Website and Computer Privacy
Cielo Treatment Center LLC utilizes Wix as their website design host. Wix gathers Information from visitors such as IP address, browser type, referring page, location of visit, and time of visit. Cookies may be used to remember visitor preferences when interacting with the website. Where registration is required, the visitor's email and a username will be stored on the server.
Should you fill out the “Contact Us” portion of the webpage, your contact information will be stored in our Wix account as well as sent to a secure business email account, and we will contact you regarding treatment services for substance use disorder or mental health only. You will not be solicited to buy or engage in any other service by Cielo Treatment Center LLC or any affiliates.
If you no longer wish to engage in communications, either through phone or email, please email email@example.com or fill out the contact us form requesting that we cease contact and we will remove your contact information and cease to contact you in any way, shape, or form.
Cielo Treatment Center
Compliance with HIPPA and Confidentiality Policy and Procedure
Confidentiality and compliance with HIPAA, Federal Confidentiality Regulations (42 CFR, Part 2), and State confidentiality regulations as specified in ORS 179.505 and 192.518 through 192.530.
Policy: All Cielo Treatment Center staff have a responsibility to recognize the special relationship of trust between the company and the patients/clients and must safeguard all medical information and/or personal information about those we serve. Cielo Treatment Center staff may use or disclose Protected Health Information (PHI) only as necessary in the delivery of patient/client care, as required by law, and for authorized administrative purposes. Protected Health Information may also be disclosed if authorized by the patient/client in writing through a legal document known as a release of information (to be kept electronically in patient chart).
Staff may not gain access to information concerning patients/clients, including medical, alcohol and drug treatment, mental health treatment, financial, and any other enrollment information, except for legitimate clinical and business purposes. Any uncertainty about what constitutes such purposes should be discussed with the Clinical Director or Executive Director.
Protected Health Information must never be discussed in public areas.
Protected Health Information may not be released to anyone without the written consent of the patient/client or when required by law. The only exception is that clinical staff may release clinical information, including medical records, when appropriate to facilitate the care of patients/clients with other staff.
Protected Health Information may only be disposed of by means that assures that it will not be accidentally released to an outside party. The Executive Director must ensure that appropriate means of disposal are reasonably available such a shredding service and locked shredding box on site in clinical area.
Violation of this policy will be grounds for disciplinary action, up to and possibly including termination of employment.
HIPPA and PHI
Minimum Necessary Uses, Disclosures and Requests
Policy: When using or disclosing individually identifiable health information Cielo Treatment Center will make reasonable efforts to limit Protected Health Information (PHI) to the minimum necessary to accomplish the intended purpose of the use, disclosure or request.
(1) Certain types of uses, disclosures and requests of individually identifiable information are not subject to the minimum necessary requirements, and therefore not subject to Cielo Treatment Center’s policy and procedure regarding minimum necessary.
(2) Requests by or disclosures to health care practitioners for treatment purposes are not subject to the requirements of the minimum necessary standard. The minimum necessary standard also does not apply to disclosures that are required by law, disclosures to the patient who is the subject of the information, or disclosures based on the patient’s/client’s written authorization.
(3) Cielo Treatment Center is not required to apply the minimum necessary standard to the required or situational data elements specified in the implementation guides for HIPAA administrative simplification standard electronic transactions in the Transactions Rule. (The minimum necessary standard does apply for uses or disclosures in standard transactions that are made at Cielo Treatment Center’s option.) All other uses, disclosures, and requests of individually identifiable information must meet the minimum necessary standards.
Uses of PHI:
Cielo Treatment Center will limit access levels of employees and it will be based on Cielo Treatment Center’s reasonable determination of each position’s need for PHI access and the nature and extent of the health information required to successfully complete the duties of the position. The limited access will be reviewed on an annual basis to ensure that all current positions are identified and an appropriate level of access is assigned. Should a person ever be hired who was previously a client at Cielo Treatment Center, the electronic chart will be restricted to only be viewed by Executive Director and Director of Outreach and Admissions.
Disclosures of PHI:
Routine Disclosures. Cielo Treatment Center does not routinely disclose PHI for purposes other than treatment, payment, and health care operations.
Non-Routine Disclosures. Cielo Treatment Center has developed a criteria designed to limit disclosures of PHI to only the minimum amount necessary to accomplish the purpose of the disclosure, and will apply the criteria to each non-routine disclosure of PHI.
Disclosures to and authorizations from patient/client:
Cielo Treatment Center is not required to limit to the minimum necessary the disclosures of PHI to a Cielo Treatment Center patient/client who is the subject of the PHI. In addition, disclosures authorized by a Cielo Treatment Center patient/client (pursuant to a valid authorization) are exempt from the minimum necessary requirements.
Authorizations meeting the validity requirements received directly from third parties, such as life, disability, or casualty insurers, that direct Cielo Treatment Center to release PHI to them are not subject to the minimum necessary standards.
Cielo Treatment Center request for PHI:
Routine Requests: Cielo Treatment Center does not routinely request PHI from other health care practitioners or health plans for purposes other than treatment, payment, and health care operations.
Non-routine requests. Cielo Treatment Center will develop criteria designed to limit requests of PHI to only the minimum amount necessary to accomplish the purpose of the request, and will apply the criteria to each non-routine request of PHI.
HIPPA Policy and Procedures
Use of Disclosure of Health Information Pursuant to Authorization or Valid Written
Policy: To establish a policy and procedure for disclosing Protected Health Information (PHI) pursuant to the patient’s/client’s authorization or a valid written request in accordance with the Privacy Act of 1974, 5 USC 522a; HIPAA, 45 CFR Part 164; Confidentiality of Alcohol and Drug Abuse Patient Records, 42 CFR Part 2; Confidentiality of Mental Health Records, 42 CFR Part 5, ORS 179.505, and ORS 192.505; and the Freedom of Information Act, 5 USC 552.
It is the Cielo Treatment Center policy that a patient/client must complete and sign the Authorization for Release of Confidential Information form (attached) prior to disclosing any health information for any purpose. If the patient/client submits a valid written request for information, this will be honored as well. Authorization for use and disclosure of PHI is not required to be completed for disclosures for which authorization is not required.
Procedure: The following procedures will be used when patients/clients authorize disclosures of PHI and will govern how disclosure of PHI will be accomplished for valid authorizations or written requests received by Cielo Treatment Center. Strict adherence to the following procedures is required.
Only authorizations with original signatures or a statement indicating that a photo static copy shall be considered as effective and valid as the original will be processed by the Cielo Treatment Center Executive Director.
An individual may authorize the release of PHI by completing and signing the Authorization for Release of Confidential Information form.
Blanket authorizations with no specified individual or organization or which indicate a time period of longer than one year will not be honored.
Authorizations will terminate one year from the date of signature unless the patient/client specifies a different expiration date of less than one year.
A written request received by mail on something other than the Authorization for Release of Confidential Information form must identify the individual and contain a description of the information desired. The request must contain the name and address of the requester, date of birth, signature for comparison purposes, and the date.
If the authorization or written request does not contain sufficient information that identifies the patient/client or a description of the information requested, the individual will be notified that additional specific information is required in order to process the request.
Any additional information received will be documented, dated, and initialed on the original request.
Verification of the individual requesting disclosure must be performed by presenting in person with identification.
If a guardian or health care representative of the individual signs the authorization, a description of such representative authorized to act for the individual should be documented. Legal documents must be filed in the patient’s/client’s record.
When a request for disclosure of PHI is incomplete or unclear, Cielo Treatment Center staff may contact the requestor for additional information prior to disclosing any information. Additional information received should be documented, dated, and initialed by the staff on the original authorization form or the written request.
Information disclosed may be subject to re-disclosure by the recipient and no longer protected. The information disclosed must be accompanied by the following statement:
“This information has been disclosed to you from records whose confidentiality is protected by Federal law. Federal regulations (45 CFR Part 2) prohibits you from making any further disclosure of it without the specific written consent of the person to whom it pertains, or as otherwise permitted by such regulations. A general authorization for the release of medical or other information is NOT sufficient for this purpose.”
(12) Information disclosed by a designated alcohol/substance abuse facility must be
accompanied by the following statement:
“This information has been disclosed to you from records protected by Federal confidentiality regulations (42CFR Part 2). Federal regulations prohibit you from making any further disclosure of it without the specific written consent of the person to whom it pertains, or as otherwise permitted by 45 CFR Part 2. A general authorization for the release of medical or other information is NOT sufficient for this purpose. Federal rules restrict any use of the information to criminally investigate or prosecute any alcohol or drug abuse patients.”
(13) A copy of the signed authorization must be provided to the individual and the original signed authorization or valid written request must be filed in the patient’s/client’s record.
Confidentiality 42 CFR Part 2, and 45 CFR §164
Policy: The Cielo Treatment Center Outpatient Treatment Program complies with all state and federal regulations, 42 CFR Part 2, and 45 CFR §164 regarding client confidentiality. All new staff and volunteers will participate in New Employee Orientation, which includes training on confidentiality.
At the time of intake, and throughout treatment, clients are assured that only those agencies or individuals authorized by the client in writing are allowed access to information about the client and his/her involvement in treatment. This includes immediate family members. All clients will be informed of the confidentiality regulations and the exceptions to these regulations at the time of intake into the program.
During the course of treatment, clients will be provided space for counseling which affords them privacy. When a staff person is engaged in a telephone conversation with a client, they will do so in an area that protects the confidentiality of the client.
Release of Information
When a client has designated an individual or agency to receive information regarding the client’s treatment, the consent must be in writing, utilizing an approved release of information form. Written releases must be kept in the client file. The release must include client name, person to whom the information is to be released, purpose and need for disclosure, type of information to be disclosed, expiration date, client signature, date and staff witness signature. Clients may revoke the authorization at any time by submitting the request in writing to any Cielo Treatment Center staff person. Cielo Treatment Center will honor the revocation to the extent that actions have been taken.
All client records will be stored either electronically in an EMR (password protected) or in a locked file cabinet in a secure area. All files will be stored in the designated, locked cabinets at the end of each day. File documents will be kept fastened to the file folder. Staff will access client confidential information only as it relates to their specific job duties, and on a need-to-know-basis.
Computer records, which contain confidential information, will be safeguarded in secure files, all computer workstations will have screen savers with passwords, and staff will not leave client information on the screen unattended. Computers will be shut down at the end of the workday.
Documents, which contain confidential client information but do not need to be kept in the client record, will be shredded. No confidential information will be put in the recycling bin or in the garbage.
Desktops will be kept free of confidential information when not in use. All confidential information will be kept in the client record and stored in the designated file cabinet at the end of the workday.
Telephone requests for confidential information will be responded to promptly and courteously. Information needed to determine if the information can be released, is the caller’s name and affiliated agency, if any. If it is determined that there is not a written Release of Information in the client record, information will not be disclosed. If the caller is persistent, he/she will be referred to the Clinical Director or Executive Director. All calls must be answered with “I can neither confirm nor deny if that client attends treatment here,” should a release not be on file or should employee answering the phone be unsure of release status.
Court Appearances and Subpoenas
In the event that a client requests that a counselor appear on his/her behalf in court, the counselor will do so only with a written Release of Information allowing for court testimony. If a court subpoenas client records, all subpoenas are to be immediately routed to the Cielo Treatment Center Executive Director. Only after direction from the Executive Director will staff appear in court following a subpoena. (See HIPAA)
Exceptions to Confidentiality – 42 CFR part 2
Policy: Disclosures without a Clients consent are to be done under the following circumstances only.
Notifications to medical personnel in a medical emergency: A Part 2 program can make disclosures to medical personnel if there is a determination that a medical emergency exists, i.e., there is a situation that poses an immediate threat to the health of any individual and requires immediate medical intervention [42 CFR §2.51(a)]. Information disclosed to the medical personnel who are treating such a medical emergency may be re-disclosed by such personnel for treatment purposes as needed. For additional information regarding disclosures during a medical emergency, see FAQs Numbered 7, 8, and 9 below.
Notifications to law enforcement: Law enforcement agencies can be notified if an immediate threat to the health or safety of an individual exists due to a crime on program premises or against program personnel. A Part 2 program is permitted to report the crime or attempted crime to a law enforcement agency or to seek its assistance [42 CFR §2.12(c)(5)]. Part 2 permits a program to disclose information regarding the circumstances of such incident, including the suspect’s name, address, last known whereabouts, and status as a patient in the program.
Immediate threats to health or safety that do not involve medical emergencies or crimes on programs premises or against program personnel: Part 2 programs and health care providers and HIOs who have received Part 2 patient information, can make reports to law enforcement about an immediate threat to the health or safety of an individual or the public if patient-identifying information is not disclosed. Immediate threats to health or safety that do not involve a medical emergency or crimes (e.g., a fire) are not addressed in the regulations. Programs should evaluate those circumstances individually.
Reports of child abuse and neglect: The restrictions on disclosure do not apply to the reporting under State law of incidents of suspected child abuse and neglect to the appropriate State or local authorities. However, Part 2 restrictions continue to apply to the original alcohol or drug abuse patient records maintained by the program including their disclosure and use for civil or criminal proceedings which may arise out of the report of suspected child abuse and neglect [42 CFR § 2.12(c)(6)]. Also, a court order under Part 2 may authorize disclosure of confidential communications made by a patient to a program in the course of diagnosis, treatment, or referral for treatment if, among other reasons, the disclosure is necessary to protect against an existing threat of life or of serious bodily injury, including circumstances which constitute suspected child abuse and neglect [42 CFR § 2.63(a)(1)].
Court ordered disclosures: Under the regulations, Part 2 programs or “any person having a legally recognized interest in the disclosure which is sought” may apply to a court for an order authorizing disclosure of protected patient information [42 CFR § 2.64]. Thus, if there is an existing threat to life or serious bodily injury, a Part 2 program or “any person having a legally recognized interest in the disclosure which is sought” can apply for a court order to disclose information.
Research: Researchers who receive patient identifying information are prohibited from re-disclosing the patient-identifying information to anyone except back to the program [42 CFR § 2.52(b)].
Audits and Evaluations: Part 2 permits disclosures to persons and organizations authorized to conduct audits and evaluation activities, but imposes limitations by requiring any person or organization conducting the audit or evaluation to agree in writing that it will re-disclose patient identifying information only (1) back to the program, or (2) pursuant to a court order to investigate or prosecute the program (not a patient), or (3) to a government agency that is overseeing a Medicare or Medicaid audit or evaluation [42 CFR § 2.53(c)(d)].
Qualified Service Organization Agreements (QSOAs): Part 2 requires the QSO to agree in writing that in receiving, storing, processing, or otherwise dealing with any information from the program about patients, it is fully bound by Part 2, it will resist, in judicial proceedings if necessary, any efforts to obtain access to information pertaining to patients except as permitted by Part 2, and will use appropriate safeguards to prevent the unauthorized use or disclosure of the protected information [42 CFR § 2.11]. In addition, QSOAs may allow disclosure in certain circumstances.
Authorizing Court Orders: When information is disclosed pursuant to an authorizing court order, Part 2 requires that steps be taken to protect patient confidentiality. In a civil case, Part 2 requires that the court order authorizing a disclosure include measures necessary to limit disclosure for the patient’s protection, which could include sealing from public scrutiny the record of any proceeding for which disclosure of a patient’s record has been ordered [42 CFR § 2.64(e)(3)]. In a criminal case, such order must limit disclosure to those law enforcement and prosecutorial officials who are responsible for or are conducting the investigation or prosecution and must limit their use of the record to cases involving extremely serious crimes or suspected crimes.