Rule 82-3-1-.18 - ConfidentialityThe CSC and any associated CSC and/or Temp Obs functions shall:
1. Have records management policies, procedures and practices to manage and to protect the confidentiality and protected health information of individuals' records, to include electronic records;2. Have records management policies which support secure, organized records and shall be consistent with all applicable policies and procedures and federal and state laws and regulations;3. Ensure that the individual's rights regarding his or her own confidential and protected health information are protected, including but not limited to, access to protected health information, requesting amendment(s) to the clinical record, requesting restriction of disclosure, and requesting an accounting of disclosures that have been made;4. Have a Notice of Privacy Practices regarding confidentiality of the individual's protected health information, which Notice shall comply with the requirements of Health Insurance Portability and Accountability Act (HIPAA);5. Post the Notice of Privacy Practices at all times in the admissions area and in prominent locations where it is reasonable to expect individuals to be able to read the notice. Additional copies must be available for distribution upon request;6. Provide a copy of the Notice of Privacy Practices to the individual and his or her representatives, as defined by state law, upon the individual's admission;7. Have policies, procedures and practices that are compliant with the requirements of HIPAA regarding: a. Complaints regarding violation of confidentiality and privacy rights;b. Reports of breaches of HIPAA to the Department, and as required by law when applicable to the individual, to the United States Secretary of Health and Human Services, and to the media;c. Sanctions of employees for violations of HIPAA; andd. Identifying business associates, as defined by HIPAA, of the CSU and obtaining satisfactory assurances of the business associates' compliance with the requirements of HIPAA.8. Ensure the clinical record, information about an individual contained in incident reports and any documents that are not part of the clinical record, and all information about an individual whether oral or written, and regardless of how stored, is confidential;9. Not, unless authorized in writing by a valid authorization signed by the individual, or by applicable law:a. Confirm or deny whether an individual is receiving or has received services from the CSU; or b. Disclose any confidential or protected health information regarding the individual.Ga. Comp. R. & Regs. R. 82-3-1-.18
O.C.G.A. Secs. 37-1-29, 37-3-166, 37-7-166.
Original Rule entitled "Incident and Complaint Reporting and Investigation Procedures" adopted. F. Jun. 30, 2011; eff. July 20, 2011.Repealed: New Rule entitled "Confidentiality" adopted. F. Mar. 9, 2015; eff. Mar. 29, 2015.