28 Pa. Code § 709.28 - Confidentiality
(a) A written
procedure shall be developed by the project director which shall comply with 4
Pa. Code § 255.5 (relating to projects and coordinating bodies: disclosure of
client-oriented information). The procedure must include, but not be limited
to:
(1) Confidentiality of client identity
and records. Procedures must include a description of how the project plans to
address security and release of electronic and paper records and identification
of the person responsible for maintenance of client records.
(2) Identification of project staff having
access to records, and the methods by which staff gain access.
(b) The project shall secure hard
copy client records within locked storage containers. Electronic records must
be stored on secure, password protected data bases.
(c) The project shall obtain an informed and
voluntary consent from the client for the disclosure of information contained
in the client record. The consent must be in writing and include, but not be
limited to:
(1) Name of the person, agency or
organization to whom disclosure is made.
(2) Specific information disclosed.
(3) Purpose of disclosure.
(4) Dated signature of client or guardian as
provided for under
42 CFR 2.14(a) and
(b) and
2.15
(relating to minor patients; and incompetent and deceased patients).
(5) Dated signature of witness.
(6) Date, event or condition upon which the
consent will expire.
(d)
A copy of a client consent shall be offered to the client and a copy maintained
in the client record.
(e) When
consent is not required, the project personnel shall:
(1) Fully document the disclosure in the
client records.
(2) Inform the
client, as readily as possible, that the information was disclosed, for what
purposes and to whom.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.