VNSNY CORPORATE
POLICY
TITLE:
Confidentiality of Patient Information
APPLIES TO:
All VNSNY Entities
PREPARED BY: Quality Management Services
PURPOSE:
To ensure the confidentiality of all patient information is maintained.
To comply with all State and Federal laws and regulatory requirements, including
the laws specific to care of the patients with HIV/AIDS, care of minors, substance
and alcohol abuse, Civil Practice, Health Insurance Portability and Accountability
Act of 1996 (HIPAA), Medicare Conditions of Participation for Home Health Care
and Hospice and Standards of the Community Health Accreditation Program
(CHAP).
To ensure that all persons hired by or providing services on behalf of the agency
both understand and agree to comply with rules and regulations governing the
protection of patient information and guidelines for disclosure of patient
information.
To ensure confidentiality and security of all OASIS information during collection,
data entry and transmission processes for Affiliates covered by the Outcome and
Assessment Information Set (OASIS) requirements.
To ensure that all patient rights regarding confidentiality of patient information are
honored.
POLICY:
1. All patient information, including Protected Health Information is
considered confidential and will be held in strict confidence by agency
personnel.
2. No information about the patient/family/caregiver which might identify
the patient will be released by a member of the agency without the
informed consent of that patient or his/her representative, unless
Confidentiality of Patient Information
1 of 3
otherwise required to provide care to the patient or required by court
order, federal, state or monitoring agencies or other use or disclosure
identified in the VNSNY Notice of Privacy Practices.
3. Patients will be required to sign a Consent/Acknowledgment Form at
the time of admission to VNSNY or any of its affiliates that authorizes
disclosure of information for defined purposes as permitted by law and
regulation. In addition, if release of information to a third-party is
requested, release of HIV-related information or release of information
where the care of a minor and/or drug and alcohol abuse are involved,
additional signed (HIPAA-compliant) authorization(s) will be required.
4. Only personnel with the need to access, use or disclose protected
health information as part of their job responsibilities or who are
involved in the care or supervision of care of specific patients will have
access to patient information.
5. Patient information will be kept secure and will only be discussed in the
clinical setting or in locations where confidentiality can be maintained.
6. It is standard, acceptable and necessary practice to share information
with other members of the patient care team for the purposes of
providing care and treatment, obtaining payment for services provided
or carrying out health care operations.
7. Patient privacy rights related to the collection of Outcome and
Assessment Information Set (OASIS) will be honored, as applicable to
VNSNY affiliates that collect OASIS data. Confidentiality will be
maintained during use and transmission of OASIS data.
8. Patients have the right to confidentiality, privacy and security of their
health information and medical record.
9. All staff of VNSNY will be informed and educated about patient
confidentiality, protection of protected health information, and
appropriate disclosure procedures. In addition, the employee will be
required to sign a form acknowledging their agreement to abide with
the VNSNY Confidentiality Policy and Code of Conduct.
10. Failure by a VNSNY employee to comply with the confidentiality policy
or department-specific procedures issued by a VNSNY Affiliate
pursuant to this policy, may result in disciplinary action up to and
including discharge.
11. VNSNY will also obtain adequate written protection, either through
contract or certification, that non-affiliated entities with which VNSNY
Confidentiality of Patient Information
2 of 3
conducts business will safeguard the privacy of individuals’ Protected
Health Information in keeping with all legal and regulatory
requirements.
REFERENCES:
Community Health Accreditation Program (2004). Core Standards of Excellence.
New York: the author.
Centers for Medicare & Medicaid Services, Department of Health and Human
Services (2003). Conditions of Participation, Chapter IV, Part 484 – Home Health
Services. Baltimore MD:
http://www.access.gpo.gov/nara/cfr/waisidx_01/42cfr484_01.html
New York State Department of Health (2003). Title 10 – Rules and Regulations
New York State Department of Health: Article 7 – Certified Home Health
Agencies. Albany NY:
STANDARDS: Medicare Condition of Participation: 484.10(d), 484.48(b)
 NYS Patient Rights, 7NYCR, Part 760 (763.2)
 NYS Aids Confidentiality Law, 10NYCR, Part 63
 NYS Civil Practice Law & Rules, Section 4504(a)(6)
 Standards for Privacy of Individually Identifiable Health Information, 45
CFR, Parts 160 and 164
 CHAP CII.5a
CONFIDENTIALITY AGREEMENT FORMS:
CONFIDENTIALITY, NON-DISCLOSURE AND NON-SOLICITATION AGREEMENT
VNSNY Confidentiality Statement-students and non-employees
HIPAA-COMPLIANT RELEASE FORM:
AUTHORIZATION TO DISCLOSE OR RELEASE PROTECTED HEALTH
INFORMATION
ALSO SEE:
Policy: Privacy and Security of Protected Information
Procedure: Privacy and Security of Protected Information
Confidentiality of Patient Information
3 of 3