Current through Register Vol. 48, No. 38, September 20, 2024
a) Health Information Portability and
Accountability Act (HIPAA)
1) HIPAA
regulations (
45
CFR 164.512(b)(1)(ii))
specifically permit use or disclosure of protected health information with a
public health authority or other appropriate government authority authorized by
law to receive reports of child abuse or neglect. DCFS is a government
authority authorized by law to receive reports of child abuse or
neglect.
2) In addition, HIPAA
allows the release of personal health information to an individual's personal
representative. Included in the definition of personal representative is a
guardian or person acting in loco parentis with legal authority to make health
care decisions on behalf of a minor child. When conflicts arise between HIPAA
and other confidentiality rules, the stricter requirements apply.
3) The Medical Patient Rights Act establishes
the right of each patient to privacy and confidentiality in health care.
Physical health information may be disclosed when relevant to a child
protection investigation. The Children and Family Services Act permits any
individual dealing with or providing services to a minor ward to share
information with another individual dealing with or providing services to the
minor for the purpose of coordination efforts on behalf of the minor. However,
the Department shall not release information concerning any medical care to
which the minor has the right of consent. (See the Consent by Minors to Medical
Procedures Act [410 ILCS 210 ] for specifics on when a minor has the right to
consent to his or her own medical care.)
4) If Department, POS or HealthWorks (see
subsection (a)(3)) staff experience difficulty in obtaining information to
which the Department has a right from healthcare providers who are citing HIPAA
as the reason to deny information, staff shall consult with their supervisor.
The supervisor will consult with the Office of the DCFS Guardian if the problem
persists.
b) Disclosure
of Information Regarding Acquired Immunodeficiency Syndrome (AIDS)
1) The Department shall be informed of the
results of Human Immunodeficiency Virus (HIV) tests performed on and of all
diagnoses of Acquired Immunodeficiency Syndrome (AIDS), as defined in the
Department of Public Health's rules at 77 Ill. Adm. Code 697 (AIDS
Confidentiality and Testing Code), for children for whom the Department is
legally responsible.
2) The
Department shall release information on children for whom it is legally
responsible regarding HIV test results and diagnoses of AIDS to the child's
legal parents and to persons who have the need to know this information. The
categories of persons who have a need to know this information about a child
may include, but are not limited to, the following:
A) those persons who supervise or provide
direct care to the child, such as:
i) foster
parents;
ii) relative
caretakers;
iii) directors or
operators of child care facilities, such as group homes, child care
institutions, child welfare agencies, State operated facilities, day care
homes, day care centers and the personnel of these facilities who provide
direct care for a child by feeding, diapering or handling blood or bodily
fluids or who provide direct care to a child who bites, spits, has a bleeding
problem such as nose bleeds or hemophilia or who cannot control normal bodily
functions;
B)
physicians, nurses, dentists and other medical providers who will be providing
direct care to the child;
C) other
persons who provide direct care for a child for whom the information is
necessary in order to provide Department approved services for the child, i.e.,
advocates and counselors;
D)
prospective adoptive parents who have been licensed under 89 Ill. Adm. Code
402, who are willing to adopt a child with a terminal illness, and who have
demonstrated an interest in a specific child who has tested positive for HIV
infection or who has been diagnosed with ARC or AIDS;
E) Guardian ad litem.
3) Persons to whom the Department has
released information regarding HIV test results and diagnoses of AIDS shall
keep this information confidential in accordance with the provisions of the
AIDS Confidentiality Act and the AIDS Confidentiality and Testing Code. The
information shall not be disclosed to other persons except as authorized by the
Department in accordance with subsection (b). The authorization shall be signed
by the Department's Guardianship Administrator or designee as defined by 89
Ill. Adm. Code
327.2 and shall
contain the names and respective positions of those individuals to whom the
information will be disclosed. Education must accompany disclosure so that
those persons receiving the information understand the HIV/AIDS diagnosis,
treatment and precautions. This information may be provided by the DCFS AIDS
Project or a Department Regional Nurse.
d) HealthWorks
HealthWorks is not a covered function as defined in HIPAA
regulations (
45
CFR 164.103) . HealthWorks functions to
fulfill a legally mandated role to arrange for health care services for clients
who are in protective custody or are wards of the Department. HealthWorks lead
agencies and their medical case management agencies are authorized to receive
medical information on children in protective custody or for children who are
DCFS wards. HealthWorks staff may use consents signed by the Guardianship
Administrator or an authorized agent to obtain information from health
providers.
e) Disclosing
Information for Regulatory Review Purposes
Under HIPAA, covered entities may disclose protected health
information for health oversight activities required by law. The Department's
health oversight activities include State-run compliance reviews such as
Medicaid Part 132 reviews, Agency Performance Team reviews, Independent
Utilization Reviews, and Licensing reviews. Health oversight activities include
a broad range of civil, administrative and criminal investigations or
proceedings.
