Joint Commission defines confidentiality policy
Joint Commission defines confidentiality policy
If you’re wondering what the Joint Commission on Accreditation of Healthcare Organizations says about medical records confidentiality, turn to the chapter "Management of Information" in the 1997-98 Comprehensive Accreditation Manual for Home Care." (For tips on reducing confidentiality leaks, see p. 123.)
The applicable standard is IM.2 and it states: "Confidentiality, security, and integrity of data and information are maintained. (Data and information include the home care record.)"
According to the standard, the agency should have a policy on confidentiality of records and release of information. The agency should determine the level of security and confidentiality needed for different categories of data and information and should grant access to each category of information based on need and defined by job title and function.
An effective policy identifies:
- who has access to information;
- what information an individual has access to;
- what obligation the user has to keep information confidential;
- when release of health information is permitted;
- who is allowed to make entries into the home care record.
The standard says that according to a written agency policy, data and information may be removed from the organization’s jurisdiction only with a court order or subpoena or according to law and regulation.
Measures for securing data and information include:
- placing records only in attended areas that are accessible only to authorized individuals;
- securing the confidentiality of data and information after normal business hours and when nonemployees have access to the premises;
- developing and implementing guidelines on copying records that include:
which portions of records may be copied and for what purposes;
how staff are accountable for protecting copies of home care records;
- educating staff on how to prevent unauthorized disclosure of home care record information.
For patients with extraordinary or sensitive information (a mental health patient or an AIDS patient, for example), the agency should have a policy that states that home care record information may not be faxed. To preserve the patient’s privacy, all sensitive medical information should be stored in a yellow folder at the back of the home care record so it can be identified. This folder is pulled from the chart when personnel need the chart for billing purposes.
For other patients, staff should follow the agency’s policies and procedures for confidentiality and protection of patient information when:
- transporting and using patient information from a field chart in the home setting;
- obtaining a release of information;
- using and destroying a travel record;
- using patient data on reports to be shared with others inside and outside the organization.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.