MY OFFICE PRIVACY POLICIES AND PROCEDURES
Confidentiality and privacy are the cornerstones of the mental health professions. Patients have an expectation that their communications with therapists, and their treatment records, will generally be kept confidential and will not be released to others without the written authorization of the patient. One of the purposes of the Notice of Privacy Practices is to inform and educate patients about the fact that there are exceptions to the general rule of confidentiality. Many of these exceptions have existed for years, and many of them are the result of laws and regulations being passed by state legislatures and by the federal government. These laws and regulations are essentially statements of public policy. My office policies and procedures, as well as the ethical standards of my profession, are intended to shape my practice so that privacy and confidentiality are maintained, consistent with New Jersey law and the federal “Privacy Rule.”
Privacy Officer. : I, Lorraine Barry, am the privacy officer for this practice. I am the one responsible for developing and implementing these policies and procedures. Contact Person. : I, Lorraine Barry, am the contact person for this practice. If a patient needs or desires further information related to the Notice of Privacy Practices, or if the patient has a complaint regarding these policies and procedures or our compliance with them, I am the person who should be contacted. The effective date of these policies and procedures is 01/01/2017. I will maintain documentation of all consents, authorizations, Notices of Privacy Practices, Office Policies and Procedures, trainings, and patient requests for records or for amendments to records. I will also document complaints received and their disposition. I will train all consultants of my practice regarding the importance of privacy and confidentiality. At a minimum, these Office Policies and Procedures will be reviewed and discussed, as will the content of the Notice of Privacy Practices. The training will take place as soon as possible after the person is hired. For those who are already in my employ, I will train them by April 14, 2003. I will not maintain or use patient sign-in sheets. Conversations regarding confidential material or information will take place in an area and in a manner where they will not be easily overheard. . Patient records will be kept in locked file cabinets in my individual office. My individual office is locked when I am not there. Patient records will not be left in places in my office where others are able to see its contents. I will take steps to assure that patient records are accessed only by me or by those in my employ with my permission, who may need to access them on my behalf or on the patient’s behalf. Computers and fax machines will be placed appropriately so that access is limited to office personnel and so that confidential information transmitted or received is not seen by others. With respect to electronic equipment such as computers, I will delete and change the passwords of terminated employees promptly upon their termination. With respect to office keys, terminated employees will be asked to return all keys to the office that they may possess. I also realize that it may be necessary for me to change one or more locks within my office, depending on circumstances. For those in my employ who violate these policies and procedures or who compromise the confidentiality or privacy of a patient, I will take such actions as I believe are warranted by the situation. Since I have a small private practice, I have not had the need to develop and implement a formal disciplinary policy. I will act in good faith and will do my best to correct errors or deficiencies that become known to me. Information and records concerning a patient may be disclosed as described in the Notice of Privacy Practices and in accordance with applicable law or regulation. I will obtain a written authorization from the patient before releasing information to third parties for purposes other than treatment payment, and health care operations, unless disclosure is required by law or permitted by law. If mental health records are subpoenaed by an adverse party I will assert the psychotherapist-patient privilege on behalf of the patient and will thereafter act according to the wishes of the patient and the patient’s attorney, unless I am ordered by a Court or other lawful authority to release records or portions thereof. To the extent that I keep patient records electronically (e.g. on my computer), I will back up the computer files on a daily basis and will store the backup offsite. By doing so, I will be prepared in the case of an incident of some kind that causes destruction, deletion, or damage to electronically stored patient records. I keep patient records for at least seven years from the date of last treatment. With respect to the records of a minor, I keep those records for at least seven years or until the patient is twenty-one years old, whichever is longer. Thereafter, I may destroy patient records. When records are destroyed, they will be destroyed in a manner that protects patient privacy and confidentiality. I will attempt to find out from patients, as early as possible, whether they have any objection to me or others in my office sending correspondence to their residence (e.g., claim forms, bills) and whether I am permitted to call them at their residence or. elsewhere change appointment times or dates, or to discuss matters related to their treatment .
If I share protected health information about a patient with third party business associates as part of my health care operations (e.g., a billing or transcription service), I will have a written contract with that business associate that contains terms that will protect the privacy of the patient’s protected health information. My duty of confidentiality and the psychotherapist-patient privilege survive the death of a patient. With respect to email communications, I will do my best to ensure that communications are encrypted and can only be opened by the person to whom they are being sent. I will do my best to ensure that electronic information, such as billing records and correspondence, is protected from computer viruses and unauthorized intruders.