Health Care Department Operations Manual

Cancel

Chapter 2 – Patients’ Entitlements and Responsibilities

Article 3 – Health Information Management

View All Sections >

2.3.3 Managing Health Record Access to Protected Health Information

  • Policy

    • California Correctional Health Care Services (CCHCS) Health Information Management (HIM) staff shall:

    • Understand and adhere to applicable federal and state statutes and regulations to ensure patient privacy as well as control access to, use, and disclosure of Protected Health Information (PHI). 

    • Safeguard both the health record and its contents against loss, defacement, tampering, and from disclosure or use by unauthorized individuals in accordance with Information Security Office mandates.

    • Ensure Headquarters (HQ) reviews all requests from external entities.

  • Purpose

    • To ensure patient health information is protected against loss, defacement, tampering, and unauthorized disclosure.

  • Policy Responsibility

    • Under the direction of the Deputy Director, Medical Services:

      • HIM HQ and Institution Health Records staff are responsible for the implementation and monitoring of this policy for currently incarcerated persons.

      • Health and Imaging Record Center (HIRC) staff are responsible for the implementation and monitoring of this policy for paroled or discharged incarcerated persons.

    • The Chief Executive Officer, or designee, Health Records Technician (HRT) III and HRT II of each institution, and HIRC staff are responsible for the oversight, implementation, monitoring, and evaluation of this policy, and shall establish and maintain local operating procedures to carry out the requirements herein.

  • Responsibility

    • Information Technology department staff are responsible for provisioning access to the Electronic Health Record System in accordance with established policy, procedures, and guidelines.

  • Procedure

    • The requestor, or designee, shall complete and submit a PHI access provision request through the CCHCS Service Portal.

    • CCHCS HIM shall ensure patient health information is available as needed by health care staff and others who have authorized access.

  • References

    • Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 160, Subpart B, Sections 160.201–205, Preemption of State Law

    • Health Insurance Portability and Accountability Act (HIPAA) of 1996, Summary of HIPAA Privacy Rules

    • American Health Information Management Association: Health Information Management Concepts, Principles, and Practice, Chapter 3, Documentation Standards, Pages 91-93; Chapter 8, Paper-based and Hybrid Health Records, and Incomplete Record Control, Pages 212-215 (Third ed., 2010)

    • American Health Information Management Association: Documentation for Ambulatory Care, General Documentation Guidelines (Revised ed., 2001)

    • Health Care Department Operations Manual, Chapter 2, Article 2, Confidentiality and Privacy

  • Revision History

    • Effective: 01/2002
      Revised: 09/2021