2. Our clients have the right to
receive services confidentially.
Only if we keep their care
confidential, can we serve them
to the best of our ability.
•Obtaining correct, coherent, legal authorization shows
you respect clients and their right to privacy.
•We are all held legally responsible if we ignore HIPAA
and confidentiality requirements.
Next
3. Talking about a client
without permission
(a release) destroys
the trusting
relationship you’ve
built.
Next
4. We must have a valid release of information to talk to
anyone besides the client’s legal guardian.
A valid release:
Must be filled out completely!
Must be specific as to information obtained or
disclosed
Must have specifics regarding organization or entity
receiving/obtaining information
Must have expiration dates
Must be signed by client (12 and over,) guardian, and
witness
Next
5. If ROIs are not specific or filled out correctly, this
leaves the door open for any and all information to be
transferred without the client’s knowledge or consent.
Make sure the client and guardian are aware of what
information being transferred and that they
understand the implications and what it means.
Directions are on the back of the ROI.
NEVER have anyone sign a blank
or incomplete release!
Next
6. Client files must be kept locked in filing cabinets
when not being supervised by staff
Do not leave paperwork, notes,
sticky notes, etc. with client info
lying out where visitors and other
clients can view
Original files may never leave the building
Billings and paperwork (including copies for court,
etc.) that are taken home must be locked in the
trunk of the car (locked and out of sight)
Ellen Example:
555-4123
Tuesday
2pm
Next
7. YOU MUST SHRED ANY
AND ALL DOCUMENTS
THAT CONTAIN CLIENT
INFORMATION! DO NOT
THROW THEM IN THE
GARBAGE
CAN/WASTEBASKET!!!!
Next
8. Do not include a client’s name or information in
another client’s paperwork
Conversations regarding clients should not be
conducted where others outside of the direct
treatment team can hear
Emails and other communication should include
client’s initials-not their full name
Be very careful when checking voice
mail or work emails at home or from
a smart phone
Next
9. Electronic devices (e.g. computers,
thumb drives) with client info must
be password protected
Office computers should be logged
off/locked when not in use or in
direct sight
Treatment plans, when not in
immediate use, must be kept locked
in the client’s file. They cannot be
left in/on desks or in bags.
Next
10. If you find that information about a client has been
released without proper authorization, you MUST
REPORT THE BREACH TO THE DIRECTOR OF
QUALITY IMPROVEMENT, and your supervisor.
Although it can be hard to admit
it when we slip up, our agency
is legally required to track all
confidentiality breaches.
Next
11. What would you think if your child’s
doctor did not keep medical files
private? Would you feel comfortable
talking about your health concerns
with her?
Imagine if you overheard your
therapist talking about another
client. Do you think he also talks
about you where other people can
hear?
Next
12. When a family needs help from
an agency like Children’s Home,
they are at their most
vulnerable.
How do you want to be treated at
times like this in your life?
Next
13. Please refer to the Employee Handbook
for more information.
MUST COMPLETE:
HIPAA/Confidentiality
Training Form Below
Editor's Notes
HIPAA and Confidentiality
Confidentiality means that we don’t share any information about our clients without their permission.
Confidentiality is extremely important to the work we do at Children’s Home.
Our clients deserve to be treated confidentially. They have a right to decide who knows about their treatment. This right is protected by federal law, and we are all responsible to comply.
Most importantly, when we betray the trust of the children and families we serve by sharing their information illegally, we destroy the therapeutic relationship that’s crucial to treatment.
Without this trust, our clients won’t be able to engage in services with us, and may have difficulty working with any service provider in the future.
The only way we can talk about a client with someone outside the CHAIL treatment team who is not the client’s guardian is if we have a current, valid release of information.
Be especially careful to establish guardianship of the client. Ask about non-custodial parents, parents’ paramours, grandparents, and other adults in the home.
A release of information must be filled out completely and accurately for it to be valid. Make sure that the release is perfect before the guardian signs it. You cannot make any changes to the release after it is signed. You will have to create a new release and have it signed again if you need to make corrections.
A release of information must be specific. Write the release to only release the minimum necessary information to help the client in his or her treatment.
Directions are on the back of the release.
You are responsible to make sure clients and their guardians understand what they are signing. Review and explain the release before asking the guardian to sign.
Never have anyone sign a blank or incomplete release; it is unethical and illegal.
Client files, paperwork, or other pieces of paper with client information must be out of sight and locked.
Never walk away from client documents when they are out of the filing cabinet and in use.
Case lists, appointments, and any other unlocked documents must use initials or identifying numbers instead of names.
Shred all papers that do not go into the client files that have identifying client information.
We must be very careful in how we communicate client information to other treatment team members. Supervision and treatment team meetings must occur in private rooms with the door closed.
Conduct phone calls regarding clients in a private location when possible. When this is not possible, avoid using the client’s name, use initials, or use only first names.
As technology continues to change, consider how to protect our clients and their information on new devices and in new ways. Be careful when checking work emails, texts, and voicemail on cell phones. If any client data could be found without a password, password protect your phone or computer.
Get into the habit of asking yourself if client information is protected from intentional or unintentional exposure. Pass protect computer logins by person, as well as thumb drives. Lock filing cabinets and offices when they are not in your line of sight. Be aware of and vigilant about confidentiality risks.
Every Children’s Home employee is required to report any breach of confidentiality to the QI Director and the employee’s supervisor.
Think about how HIPAA and Confidentiality affect you.
If you found out that your child’s pediatrician gossiped important information about your child, would you keep seeing that doctor?
If you heard your therapist talking about his other clients, do you trust that he doesn’t talk about you?
When a child, adolescent, adult, or family need help from an agency like Children’s Home, they are at their most vulnerable. They’ve exposed their most private difficulties and needs, and asked us for help.
How would you want to be treated at times like this in your life?