Page 43 - Privacy_Program
P. 43

SECURE ACCESS TO PARTICIPANT RECORDS – NON‐MEDICAL [DP170A]
        Back to Table of Contents


        Scope:
        Enterprise
        Distribution: Executive Leadership Team; Director of Information Technology, Privacy and Data Security; All Employees with
        Access to Privacy‐Restricted Participant Information (includes Contractors, temporary employees and Interns)
        Purpose:  To  enable  participants  to  review  and  correct  their  Privacy  Restricted  Participant  Information  (PRPI)  stored  by
        organization. External Regulation or Standard: Minn. Stat. 13.04 subd. 3 – Access to Data by Individual; and Minn. Stat. 13.04
        subd. 4 – Procedure When Data is Not Accurate or Complete.


         Who is                Statement     Policy, Standard, or Procedure Statement
         Responsible            Number
         Employees with         DP170A.1    The organization will accommodate reasonable requests by participants to
         Access to PRPI                     receive confidential communications of their Privacy Restricted Participant
                                            Information (PRPI).


         Employees with         DP170A.2    The organization will not require participants to explain why they are requesting
                                            to review their PRPI.
         Access to PRPI
         Employees with         DP170A.3    The organization will verify the identity of the participant making the request to a
         Access to PRPI                     sufficient degree to ensure that only that individual's PRPI is disclosed to that
                                            individual.

                                DP170A.4    The organization may require participants to make a reasonable payment for
         Director of Finance
                                            reviewing their PRPI to defray the associated costs.
         with Director of
         Information
         Technology,
         Privacy and Data
         Security

         Employees with         DP170A.5    The requested PRPI will be delivered to the participant in a reasonably secure
         Access to PRPI                     manner.

                                DP170A.6    The organization will appropriately document the request and delivery of the
         Employees with
                                            PRPI.
         Access to PRPI
         Employees with         DP170A.7    If the identity and legal authority of an individual or entity requesting PRPI
         Access to PRPI                     cannot be verified, staff will refrain from disclosing the requested information
                                            and report the case to the Director of Information Technology, Privacy and
                                            Data Security in a timely manner.

         Employees with         DP170A.8    The organization will review a denial for access to PRPI when requested by the
         Managers and                       participant, in the following situations:
         Director of
         Information
         Technology, Privacy
         and Data Security
                               DP170A.8a    (a)  professional staff having direct involvement with participant programming
                                            (direct service staff) or manager, in the exercise of professional judgment, that
                                            the access requested is reasonably likely to endanger the life or physical safety
                                            of the individual or another person;




         GES CONFIDENTIAL                                                                                    37
   38   39   40   41   42   43   44   45   46   47   48