Skip to main content

Confidentiality of Health Information Policy

Confidentiality of Health Information Policy

Authority: 
Academic and Student Affairs
Date enacted or revised: 
Enacted June 2016

Purpose

The Confidentiality of Health Information Policy guides McNeese State University entities that deal with providing health care services that are considered “covered entities” under HIPAA.   The policy is a general guideline, and employees who work in areas that provide health care services and create records for health care purposes( must ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA).  The protection of a client’s private health information has been and will remain a paramount objective of McNeese State University.   McNeese employees, interns, or clinical/practicum students must sign the Health Care Information Confidentiality Form.
 
 
HIPAA Compliance
 
The Health Insurance Portability and Accountability Act of 1996 (PL 104-191), also known as HIPAA, is a Federal law with various sections relating to the delivery of health care.  As mandated by law, HIPAA established a federal framework for the protection of individually identifiable health information.  The privacy rule establishes standards to protect an individual’s medical records and other health information.  The privacy law, among other things, allows for more consumer control over health information, sets boundaries on medical record use and release, provides for safeguards to ensure security of personal health information, and provides for accountability for the use and release of medical records.
 
Employees at McNeese State University whose work involves the provision of health care or health care training shall be informed about and ensure the communication and compliance with this policy to employees and students.  It is expected that students in training with external health care providers will comply with the HIPAA law and the expectations of the health care agency.  In addition, all clients who receive health care provided by McNeese employees must be informed in writing of the rights afforded them by the HIPAA law.
 
Confidentiality of Health Information and Client’s Rights
 
Persons (hereafter referred to as “clients”) who receive health care services and for whom a health record is created by McNeese have certain rights regarding the health care information.   McNeese expects offices that provide health care inform clients of these rights and obtain the client’s signature regarding receipt of the information. A sample template for client signature is provided.
 
Right to Access Protected Information
Clients receiving health care or related services provided by McNeese entities or employees have the right to review or obtain copies of the information contained in their health related files, with some limited exceptions.   If a recipient of health care feels that any information McNeese maintains about them is incorrect or incomplete, the person may request the information be amended or corrected.   Requests for corrections for other than basic demographic information (for example, incorrect address), must be made in writing and must include the reason an amendment or correction is sought.  The request may be denied if, for example, the request asks for an amendment to information that McNeese or its employees did not create or if the request is to amend a record that we believe is already accurate and complete.   Written notification about the status of the request will be provided to the person making the request.
 
Right to Receive Confidential Information.
Health services recipients have the right to request that McNeese use a certain method of communicating with them (for example, by telephone only) or that McNeese sends confidential information only to a certain location (for example, only to the home).   McNeese employees will make every effort to comply with the request if it is reasonable and put in writing. 
 
Right to Expect Restrictions on the Use and Disclosure of Confidential Information
Confidential information will be disclosed only to individuals or agencies for which a client has given written permission.  A client’s information will not be disclosed to any unauthorized persons, including family and friends, unless the client or the client’s representative gives written permission for the disclosure.  The identity of individuals who request information will be verified.   Confidential information is not transmitted electronically (that is, by email).  If necessary to transmit information to others, all clinical services reports are mailed to the client and/or to individuals or facilities designated by the client. 
 
Right to Expect Confidentiality of Records That are Maintained by McNeese State University
 
Health services or clinical records are maintained in locked rooms and in locked file cabinets with access limited to authorized individuals.  Clinical records are not removed from the health service provider’s files or office.  Students-in-training have access only to the records of clients for whom they have been assigned to provide clinical services under the direct supervision of certified and licensed McNeese State University faculty or staff members.  Every effort is made to keep oral communication with or about a client’s health as private as circumstances allow (for example, no discussions are held in hallways or other public spaces).  Information about clients is not posted in the building (for example, clinical schedules, charts showing results of activities, etc.).
 
Right to Expect Confidentiality of Records That May be Used For Approved Research Purposes
 
As allowed by law, McNeese may use client information for research purposes when the research project has been approved by the McNeese State University Institutional Review Board who will have reviewed the research proposal and established protocols to ensure the privacy of client information.  No information that could identify a client in any way will be used in any research project. 
 
Right to Revoke Authorization
 
Clients have a right to revoke authorization in writing at any time for information to be released to certain individuals or agencies.
 
Right to Discuss the Use and Disclosure of Personal Information
 
If a client believes that his/her privacy rights have been violated, the client should discuss the issue with the supervisor or the assistant vice president for university services.  Questions may be directed to the Office of University Services, 337-475-5607.
 
Communication

This policy is communicated via the University Policy Page and campus digest.