/Institutions/Cumberland-University/json/Current-Catalog/University-Policy-local.json

/Institutions/Cumberland-University/json/Current-Catalog/University-Policy.json

Policy > Athletic Training Handbook > Academics > AT Program Policies and Procedures > Confidentiality and Security

Confidentiality and Security

HIPAA The Health Insurance Portability and Accountability Act regulates coaches, athletic trainers, physicians, or any other member of the sports medicine team who has private health information (PHI) about an athlete can share that information with others. The regulation guarantees that athletes have access to their medical records, gives them more control over how their protected health information is used and disclosed, and provides a clear avenue of recourse if their medical privacy is compromised. Authorization by an athlete to release medical information is not necessary on a per-injury basis. A written blanket authorization signed by the athlete at the beginning of the year will suffice for all injuries and treatments done during the course or participation for that year. These one-time, blanket authorizations must indicate what information may be released, to whom, and for what length of time. The information that HIPAA serves to safeguard is any information regarding the health of the patient and/or information that can be used to identify the patient/athlete. Healthcare of an Athlete: ● A mental or physical condition ● Treatment for a mental or physical condition ● Payment for treatment or, ● Information that can be tied back to the individual’s PHI Healthcare Provider must: ● Recognize when he/she is dealing with protected health information ● Be aware of his/her surrounding when discussing PHI ● Learn to understand and uphold the rights of the patient ● Know the identity that is requesting PHI and understand the policies regarding the release or denial of those requests HIPAA is a comprehensive law addressing the many components of the business of healthcare. Within this law the patient has the following rights: ● Be informed of organizations' privacy practices. Organizations must gather an outline of their policy in a document called the NOTICE of Privacy Practices (NPP). The patients must receive a copy of this document and there must be a written record of the patients receiving this document. ● Have their information kept confidential and secure. The organization must make reasonable efforts to secure the patient’s records from unauthorized individuals. ● Get a copy of their record. Patients can ask for, and receive, a copy of their health record. This request should be in writing and the organization has the right to charge a reasonable fee, and in some instances, refuse this request. ● Ask to amend their record. ● Ask for special consideration in communication. Patients can request, for example, that they not be called at home or be sent appointment reminders. ● Restrict access to their record. See Addendum I - J for Confidentiality and Privacy Agreement