W. Va. Code R. § 64-11-7 - Legal Compliance

7.1. The provider shall comply with all applicable federal, state, and local laws, rules, and regulations associated with all aspects of service delivery and operations and shall possess all necessary licenses.

7.2. Current licenses or certificates shall be prominently displayed in an area visible to the public.

7.3. The provider shall maintain in the administrative file reports and certifications as applicable regarding:

7.3.1. Certification of occupancy requirements;

7.3.2. Delineation of zoning and building codes;

7.3.3. Compliance with occupational safety and health administration codes;

7.3.4. Records of maintenance and safety inspections performed internally, e.g., by the Safety Committee, Officer, or other; and

7.3.5. Any and all plans of correction or citations for the previous five years.

7.4. Governing Body.

7.4.1. The behavioral health center shall have a governing body that approves and reviews policies and procedures, has input into the provider's mission statement, assists the provider in guiding development, and ensures the accountability of the behavioral health center and provider.

7.4.2. The governing body shall evaluate implementation of policies and procedures.

7.4.3. The governing body shall develop, maintain, and implement a conflicts of interest policy and procedures for managing a conflict and the criteria for determining whether board members have conflicting interests. The conflicts of interest policy shall, at a minimum, require:

7.4.3.a. Those with a conflict, or who think they may have a conflict, to disclose the conflict or potential conflict; and

7.4.3.b. Prohibit interested board members from voting on any matter in which there is a conflict.

7.5. Security of Information and Consumer Records.

7.5.1. The provider shall have policies and procedures regulating access to records of staff and consumers that are in compliance with all federal and state requirements. Regulatory agencies shall be allowed access to relevant service and employment information, clinical records, incident reports, and other documents to fulfill their statutory and regulatory duties.

7.5.2. The provider shall ensure that service records, whether paper or electronic, are made available for inspection. The behavioral health center shall ensure that employment records, whether paper or electronic, are made available for inspection during normal business hours.

7.5.3. The provider shall have procedures to protect service and employment records by reasonable efforts, whether in electronic or paper form, from destruction by fire, water, loss, or other damage and from unauthorized access.

7.5.4. Written procedures shall govern the retention, maintenance, and destruction of consumer records.

7.5.5. At a minimum, the provider shall retain consumer records for a minimum of five years from date of last service and for five years following a child's 18th birthday if service ends prior to that time. Conversion of paper records to an electronic copy and destruction of paper is acceptable.

7.5.6. The provider shall have a policy regarding disposal of records which respects confidentiality and security of consumer information and in compliance with all applicable state and federal laws.

7.5.7. The provider shall have a policy that all computer and data systems owned by the provider will have up to date anti-virus protection and provide protections which safeguard consumer data and privacy. Systems will be consistent with federal and state privacy laws and regulations.

7.5.8. The format of electronically transmitted data shall comply with legal standards and requirements.

7.5.9. Release of consumer information and records.

7.5.9.a. The behavioral health center or provider will release consumer information and records only according to its written policies and procedures and in compliance with all applicable federal and state laws, rules, and regulations.

7.5.9.b. Except as required by law, before releasing information about a consumer, the behavioral health center or provider shall obtain consent from the consumer or his or her legal representative that includes at a minimum the following:

7.5.9.b.1. Specific consumer information to be released;

7.5.9.b.2. The time period for which the consent is valid and in effect;

7.5.9.b.3. The recipient that will receive the consumer information and records; and

7.5.9.b.4. The purpose of the release of consumer information and records.

7.5.9.c. Consumer records shall be released without written consent in the following situations:

7.5.9.c.1. In a proceeding under W. Va. Code §27-5-4 to disclose the results of an involuntary civil commitment;

7.5.9.c.2. In a proceeding under W. Va. Code §27-6A-1, et seq., to disclose the results of an involuntary examination;

7.5.9.c.3. Pursuant to a court order based upon a finding that information in the consumer record is sufficiently relevant to a proceeding before the court to outweigh the importance of maintaining the confidentiality established by this rule;

7.5.9.c.4. To protect against a clear and substantial danger of imminent injury by a consumer to self or another;

7.5.9.c.5. To staff of the behavioral health center for treatment, internal review purposes, internal investigations, or a combination of the foregoing; and

7.5.9.c.6. The Inspector General shall have full access to a consumer's records as needed in administering state and federal requirements.

7.5.10. Consumer Record Maintenance.

7.5.10.a. The provider shall establish a process for maintaining current, easily accessible consumer records from intake through discharge in accordance with applicable federal and state laws, rules, and regulations including the provisions of this rule.

7.5.10.b. The consumer record shall contain information essential to the services or treatment including, but not limited to, the following:

7.5.10.b.1. Consumer identification data;

7.5.10.b.2. Applicable social and medical information;

7.5.10.b.3. A summary of the assessment process;

7.5.10.b.4. A record of all evaluations;

7.5.10.b.5. Treatment plans, treatment strategies, and special treatment procedures;

7.5.10.b.6. Documentation of ongoing services provided;

7.5.10.b.7. Legal representative documents;

7.5.10.b.8. Court orders; and

7.5.10.b.9. A record of any signed and dated physician's or other healthcare provider's order.

7.6. Contractual relationships.

7.6.1. If the provider arranges externally or contractually for the provision of consumer services, the provider shall have a written agreement which specifies:

7.6.1.a. Roles and responsibilities of the provider and the subordinate service provider;

7.6.1.b. A guarantee that the subcontracting provider shall obtain and provide copies of information regarding employees to demonstrate that the employees are in compliance with the regulatory and risk management needs of the provider;

7.6.1.c. Clinical documentation required of the subordinate service provider with time lines for provision of the documentation;

7.6.1.d. Services to be provided;

7.6.1.e. Provision of appropriate liability or malpractice insurance either by the contractor or subordinate provider;

7.6.1.f. A general definition of the consumers to be served; and

7.6.1.g. That the subordinate provider shall adhere to state and federal requirements of confidentiality.

7.6.2. The provider shall maintain a file on each contracted subordinate provider, including:

7.6.2.a. Evidence of appropriate training, licensure, or certification; and

7.6.2.b. Evidence of malpractice or liability insurance as specified in the contract.

Notes

W. Va. Code R. § 64-11-7