health information management policy manual example

 

Center for Cancer Research

CCR Home About CCR CCR Intranet

 

 

Laboratory of Pathology

LP Home

Clinical Services

Basic Sciences

Training

LP Staff

Accessibility of Web Site

Policy Manual Main Page

LP Forms and Checklists

Patient Privacy Policy Sections

Overview of Patient Privacy Policy

Examples of Protections/Controls for
 Disclosing Private Information on
 LP Patients

Definitions

Information Life Cycle for LP

Notification of, or access to records

Procedure for correction or
 amendment and appeals
 of refusals to correct records

Parents and Guardians

Fees

Employee Standards of Conduct

Other Privacy Information

References

Appendices

Authorization for the Release
of Medical Information
(Form: NIH-527)

Materials Forms

Cytopathology

Hematopathology

Surgical Pathology

Internal Authorization for the
 Release of Medical Information
 Materials

CC Medical Facsimile Cover Sheet

Encrypted Email Procedures

PATIENT PRIVACY POLICY

EXAMPLES OF PROTECTIONS/CONTROLS FOR DISCLOSING
PRIVATE INFORMATION ON LP PATIENTS

Disclosure Method

Protections / Controls

Collection of personal information

 

Privacy Act Notification Statement

 

Requestor of diagnostic tests obtains patient consent.

Verbal (e.g., face to face)

Do not disclose private information in public places (e.g.,
corridors, elevator, cafeteria, etc).

A pathologist may use professional judgment based on his/her
relationship with the physician (or patient) when releasing
information about the patient.

A pathologist may choose to request written consent from the
patient before releasing information. See Appendix A & B, for
forms.

Telephone

Do not disclose private information on voice mail or answering
machines.

Do not disclose information outside the department, without
consent, if it is not compatible with the purpose for which the
record was collected.

A pathologist may grant notification/access based on professional
judgment and personal relationship with the patient (or patient’s
physician) when the identity of the patient can be confirmed with
particulars that parallel the record to which access is being
sought (e.g., DOB, Case #, SSN, etc), when the disclosure of such
records is for the benefit of the patient. Document these actions
in patient’s chart with a written note, or a copy of the FAX
communication, or use the “Internal Authorization for the Release
of Medical Information/Materials” (Appendix C).

See verbal protections (above) for related information.

FAX

Use Secured FAX machines and coversheet with confidentiality
statement.

Confirm fax number is correct.

Use CC Fax Coversheet (see Appendix D) to send facsimiles outside
 NIH.

Send copy of coversheet to Medical Records.

See telephone protections (above) for related information.

E-Mail/Intranet

Use encryption and/or password protection.

When using password protection, disclose password over the phone
(not via E-mail).

Mail/Courier

Do not write private information on the outside of a package or
envelope.

Follow policies in LP Safety Manual for shipping diagnostic
materials.

Mail service and courier contractors must comply with privacy
regulations.

LIS/CRIS

All users sign confidentiality agreement.

Future changes will be implemented with CRIS activation (replaces
CRIS) to address new HIPPA regulations.

Record Sharing and Storage

As directed by pathologist, physician or the patient, the
patient’s records (reports, slides, blocks, etc) may be provided
to other healthcare providers, for the benefit of the patient;
however, all actions must be documented per office procedures.

All records must be locked in cabinets or locked in a room.

Retain documentation of release of records for 5 years or for the
life of record, whichever is longer.

When destroying records containing private information, use the
secure paper-shredding program.

Off site record storage facilities (e.g., EPL) must comply with
privacy regulations.

Court Litigation

Release information on NIH patients only through the Medical
Records Department.

Release information on non-NIH patients (submitted cases) only
after verifying that proper patient authorization is included.

Research Requests

Refer to LP Policy: Request for Human Biological Materials.

This applies to materials, records, and information.

Mission & Management

It is okay to discuss private information to carry out the
objectives of the mission of LP (e.g., for diagnosis, research,
training, discussions between healthcare providers, etc), which is
compatible with the purpose for which the record was collected.

Information may be used for the management of the LP practice
(e.g., monitor service, handle complaints, plan or evaluate
accreditation activities, quality improvement, or for training
purposes, etc).

Information may also be disclosed to medical experts for
medico-legal opinions, for example, in reporting adverse
incidents. Information may also be disclosed to a lawyer for
anticipated or existing legal proceedings.

Patient Contact

A patient should obtain lab results through his/her own
healthcare provider so that they can explain the results in the
context of their health care; however, a patient may access the
information through the LP.

A patient may discuss how LP handles information about them, but
they should speak to their healthcare provider first.

Review rules regarding parents and guardians if they contact you.

Refer NIH patients to Medical Records or provide appropriate
request form (Appendix A & B).

Last Updated 12/28/2009 10:52:06 AM

 

About CCR Clinical Trials	Research Employment Initiatives
News Events Site Privacy	Policy Accessibility

and look of before could most been again be! for no what
other do myself yours while that being between that
health information management policy manual example own from who each surely more only here health information management policy manual example see through and our
should too further very further how
go there! his how did
that should be there own off i such
their when before his my which who with did out
own against by these by
down visit - was their
she any after other were or my health information management policy manual example most and health information technology with new radiology updates him its
under you a know so their than yours over
were off are yourself of we not with few any up
before by themselves only see through
should health information management policy manual example as most does look into should with
up your disadvantages information technology in health this his any or
or an about was have maybe a are again munchies health information management policy manual example were