RRHSF’s work force must be familiar with and comply with the federal Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule effective April 14, 2003, which imposes a uniform, national policy on the confidentiality of individual records with penalties for failure to comply. These are in addition to any existing state or local privacy standards that may already be in place. Regulations are enforced by the Office for Civil Rights (OCR). PHI is protected from the public, family, and others, including the work force. Just because a work force member has the ability to access records does not mean s/he has the right to access them. The work force only has the right to access information needed to do day-to-day work. HIPAA is a law designed to protect health information of individuals that details the rights individuals have to access their PHI. There are three HIPAA Rules:

1. Privacy
2. Transaction & Code Sets
3. Security

RRHSF has a legal and ethical responsibility to safeguard the privacy and confidentiality of the individuals and their Protected Health Information (PHI). RRHSF must also ensure the confidentiality of human resources, payroll, fiscal, research, internal reporting, strategic planning, communications, computer systems, and management information (collectively, with the individuals’ identifiable PHI: confidential information). RRHSF work force must be fully aware of policies regarding sharing information about RRHSF, employees, and individuals in any way, shape or form. In the performance of duties at RRHSF, the work force must understand they may have access to various types of confidential information. The work force will access and use information only when necessary to perform their work in accordance with RRHSF’s privacy and security policies. Protected Health Information (PHI) may be shared with prospective members of RRHSF’s workforce in the process of screening for establishing a workforce relationship. Individuals need to give approval to share information with workforce member candidates. Reported violation(s) of confidentiality will lead to an investigation, and any work force member who inappropriately shares confidential information will be held responsible. Breach of confidentiality is considered cause for disciplinary action and/or termination. To view our Notice of Privacy Practices and Confidentiality and Security Agreement click below: