Compilation of Rules and Regulations of the State of Georgia
Department 82 - DEPARTMENT OF BEHAVIORAL HEALTH AND DEVELOPMENTAL DISABILITIES
Chapter 82-4
Subject 82-4-1 - CHILD AND ADOLESCENT CRISIS STABILIZATION UNITS
Rule 82-4-1-.18 - Confidentiality

Universal Citation: GA Rules and Regs r 82-4-1-.18

Current through Rules and Regulations filed through March 20, 2024

1. The C & A CSU shall have records management policies, procedures and practices to manage and to protect the confidentiality and protected health information of individuals' records, to include electronic records.

2. The C & A CSU's records management policies shall support secure, organized records and shall be consistent with all applicable policies and procedures and federal and state laws and regulations.

3. The C & A CSU shall ensure that the individual's rights regarding his or her own confidential and protected health information are protected, including but not limited to, access to protected health information, requesting amendment to the clinical record, requesting restriction of disclosure, and requesting an accounting of disclosures that have been made.

4. The C & A CSU shall have a Notice of Privacy Practices regarding confidentiality of the individual's protected health information, which Notice shall comply with the requirements of Health Insurance Portability and Accountability Act (HIPAA).

5. The C & A CSU shall post the Notice of Privacy Practices at all times in the admissions area and in prominent locations where it is reasonable to expect individuals to be able to read the notice. Additional copies must be available for distribution upon request.

6. The C & A CSU shall provide a copy of the Notice of Privacy Practices to the individual and his or her legal guardian, as defined by state law, upon the individual's admission.

7. The C & A CSU shall have policies, procedures and practices that are compliant with the requirements of HIPAA regarding:

a. Complaints regarding violation of confidentiality and privacy rights;

b. Reports of breaches of HIPAA to the Department, and as required by law when applicable to the individual, to the United States Secretary of Health and Human Services, and to the media;

c. Sanctions of employees for violations of HIPAA; and

d. Identifying business associates, as defined by HIPAA, of the C & A CSU and obtaining satisfactory assurances of the business associates' compliance with the requirements of HIPAA.

8. The clinical record, information about an individual contained in incident reports and any documents that are not part of the clinical record, and all information about an individual whether oral or written, and regardless of how stored, is confidential.

9. Unless authorized in writing by a valid authorization signed by the legal guardian, or by applicable law, the C & A CSU shall not:

a. Confirm or deny whether an individual is receiving or has received services from the C & A CSU; or

b. Disclose any confidential or protected health information regarding the individual.

O.C.G.A. Secs. 37-1-29, 37-3-166, 37-7-166.

Disclaimer: These regulations may not be the most recent version. Georgia may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.