Page 12 - Privacy_Program
P. 12
All Employees with DP101.11 Provide Notice to Participants (Data Subjects) About Their Rights. The
Access to PRPI organization will maintain a public document describing participant’s access
rights. A participant who is asked to provide Private or Confidential Data must
be given a Tennessen Warning at the time of the request. Also see DP100.4. A
sample Tennessen Warning document is attached to the end of this
document.
All Employees with Access DP101.12 Participant Authorization for Use and Disclosure of PRPI. Staff with access to
to PRPI PRPI will only use and disclose PRPI without obtaining participant authorization
as permitted in DP 130A ‐ AUTHORIZATION FOR USE OR DISCLOSURE OF PRPI
and as allowed in GESMN’s Privacy Policies, Data Security Policies and other
policies listed at the end of this policy. Note that with the exception of
Emergency Treatment, requests made by law enforcement to apprehend a
fugitive or identify a suspect, and certain disclosures required of staff who are
mandated reporters, participant Authorization is generally required. All other
requests for third party disclosures must be reviewed and approved by the
Director of Information Technology, Privacy and Data Security before a
disclosure is made without a written Authorization.
All Employees with DP101.13 The following General PHI Use and Disclosure Rules will apply:
Access to PRPI
DP101.13.a Prior to sharing any PRPI with third parties, including other providers, referral
or funding sources, accrediting agencies, and other third parties., a specific
authorization/release of participant information form will be obtained. Forms
expire one year from the date of participant’s signature.
When responding to outside requests for access to PRPI ,staff members are
responsible for ensuring that a signed authorization/release of participant
information has not expired and must limit information shared as provided in
the authorization form.
See also, S&P‐221‐007 – RELEASE OF INFORMATION.
All Employees with DP101.14 The following physical and technical safeguards for participant PRPI will apply:
Access to PRPI
DP101.14.a Current Hard copy files. At 553 Fairview, current participant files containing
PRPI will be maintained in locked file rooms, accessible by a card reader with
access limited to authorized users. At other off‐site S&P locations, current
participant files containing PRPI will be maintained in locked file rooms or file
cabinets. ARMHS and SSI Advocacy files will be maintained separately from
other participant records and must be managed according to DP102 –
PARTICIPANT PRIVACY HIPAA PHI SAFEGUARDS. Only staff members requiring
access to provide services or perform other assigned job duties requiring
access will be granted access.
DP101.14.b Archived Files. Archived participant records will be kept in a secured location
and access limited to authorized staff.
GES CONFIDENTIAL 12
