Confidentiality and Privacy Policy
Introduction: At Cherry Creek Treatment Center, we are committed to safeguarding the privacy and confidentiality of our patients in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and 42 Code of Federal Regulations (CFR) Part 2. This policy outlines our dedication to maintaining the highest standards in the protection of sensitive information related to substance use treatment. All employees are expected to adhere to these guidelines:
1. Applicability:
This policy applies to all employees, contractors, and volunteers at Cherry Creek Treatment Center who have access to patient records and information covered by HIPAA and 42 CFR Part 2.
2. Protected Health Information (PHI):
Employees must respect the confidentiality of all patient records and information, including Protected Health Information (PHI), obtained during the course of employment. PHI includes any information that identifies or could reasonably be used to identify an individual and relates to the past, present, or future health condition, treatment, or payment for healthcare services.
3. Access to Information:
Access to patient information is restricted to individuals with a legitimate need for such information in the performance of their job duties. Unauthorized access, use, or disclosure of patient information is strictly prohibited.
4. Consent and Release of Information:
Patient consent and authorization must be obtained before disclosing any patient information, except as permitted by law or required for treatment, payment, or healthcare operations. Releases of information must be documented and maintained in the patient's record.
5. Minimum Necessary Standard:
Employees should only access and use the minimum amount of patient information necessary to perform their job duties. Unnecessary access or use of patient information is strictly prohibited.
6. Security Measures:
Cherry Creek Treatment Center employs physical, technical, and administrative safeguards to protect patient information from unauthorized access, disclosure,
alteration, or destruction. Employees are responsible for adhering to security protocols and reporting any breaches or concerns promptly.
7. Training and Awareness:
Employees receive training on HIPAA and 42 CFR Part 2 regulations and their responsibilities regarding privacy and confidentiality. Regular updates and refresher training sessions are conducted to ensure ongoing compliance.
8. Reporting Incidents:
Any suspected or actual breaches of privacy or confidentiality must be reported immediately to the Privacy Officer or a supervisor. A thorough investigation will be conducted, and corrective action will be taken as necessary.
9. Confidential Communications:
Employees must respect patients' requests for confidential communication methods, such as using specific contact numbers or mailing addresses. Communication about patient information should be conducted in private areas to protect confidentiality.
10. Record Retention:
Patient records are retained in accordance with applicable laws and regulations. Employees must adhere to record retention policies and procedures to ensure the appropriate storage and disposal of patient information.
11. Legal and Ethical Obligations
Employees are expected to comply with all federal and state laws, as well as ethical standards, governing the privacy and confidentiality of patient information.
Violation of this Privacy and Confidentiality Policy may result in disciplinary action, up to and including termination of employment. By following these guidelines, we maintain the trust and confidence of our patients and uphold the highest standards of care in substance use treatment.
This policy is subject to periodic review and update, and all employees are responsible for staying informed about any changes.
Use and Disclosure of Protected Health Information (PHI)
Our organization is committed to protecting the privacy of your health information in compliance with the Health Insurance Portability and Accountability Act (HIPAA). We may use and disclose your PHI under the following circumstances:
● Treatment – We may share your PHI with healthcare providers involved in your care, including hospitals, emergency responders, and specialists, if necessary for your
treatment.
● Safety Concerns – If you pose a threat to yourself or others, we may disclose relevant PHI to appropriate authorities or individuals to ensure safety.
● Legal Requirements – We may disclose PHI when required by law, such as in cases of abuse, neglect, or court orders.
Your Rights Regarding Your Protected Health Information
As a client, you have the following rights regarding your PHI:
● Right to Access – You may request to inspect or obtain a copy of your health records, subject to limited exceptions.
● Right to Amend – If you believe your records contain inaccurate or incomplete information, you may request corrections.
● Right to Restrict Disclosures – You may request limitations on how we use or disclose your PHI, though we may not always be able to comply if legally required to disclose.
● Right to Confidential Communications – You may request alternative means of communication (e.g., mailing information to a different address).
● Right to File a Complaint – If you believe your rights have been violated, you may file a complaint with our Privacy Officer or the U.S. Department of Health and Human
Services. Retaliation for filing a complaint is strictly prohibited.
Our Legal Duties
We are required by law to:
● Maintain the privacy and security of your PHI.
● Provide this notice outlining our legal obligations and privacy practices.
● Notify you promptly if a breach occurs that may have compromised the privacy of your PHI.
● Follow the terms of this privacy policy and update it as necessary to remain compliant with legal and regulatory requirements.
Contact Information
For questions about our privacy practices or to file a complaint, please contact: Heath W. Bechler, CEO
Cherry Creek Treatment Center (316) 330-7126 heath@cherrycreektreatmentcenter.com
Effective March 18, 2025
