{ "Description": "Domain ownership verification file for Microsoft 365 - place in the website root", "Domain": "lakehhc.com", "Id": "37deb9bb-96ce-4a39-980d-a479c61320a5" }
top of page

HIPAA & Patient Confidentiality

All information related to provision of home care for specific patient is treated confidential, including home care records. The Administrator is responsible for ensuring that the confidentiality and privacy policies and procedures are adopted and followed. At all times the Agency and staff will comply with the current regulations for the Health Information Portability and Accountability Act (HIPAA) for protected health information (PHI).

1.Lakeland Home Healthcare complies with applicable HIPAA rules and regulations.

2. Staff will treat any information obtained from patients, caregivers, physicians and other sources in a confidential manner.

 

3. Discussions of clinical information regarding patients will be limited to information essential to the provision of care and services to the patient.

 

4. All requests for specific patient information, other than that related to provision of services, are to be directed to the Director of Clinical Services.  Only the Administrator or Director of Clinical Services is authorized to release protected health information.

 

5. When patients are mentioned in memos, minutes, QAPI reports, etc., they will be referred to by patient ID numbers.

 

6. If a patient’s information is to be published, the patient will be identified by initials or a pseudonym unless he/she specified otherwise.

 

7. Discussion of patient information in a public place is prohibited. If a public phone or patient’s home phone must be used, care is taken to assure privacy. Never discuss the care of one patient with another.

 

8. All written patient information is stored in the patient’s medical record. Charts are not removed from the office unless specific reason has been identified and approved.

 

9. Home care records will not be left in unattended areas in the office, e.g., the reception area. All home care records will be kept stored in metal file cabinets to minimize the possibility of damage from fire and water. Charts will be protected against unauthorized corruption, damage and/or intrusion.

 

10. Persons who are not employees of the Agency do not have access to office after normal business hours, e.g., cleaning service. However, all home care records will be maintained in metal locked file cabinets or locked file room after normal business hours to decrease the likelihood of accessibility by such persons.

 

11. All staff will be educated during orientation regarding security measures with home care records. Such education will include: avoidance of charting in public places, not keeping record copies in car trunks overnight, not taking copies of one patient’s record into another patient’s home and returning records to file cabinets when finished.

 

12. Staff may copy any portions of the home care record for use in performing home visits. All staff is responsible for taking security measures to safeguard and protect all copies of home care records in their possession. When a home care staff member is no longer seeing a patient, the staff member is responsible for returning the copies of the home care record immediately to the office for disposal and/or destruction by the Agency.

 

13. Patients may access their record in accordance with HIPAA policies. At time of admission, each patient will receive a copy of the Agency’s HIPAA Privacy Notice and an explanation of privacy rights.

 

14. The Agency maintains the confidentiality of OASIS data while it is being used for patient care and may not release it without the consent of the patient for any reason other than for what it is intended, which is to appropriately deliver patient care.

 

15. If the Agency contracts with a vendor for transmission of its OASIS data, a written agreement addressing the confidentiality of that data must be in place. Violations of data confidentiality by an entity contracted by the Agency are still the responsibility of the Agency and would constitute condition-level non-compliance. Therefore, the Agency is ultimately responsible for compliance with the confidentiality requirements and is the responsible party if the contractor does not meet the requirements.

 

16. For privacy and security reasons, communication of OASIS information (from branch to branch, branch to parent, parent to vendor, etc.) must be done in accordance with CMS policies on the communication of patient-identifiable information. Agencies must have processes in place to assure that access to and transfer and delivery of OASIS information is limited to only authorized personnel.

 

17.The other step in assuring confidentiality of the OASIS data is at the Federal level and involves the Federal Privacy Act of 1974. Coverage under the Federal Privacy Act begins when the data reaches the State agency. The Privacy Act requires that policies and procedures related to the collection of information be made available to the public describing the reasons for collecting OASIS data, what will be done with it and who will have access to it in an identifiable format. The Privacy Act puts into place certain processes that protect patient identifiable data from authorized use and disclosure. Provisions of the Privacy Act as they relate to the collection of OASIS data are described in detail on the OASIS Statement of Patient Rights.

bottom of page