28 Pa. Code § 709.28 - Confidentiality

(a) A written procedure shall be developed by the project director which shall comply with 4 Pa. Code § 255.5 (relating to projects and coordinating bodies: disclosure of client-oriented information). The procedure must include, but not be limited to:

(1) Confidentiality of client identity and records. Procedures must include a description of how the project plans to address security and release of electronic and paper records and identification of the person responsible for maintenance of client records.

(2) Identification of project staff having access to records, and the methods by which staff gain access.

(b) The project shall secure hard copy client records within locked storage containers. Electronic records must be stored on secure, password protected data bases.

(c) The project shall obtain an informed and voluntary consent from the client for the disclosure of information contained in the client record. The consent must be in writing and include, but not be limited to:

(1) Name of the person, agency or organization to whom disclosure is made.

(2) Specific information disclosed.

(3) Purpose of disclosure.

(4) Dated signature of client or guardian as provided for under 42 CFR 2.14(a) and (b) and 2.15 (relating to minor patients; and incompetent and deceased patients).

(5) Dated signature of witness.

(6) Date, event or condition upon which the consent will expire.

(d) A copy of a client consent shall be offered to the client and a copy maintained in the client record.

(e) When consent is not required, the project personnel shall:

(1) Fully document the disclosure in the client records.

(2) Inform the client, as readily as possible, that the information was disclosed, for what purposes and to whom.

Notes

28 Pa. Code § 709.28

Amended by Pennsylvania Bulletin, Vol 44, No. 42. October 18, 2014, effective 10/18/2014