Page 80 - Privacy

Page 80 - Privacy_Program

P. 80

SECURE ACCESS TO MEDICAL RECORDS [DP170B]
Back to Table of Contents

Scope: Enterprise
Distribution: Executive Leadership Team; Director of Information Technology, Privacy and Data Security; All Employees with
Access to Protected Health Information (includes Contractors, temporary employees and Interns)
Purpose: To enable participants to review and correct their Protected Health Information that the organization stores.
External Regulation or Standard: 45 CFR § 164.502 ‐ Rights to request privacy protection for Protected Health Information; 45 C.F.R.
§164.526 ‐ amendment of Protected Health Information

Who is Statement Policy, Standard, or Procedure Statement
Responsible Number
Employees and Others DP170B.1 The organization will accommodate reasonable requests by participants to
with Access to Protected receive confidential communications of their Protected Health Information (PHI).
Health Information (PHI)
Employees and Others DP170B.2 The organization will not require participants to explain why they are requesting
with Access to PHI to review their PHI.
Employees and others DP170B.3 The organization will verify the identity of the participant making the request to a
with Access to PHI sufficient degree to ensure that only that individual's PHI is disclosed to that
individual.
Chief Services and DP170B.4 The organization may require participants to make a reasonable payment for
Programs Officer with reviewing their PHI to defray the associated costs.
Director of Information
Technology, Privacy and
Data Security
Employees and Others DP170B.5 The requested PHI will be delivered to the participant in a reasonably secure
with Access to PHI manner.
Employees and Others DP170B.6 The organization will appropriately document the request and delivery of the
with Access to PHI PHI.
Employees and others DP170B.7 If the identity and legal authority of an individual or entity requesting PHI cannot
with Access to PHI be verified, staff will refrain from disclosing the requested information and report
the case to the Director of Information Technology, Privacy and Data Security in
a timely manner.
Employees and Others DP170B.8 The organization will review a denial for access to PHI when requested by the
with Access to PHI, with participant, in the following situations:
their Manager and the
Director of Information
Technology, Privacy and
Data Security
DP170B.8a (a) professional staff having direct involvement with participant programming
(direct service staff) or manager, in the exercise of professional judgment, that
the access requested is reasonably likely to endanger the life or physical safety
of the individual or another person;

DP170B.8b (b) the PHI makes reference to another person (unless such other person is a
health care provider) and direct service staff has determined, in the exercise of
professional judgment, that the access requested is reasonably likely to cause
substantial harm to such other person; or

GES CONFIDENTIAL 76

75 76 77 78 79 80 81 82 83