwords and other security measures on computers. • If you send a fax, don’t leave the material unattended. Make sure that all of the pages go through and check the fax numbers carefully to make sure the information is sent to the correct person. You should also add a disclaimer stating that the information in your fax is confidential. • Avoid using client names in hallways, elevators, restaurants, and other places, unless absolutely necessary. • Post signs and routine review standards to remind employees to protect client privacy. • Secure documents in locked offices and file cabinets. Note that there is another law, 42 CFR Part 2, which provides additional protections for clients receiving alcohol and drug treatment. Information is available at the Substance Abuse and Mental Health Services Agency (SAMHSA) web- site at https://www.samhsa.gov/about-us/who-we-are/laws- regulations/confidentiality-regulations-faqs. Although the SAMHSA (2019) webpage on this subject provides detailed legal information, some salient points are as follows:
• A client or patient who has signed a consent form allowing disclosure to multiple parties can revoke the consent to one or more of those parties. • A single consent form can allow information to be exchanged for different purposes, such as treatment and management, but the form must specify the type and amount of information that can be disclosed to each of the recipients and the information disclosed must be solely for the purpose at hand. • In the case of an immediate threat to the health and safety of the individual or the public, steps must be taken before information can be disclosed. These steps can include notification of medical personnel in the case of an emergency or notification of the police if a crime against program personnel or a crime on program property poses a threat to an individual. The information that can be disclosed is limited, however, to such facts as name, address, last known whereabouts, and status as a patient in the program. • The restrictions on disclosure do not apply in the case of child abuse or neglect, except that “restrictions continue to apply to the original alcohol or drug abuse patient records maintained by the program including their disclosure and use for civil or criminal proceedings which may arise out of the report of suspected child abuse and neglect [42 CFR § 2.12 (c)(6)].” • In certain circumstances, the Court can order a disclosure. Recently, Congress has attempted to override some of the confidentiality regulations in 42 CFR Part 2, with the introduction and reintroduction of the Overdose Prevention and Patient Safety Act. The purpose of this act, which was pro- posed in reaction to the opioid crisis, is to bring confidentiality requirements for substance abuse records closer in line with those for other medical records (Walden, 2019). According to the American Society of Anesthesiologists (2019), this act, if passed, would provide them with more information to help them to more safely treat patients. In 2009, President Barack Obama signed into law the Health Information and Technology for Economic and Clini- cal Health (HITECH) Act, as part of the American Recovery and Reinvestment (ARRA) Act. The goal of HITECH was to improve health care through the use of updated information technologies (Witten, 2018). This Act provided financial incen- tives that led to the wider use of electronic health records. The purpose of greater and more efficient use of electronic records was: • Empowerment of clients and patients • Better outcomes • Greater transparency and efficiency
42
EliteLearning.com/Psychology
Powered by FlippingBook