Confidentiality of Health Information Policy
Authority: President
Date Enacted or Revised: Enacted June 2016; Revised April 14, 2022; August 1, 2024; July 7, 2025
Purpose
This policy guides McNeese State University entities that deal with providing healthcare services that are considered “covered entities” under the Health Insurance Portability and Accountability Act (HIPAA). The policy is a general guideline for employees who work in areas that provide healthcare services and create records for healthcare purposes. The protection of a client’s private health information is a paramount objective of McNeese State University. McNeese employees, interns, and clinical/practicum students whose work involves the provision of healthcare or healthcare training must review HIPPA regulations and sign a Healthcare Information Confidentiality Form.
HIPAA Compliance
The Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), also known as HIPAA, is a federal law relating to the delivery of healthcare. HIPAA provides a federal framework for the privacy and protection of individually identifiable medical records and other health information. The privacy law sets boundaries on medical record use and release, provides for safeguards to ensure security of personal health information, and provides for accountability for the use and release of medical records.
Employees in supervisory roles at McNeese State University whose work involves the provision of healthcare or healthcare training shall be informed about and ensure the communication of and compliance with this policy to employees and students. Students in training with external healthcare providers must comply with HIPAA and the expectations of the healthcare agency. All clients who receive healthcare provided by McNeese employees must be informed in writing of the rights afforded them by HIPAA.
Confidentiality of Health Information and Client’s Rights
Persons (hereafter referred to as “clients”) who receive healthcare services and for whom a health record is created by McNeese have certain rights regarding healthcare information. McNeese employees whose work involves the provision of healthcare or healthcare training must adopt routine procedures to inform clients of these rights and obtain the client’s signature regarding receipt of the information. Signed HIPPA documents must be retained in the client’s health record and available for review.
Right to Access Protected Information
Clients receiving healthcare or related services provided by McNeese entities or employees have the right to review or obtain copies of the information contained in their health-related files, with some limited exceptions. If a recipient of healthcare feels that any information McNeese maintains about them is incorrect or incomplete, the person may request the information be amended or corrected. Requests for corrections of information other than basic demographic information (e.g., incorrect address) must be made in writing and must include the reason an amendment or correction is sought. The request may be denied if, for example, the request asks for an amendment to information that McNeese or its employees did not create or if the request is to amend a record that is accurate and complete. Written notification about the status of the request will be provided to the person making the request and maintained in the person’s health record.
Right to Receive Confidential Information
Health services recipients have the right to request that McNeese use a certain method of communicating with them (e.g., by telephone only) or that McNeese send confidential information only to a certain location (e.g., only to the home). McNeese employees will make every effort to comply with the request if it is reasonable and put in writing.
Right to Expect Restrictions on the Use and Disclosure of Confidential Information
Confidential health information will be disclosed only to individuals or agencies for which a client has given written permission. A client’s information is not disclosed to any unauthorized persons, including family and friends, unless the client or the client’s representative gives written permission for the disclosure. The identity of individuals who request information will be verified. Confidential information is not transmitted electronically (i.e., by email). If necessary to transmit information to others, all clinical services reports are mailed to the client and/or to individuals or facilities designated by the mailing address provided by the client.
Right to Expect Confidentiality of Records Maintained by the University
Health services or clinical records are maintained in secured rooms and in locked file cabinets with access limited to authorized individuals. Clinical records are not removed from the health service provider’s files or office. Students-in-training have access only to the records of clients for whom they have been assigned to provide clinical services under the direct supervision of certified and licensed University faculty or staff members. Every effort is made to keep oral communication with or about a client’s health as private as circumstances allow (e.g., no discussions are held in hallways or other public spaces). Information about clients is not posted in the building (e.g., clinical schedules, charts showing results of activities, etc.).
Right to Expect Confidentiality of Records That May be Used for Approved Research Purposes
As allowed by law, McNeese may use client information for research purposes when the research project has been approved by the McNeese State University Human Subjects Institutional Review Board who will have reviewed the research proposal and established protocols to ensure the privacy of client information. No information that could identify a client in any way will be used in any research project.
Right to Revoke Authorization
Clients have a right to revoke authorization in writing at any time for information to be released to certain individuals or agencies.
Right to Discuss the Use and Disclosure of Personal Information
If a client believes that their privacy rights have been violated, the client should discuss the issue with the supervisor or the dean of support and advocacy. Questions may be directed to the Office of Student Services at (337) 475-5609.
Communication
This policy is distributed via the University Policies webpage.