Medical Record Security Plan

1 Life Recovery Centers

Medical Record Security Plan

1 Life Recovery Centers


DATE CREATED: 06/10/2023

DATE REVISED: __________



It is the policy of this company that all personnel must preserve the integrity and the confidentiality of medical and other sensitive information pertaining to our residents.  The purpose of this policy is to ensure that all staff have the necessary information to provide the highest quality of care possible while protecting the confidentiality of that information to the highest degree possible so that residents do not fear to provide information to the facility for purposes of treatment.  To that end, the facility will:

  • Collect and use individual medical information only for the purposes of providing services and for supporting the delivery, payment, integrity, and quality of those services.

  • The company will not use or supply individual medical information for non-health care uses, such as direct marketing, employment, or credit evaluation purposes other than as authorized by the Health and Human Services Privacy Regulations (“HHS”) (“privacy regulations’).

  • To provide proper diagnosis and treatment.

  • With the individual’s knowledge and consent/authorization.

  • Recognize that medical information collected about residents must be accurate, timely, complete, and available when needed. The company will:

    • Use their best efforts to ensure the accuracy, timeliness, and completeness of data and to ensure that authorized personnel can access it when needed.
    • Complete and authenticate medical records in accordance with the law, ethics, and accreditation standards.
    • Maintain records for the retention periods required by law and professional standards.
    • Not alter or destroy an entry in a record, but rather designate it as an error while leaving the original entry intact and create and maintain a new entry showing the correct data.
    • Implement reasonable measures to protect the integrity of all data maintained about residents.
  • Recognize that residents have a right of privacy. The facility will respect residents’ individual dignity at all times.

  • Act as responsible information stewards and treat all individual medical record data and related financial, demographic, and lifestyle information as sensitive and confidential.  Consequently, the company will:

    • Not divulge medical record data unless the resident (or his or her authorized representative) has properly consented to the release or the release is otherwise authorized by the privacy regulations and/or other law, such as communicable disease reporting, and child abuse reporting.
    • Remove resident identifiers when appropriate, such as in statistical reporting and in evaluation studies.
    • Not disclose financial or other resident information except as necessary for billing or other authorized purposes as authorized by the privacy regulations, other laws, and professional standards.
    • Recognize that some medical information is particularly sensitive, such as:

      • HIV/AIDS information
      • Mental health and developmental disability information
      • Alcohol and drug abuse information;
      • and other information about sexually transmitted or communicable diseases.

The disclosure of such information could severely harm residents, such as by causing loss of employment opportunities and insurance coverage, as well as the pain of social stigma.  Consequently, the company will treat such information with additional confidentiality protections as required by law, professional ethics, and accreditation requirements.

    • Recognize that, although the company “owns” the medical record, the resident has a right of access to information contained in the record. The company will:
      • Permit residents to access and copy their protected health information in accordance with the requirements of the privacy regulations.
      • Provide resident an opportunity to request correction of inaccurate data in their records in accordance with the requirements of the privacy regulations.
      • Provide residents an accounting of uses and disclosures other than those for treatment, payment, and healthcare operations in accordance with the requirements of the privacy regulations.

  • All employees will receive annual in-services/trainings on HIPPA regulations and general confidentiality standards.

All employees must adhere to this policy. The company will not tolerate violations of this policy.  Violation of this policy is grounds for disciplinary action, up to and including termination of employment and criminal or professional sanctions.