Compilation of Rules and Regulations of the State of Georgia
Department 82 - DEPARTMENT OF BEHAVIORAL HEALTH AND DEVELOPMENTAL DISABILITIES
Chapter 82-3
Subject 82-3-1 - ADULT CRISIS STABILIZATION UNITS
Rule 82-3-1-.18 - Confidentiality

Universal Citation: GA Rules and Regs r 82-3-1-.18

Current through Rules and Regulations filed through March 20, 2024

The CSC and any associated CSC and/or Temp Obs functions shall:

1. Have records management policies, procedures and practices to manage and to protect the confidentiality and protected health information of individuals' records, to include electronic records;

2. Have records management policies which support secure, organized records and shall be consistent with all applicable policies and procedures and federal and state laws and regulations;

3. Ensure that the individual's rights regarding his or her own confidential and protected health information are protected, including but not limited to, access to protected health information, requesting amendment(s) to the clinical record, requesting restriction of disclosure, and requesting an accounting of disclosures that have been made;

4. Have a Notice of Privacy Practices regarding confidentiality of the individual's protected health information, which Notice shall comply with the requirements of Health Insurance Portability and Accountability Act (HIPAA);

5. Post the Notice of Privacy Practices at all times in the admissions area and in prominent locations where it is reasonable to expect individuals to be able to read the notice. Additional copies must be available for distribution upon request;

6. Provide a copy of the Notice of Privacy Practices to the individual and his or her representatives, as defined by state law, upon the individual's admission;

7. Have policies, procedures and practices that are compliant with the requirements of HIPAA regarding:

a. Complaints regarding violation of confidentiality and privacy rights;

b. Reports of breaches of HIPAA to the Department, and as required by law when applicable to the individual, to the United States Secretary of Health and Human Services, and to the media;

c. Sanctions of employees for violations of HIPAA; and

d. Identifying business associates, as defined by HIPAA, of the CSU and obtaining satisfactory assurances of the business associates' compliance with the requirements of HIPAA.

8. Ensure the clinical record, information about an individual contained in incident reports and any documents that are not part of the clinical record, and all information about an individual whether oral or written, and regardless of how stored, is confidential;

9. Not, unless authorized in writing by a valid authorization signed by the individual, or by applicable law:

a. Confirm or deny whether an individual is receiving or has received services from the CSU; or

b. Disclose any confidential or protected health information regarding the individual.

O.C.G.A. Secs. 37-1-29, 37-3-166, 37-7-166.

Disclaimer: These regulations may not be the most recent version. Georgia may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.