4.3 Confidentiality of Participant or Employee Information

To protect the integrity and dignity of each participant, staff members must maintain confidentiality with respect to participant or employee information, when applicable, as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The provider must have policy and procedures in place that facilitate access to confidential records.

The provider must develop and maintain a recordkeeping system that includes a separate record for each participant, and must keep confidential all information contained in the participants' records, regardless of the form or storage method of the records.

The provider must develop and use physical safeguards for confidential records and ensure that the records are available to authorized staff members only. Participant case records must be locked in a location where maximum protection against fire, water damage, and other hazards is in place.