Confidentiality of Health Information Policy

Authority: President
Date Enacted or Revised: Enacted June 2016; Revised April 14, 2022


This policy guides McNeese State University entities that deal with providing healthcare services that are considered “covered entities” under the Health Insurance Portability and Accountability Act (HIPAA). The policy is a general guideline, and employees who work in areas that provide healthcare services and create records for healthcare purposes must ensure compliance with HIPAA. The protection of a client’s private health information has been and will remain a paramount objective of McNeese State University. McNeese employees, interns, or clinical/practicum students must sign a Healthcare Information Confidentiality Form.

HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (PL 104-191), also known as HIPAA, is a federal law with various sections relating to the delivery of healthcare. As mandated by law, HIPAA established a federal framework for the protection of individually identifiable health information. The privacy rule establishes standards to protect an individual’s medical records and other health information. The privacy law, among other things, allows for more consumer control over health information, sets boundaries on medical record use and release, provides for safeguards to ensure security of personal health information, and provides for accountability for the use and release of medical records.

Employees at McNeese State University whose work involves the provision of healthcare or healthcare training shall be informed about and ensure the communication of and compliance with this policy to employees and students. It is expected that students in training with external healthcare providers will comply with HIPAA and the expectations of the healthcare agency. In addition, all clients who receive healthcare provided by McNeese employees must be informed in writing of the rights afforded them by HIPAA.

Confidentiality of Health Information and Client’s Rights

Persons (hereafter referred to as “clients”) who receive healthcare services and for whom a health record is created by McNeese have certain rights regarding the healthcare information. McNeese expects offices that provide healthcare to inform clients of these rights and obtain the client’s signature regarding receipt of the information.

Right to Access Protected Information

Clients receiving healthcare or related services provided by McNeese entities or employees have the right to review or obtain copies of the information contained in their health-related files, with some limited exceptions. If a recipient of healthcare feels that any information McNeese maintains about them is incorrect or incomplete, the person may request the information be amended or corrected. Requests for corrections of information other than basic demographic information (e.g., incorrect address) must be made in writing and must include the reason an amendment or correction is sought. The request may be denied if, for example, the request asks for an amendment to information that McNeese or its employees did not create or if the request is to amend a record that we believe is already accurate and complete. Written notification about the status of the request will be provided to the person making the request.

Right to Receive Confidential Information

Health services recipients have the right to request that McNeese use a certain method of communicating with them (e.g., by telephone only) or that McNeese send confidential information only to a certain location (e.g., only to the home). McNeese employees will make every effort to comply with the request if it is reasonable and put in writing.

Right to Expect Restrictions on the Use and Disclosure of Confidential Information

Confidential information will be disclosed only to individuals or agencies for which a client has given written permission. A client’s information will not be disclosed to any unauthorized persons, including family and friends, unless the client or the client’s representative gives written permission for the disclosure. The identity of individuals who request information will be verified. Confidential information is not transmitted electronically (i.e., by email). If necessary to transmit information to others, all clinical services reports are mailed to the client and/or to individuals or facilities designated by the client.

Right to Expect Confidentiality of Records Maintained by the University

Health services or clinical records are maintained in locked rooms and in locked file cabinets with access limited to authorized individuals. Clinical records are not removed from the health service provider’s files or office. Students-in-training have access only to the records of clients for whom they have been assigned to provide clinical services under the direct supervision of certified and licensed University faculty or staff members. Every effort is made to keep oral communication with or about a client’s health as private as circumstances allow (e.g., no discussions are held in hallways or other public spaces). Information about clients is not posted in the building (e.g., clinical schedules, charts showing results of activities, etc.).

Right to Expect Confidentiality of Records That May be Used for Approved Research Purposes

As allowed by law, McNeese may use client information for research purposes when the research project has been approved by the McNeese State University Institutional Review Board who will have reviewed the research proposal and established protocols to ensure the privacy of client information. No information that could identify a client in any way will be used in any research project.

Right to Revoke Authorization

Clients have a right to revoke authorization in writing at any time for information to be released to certain individuals or agencies.

Right to Discuss the Use and Disclosure of Personal Information

If a client believes that their privacy rights have been violated, the client should discuss the issue with the supervisor or the dean of student services. Questions may be directed to the Office of Student Services, (337) 475-5609.


This policy is communicated via the University Policies webpage.