Confidentiality Policy


Confidentiality In Patient Care

Policy & Procedure III.10   

The client has their right to expect that all aspects of care will be treated as confidential.

  • Licensed Practical Nurses, Registered Nurses, Nurse
    Practitioners and physicians giving direct care may read,
    write and/or electronically 
    produce data on the client’s
    electronic medical record or paper record.
  • Privacy is established for clients when examining, interviewing,
    or sharing information by closing the door.
  • Verbalization of client’s information is not shared with those not
    participating in the client’s care unless the patient has given written or verbal consent.
  • Discretion is used in the exchange of client information on the telephone. Clients
    must use identifiers, such as, name, ID #, and date of birth (DOB) to enable staff
    to share sensitive information over the telephone.
  • Discretion is used to maintain confidentiality during meetings, at other clinic locations
    and events. 

Confidentiality of Patient Medical Records in Compliance with HIPAA

Policy & Procedure IV.3

  • Confidential information in the medical record is considered privileged information and cannot be released without the client’s written authorization. Confidentiality is to be broken only if the patient poses a danger to self or to others. Confidential information is considered to be all diagnostic and clinical data.
  • The guarantee of confidentiality in a privileged relationship helps assure that the client will not withhold information critical to their care.
  • Those employees with access to medical information shall respect the doctrine of confidentiality and not divulge any information contained in the medical record unless they are authorized to do so by the client.
  • The release of information requires the client’s written authorization.
Authorization is REQUIRED for the release of information to:
  1. Physicians and nurse practitioners not on Student Health Clinic staff who are not at that moment treating the client
  2. Attorneys
  3. Insurance Companies
  4. Law enforcement agencies – without client consent, a court order or a search warrant is needed
  5. Schools
  6. Immigration and Naturalization Services
  7. Employers
  8. Welfare Agencies
  9. Social Security Administration
  10. Veterans Administration
  11. Internal Revenue Service
  12. Civil Service Department
  13. Courts without a Subpoena Duces Tecum
Authorization is NOT REQUIRED for release of information to:
  1. Another health care facility via telephone (after verification) when the information is needed for DIRECT EMERGENCY CARE of the client.
  2. Another physician or health care facility that is at that moment treating the client (after verification, ask that they send a valid authorization as soon as possible).
  3. State and local health departments and/or other agencies listed below (inform client in advance, if possible, that certain diseases may be reportable):
    i. Communicable Disease Control
    ii. Bureau of Maternity and Family Planning Services
    iii. State Department of Labor
    iv. Medical Examiner
  4. Many third-party payers have clauses in their contracts that allow for release of information when the patient signs the contract. Request a copy of the signed consent from the insurance company before releasing information.
  5. Clients may request in person, via letter or via FAX that copies of immunization records be given or faxed to them or another institution. A copy of the signed request or signed “Permission for Release of Information” form will be attached to information transmitted and kept on file by SHC or scanned into the EMR for not less than seven years. Refer to HIPAA of 1996.
  6. Information may be exchanged between the UCA Student Health Clinic, UCA Counseling Center, and Disability Support Services without requiring client consent, when those offices are providing services for the same client.