This then would include faxes, email, online databases, voicemail, and video recordings, as well as conversations among practitioners. Examples of identifiable health information include: ● Name or address – including city, state, and zip code. ● Social Security number. ● Dates related to birth, death, admission, discharge. ● Telephone and fax numbers. ● Email or URL addresses. ● Medical record numbers, account numbers, health plan beneficiary numbers. ● Vehicle identifiers such as drivers license numbers and license plate numbers. ● Full-face photographs distributed by the agency. ● Any other unique identifier, code, or characteristic used to identify clients that is protected under HIPAA. In addition to reasonable safeguards, covered entities are required to develop and implement policies and procedures that limit the sharing of protected health information and to implement them as appropriate for their practices. The policies must limit who has access to protected health information and specify the conditions under which it can be accessed and designate someone to be responsible for ensuring that procedures are followed (Privacy Officer). It may seem that the law serves only to place limits on the sharing of information. However, it does allow the sharing of protected health information as long the mental health worker takes reasonable precautions with the information. Some steps professionals can follow include: ● Ensure that protected health information is kept out of sight. This could mean keeping it in separate locked files, covering or turning over any material on your desk, or setting your computer to “go blank” after a minute or two in case you walk away. ● If you must discuss protected health information in a public area such as a waiting room, hospital hallway, or courtroom, make sure you speak quietly and others cannot overhear your conversation. If privacy cannot be assured, move to another area or schedule another time to discuss the information. ● Use email carefully. Make sure you send the information only to the appropriate people. Watch the “CC” lines to make sure your email is not copied to unauthorized parties. Use passwords and other security measures on computers. ● If you send a fax, don’t leave the material unattended. Make sure that all of the pages go through and check the fax numbers carefully to make sure the information is sent to the correct person. You should also add a disclaimer stating that the information in your fax is confidential. ● Avoid using client names in hallways, elevators, restaurants, etc., unless absolutely necessary. ● Post signs and routine review standards to remind employees to protect client privacy. ● Secure documents in locked offices and file cabinets. Note that there is another law, 42 CFR Part 2, which provides additional protections for clients receiving alcohol and drug treatment. Information is available at the Substance Abuse and Mental Health Services Agency (SAMHSA) website at https:// www.samhsa.gov/about-us/who-we- are/laws-regulations/ confidentiality-regulations-faqs This law applies to any program that engages in substance abuse education, treatment, or prevention and is regulated by or receives assistance from the federal government (Kunkel, 2012).
Although the SAMHSA (2019) Web page on this subject provides detailed legal information, some salient points are as follows: ● A client or patient who has signed a consent form allowing disclosure to multiple parties can revoke the consent to one or more of those parties. ● A single consent form can allow information to be exchanged for different purposes, such as treatment and management, but the form must specify the type and amount of information that can be disclosed to each of the recipients and the information disclosed must be solely for the purpose at hand. ● In the case of an immediate threat to the health and safety of the individual or the public, steps must be taken before information can be disclosed. These steps can include notification of medical personnel in the case of an emergency or notification of the police if a crime against program personnel or a crime on program property poses a threat to an individual. The information that can be disclosed is limited, however, to such facts as name, address, last known whereabouts, and status as a patient in the program. ● The restrictions on disclosure do not apply in the case of child abuse or neglect, except that “restrictions continue to apply to the original alcohol or drug abuse patient records maintained by the program including their disclosure and use for civil or criminal proceedings which may arise out of the report of suspected child abuse and neglect [42 CFR 2.12 (c) (6)].” ● In certain circumstances, the Court can order a disclosure. Recently, Congress has attempted to override some of the confidentiality regulations in 42 CFR Part 2, with the introduction and reintroduction of the Overdose Prevention and Patient Safety Act. The purpose of this Act, which was proposed in reaction to the opioid crisis, is to bring confidentiality requirements for substance abuse records closer in line with those for other medical records (Walden, 2019). According to the American Society of Anesthesiologists (2019), this Act, if passed, would provide them with more information to help them to more safely treat patients. In 2009, President Barack Obama signed into law the Health Information and Technology for Economic and Clinical Health (HITECH) Act, as part of the American Recovery and Reinvestment (ARRA) Act. The goal of HITECH was to improve health care through the use of updated information technologies (Witten, 2018). This Act provided financial incentives that led to the wider use of electronic health records. The purpose of greater and more efficient use of electronic records was: ● Empowerment of clients and patients. ● Better outcomes. The HITECH Act also added strength to the HIPAA Privacy and Security Rules (HIPAA Journal, 2018), clearing up confusion about protecting health information. Some ways that HITECH strengthened HIPAA included making business associates of HIPAA-covered entities accountable for HIPAA violations, increasing the penalties for HIPAA violations, and enabling clients or patients to obtain their own health records. This Act also required that clients and patients be notified if their health information was exposed in a security breach. Although the HITECH Act does not offer incentives to behavioral health professionals, it represents the future of healthcare privacy regulations, and some states are already expecting all providers to switch to electronic record keeping (Boyd, 2020). ● Greater transparency and efficiency. ● Improvements in population health. ● Acquisition of data on health systems.
SUPERVISION AND CONSULTATION
Mental health supervision and management generally include three primary aspects of the supervisory role: 1. Administration. 2. Support.
3. Education. (Kadushin & Harkness, 2014)
While the supervisor of mental health work is forced to be increasingly involved in the administrative and political realm,
EliteLearning.com/Social-Work
Book Code: SWTX1524
Page 44
Powered by FlippingBook