Confidentiality
 
Confidentiality is the basis for all personal relationships.  It involves intimacy, trust, and confidence and is the key to developing successful service and/or support delivery relationships with individuals.

What is "confidential"?  It is all the information contained in a recipient's records, including information contained in an automated data bank, shall be considered confidential.

What is a "Breach in Confidentiality"?  It occurs when recipient information is passed along to a second individual without the recipient's or recipient's guardian's knowledge or permission when information can be used against the recipient's welfare or services, or when information draws undue attention to a disability, rather than capability.

Such records pertaining to the individual recipient may only be used for the benefit, promotion, and welfare of the recipient. The goal of all discussions or information sharing regarding recipients must always be to serve the recipient.

Type of Records and Locations
 
*Major Unusual Incident (MUI) reports are kept at the MEORC/MUI office at 66737 Old Twenty-One Road, Cambridge, OH 43725.

*Residential waiver and supported living official files with Current Individual Service Plans, Levels of Care, Payments Authorization for Waiver Services (Paws), Quality Assurance Reports, and Service Coordination Notes are kept at the Mid East Ohio Regional Council (MEORC) office in Mt. Vernon.

*Targeted Case Management (TCM) and MUI reports are kept in the Service and Support Administration office at the GCBDD.

*Adult Services Official files with copies of Birth Certificates, Social Security Cards, Social Summaries, Psychologicals, FED Forms, Individual Plans and 90 Day Reviews, Residential Information and Assessments, and Incident Reports are kept in the Service and Support Administration office at GCBDD.

*Individual adult files containing current individual plans and current goals are kept in each individual's department.

*Emergency Care Cards for the Adults are kept in the Workshop Office and each vehicle in case of an accident involving one of the individuals.

*Emergency Care Cards for the Students are kept in the School Office and each vehicle in case of an accident involving one of the students.

*Payroll records for Adults enrolled in Guernsey Industries are kept in the payroll office of Guernsey Industries.

*Nursing files with individual's medical and inoculation records are kept in the clinic at the GCBDD.

*Student , Preschool, and Early Intervention (E.I.) files containing their Individual Education Plan (IEP)/Individual Family Service Plan (IFSP), Multi-Factor Evaluations, Birth Certificate, Social Security Card, Custody and Guardianship records, and Incident Reports are kept in the School Office at the GCBDD.

*Early Intervention unofficial files containing current IFSP, current Goals and Tracking, and Progress Notes are kept at the Guernsey County Board of DD at 60770 Southgate Road, Byesville, Ohio 43723.

*Family Resource files are kept for those individuals who are eligible for family resources and contain information about family income
and other eligibility requirements. These files are kept in the Administrative Offices at the GCBDD.

Safeguards...

1. The safekeeping of records and securing them against loss or use by unauthorized persons is the responsibility of the designated Program Director. The designated Program Director shall be responsible for all records under their assigned area of responsibility.

2. Each employee of the County Board shall act responsibly in the provision of service delivery to ensure the confidentiality of information of each recipient receiving supports.

3. County board personnel collecting, maintaining, using, or otherwise having access to personally identifiable data shall be informed of the confidentiality policies and procedures of the County Board and are responsible for implementing them.

4. The County Board shall maintain, for public inspection, a current listing of names and positions of those employees who have access to the personally identifiable data.

5. If the County Board's records include information on more than one recipient, the recipient shall have the right to inspect only the information related to them.

Disclosing of Confidential Information and Recording Procedures...
 
The County Board shall implement procedures to obtain written consent of a recipient or legal guardian before disclosing personally identifiable information and other information not otherwise authorized from the records of a recipient.  The written consent required by this paragraph shall comply with all State and Federal Regulations, be signed and dated by the recipient or their legal guardian giving the consent, and shall include:

Disclosure of information also includes verbal sharing (meeting, telephone conversations, etc.) which requires written recipient consent, as outlined above. Record of such disclosure shall be recorded on the access record.

A release shall not exceed a time period of one year.

Directory information will not be disclosed by the County Board without the written consent of the recipient.

A record of all disclosures of information that includes the information disclosed, to whom it was disclosed, the reason and the date of the disclosure shall be maintained in the recipient's record. These recording procedures shall be used for all disclosures of confidential information.

Confidential information from the records of a recipient may be disclosed without consent of the recipient if the disclosure is...

1. To other staff within the County Board who have been determined by the designated Program Director of the Board to have a legitimate interest in ensuring appropriate supports.

2. To Federal and State Officials in connection with the audit or evaluation of federally supported programs, or in connection with enforcement of or compliance with the legal requirements which relate to these programs.

3. To officials or another agency who are providing, or intend to provided services to recipients under contract with the County Board.

The County Board shall implement procedures to keep a record of parties obtaining or given access to records collected, maintained, or used. Record of access disclosure shall be kept on parties to whom information is sent, including:
1. Name of the party;
2. Date access was given;
3. Purpose for which the party is authorized to use the data.

Destruction of Information
 
1. The County Board shall inform a recipient in writing when personally identifiable information collected, maintained, or used is no longer needed to provide services to the recipient. Such information includes, but is not limited to, documentation retained in accordance with all applicable laws and rules to ensure Medicaid related material is maintained for a period of seven years from the date of receipt of payment for
services or six years after an initial audit is completed or adjudicated, whichever is longer. After this time, if no further service has been provided or requested, the records may be destroyed. Written permission of the recipient shall be obtained prior to the destruction of record information.

2. Destruction of information notices shall afford the recipient the opportunity to obtain a copy of any such records identified by the County Board prior to destruction. The personally identifiable information or a recipient may be retained permanently, unless the recipient requests that it be destroyed.  Recipients should be reminded that the records may be needed by the recipient for Social Security benefits or other purposes.

3. The information shall be destroyed at the request of the recipient in writing after (30) days of receipt of such a request by the recipient. Medicaid related record information/Fiscal data shall be maintained for a period of seven (7) years from the date of receipt of payment or for six (6) years after an initiated audit is completed or adjudicated, whichever is longer. However, a permanent record if a recipient's name, address, phone number, service(s) and support(s) provided may be maintained without time limitation.


*Procedures reflect HIPAA regulations
 
**A recipient who believes that information in records collected, maintained, or used under this part is inaccurate or misleading or violates the privacy or other rights of the recipient may request the County Board, which maintains the information, to amend the information.

Complete copies of Confidentiality Policy 11:05 and Confidentiality Procedures are available upon request by contacting the...

Guernsey County Board of DD Administrative Offices
60770 Southgate Road
Byesville, Ohio 43723
740-439-4451

Also...

Official Residential Waiver and Supported Living Files are kept at the...

MEORC Office
423 South 11th Street Suite B
Cambridge, Ohio 43725
740-439-0666

Or...

E.I. Unofficial Files are kept at the...
Guernsey County Board of DD
60770 Southgate Road
Byesville, Ohio 43723
740-439-4451

Records shall be kept on file in a secure location to assure permanence of the records for the time during which the services are provided and for transmittal to an alternative program when alternate placement occurs.  Reports made under Section 5123:61 of the ORC and 5123:2-17-02 of the OAC (Major Unusual Incidents) are not public records as defined in Section 149:43 of the ORC and may not be deemed accessible. The County Board shall review, not less than once a year, the systems and safeguards employed by the agency and staff to preserve confidentiality of information. This review shall be used to maintain the confidential nature of the information.