Menu
Regulation Number: CSL-RGB-001. Patient Privacy and Confidentiality.
001.1 Confidentiality Agreement:
- Certificants and licensees shall sign a confidentiality agreement upon certification or licensure, acknowledging their commitment to protecting patient privacy and confidential information.
001.2. Protected Health Information (PHI):
- Certificants and licensees shall handle all patient-related information, including but not limited to medical records, treatment notes, and personal details, with the utmost care and in compliance with applicable laws (e.g., Health Insurance Portability and Accountability Act, or HIPAA).
001.3. Limited Access:
- Certificants and licensees shall restrict access to patient information to only those individuals directly involved in the patient’s care or authorized for legitimate purposes, ensuring that unauthorized personnel do not have access to patient records.
001.4. Secure Storage:
- Certificants and licensees shall securely store all physical and digital patient records, ensuring protection against theft, loss, or unauthorized access. Data must be retained for 5yrs post treatment.
001.5. Information Sharing:
- Certificants and licensees shall only share patient information with other healthcare providers or entities as required for patient care, treatment coordination, or as permitted by law, and with proper patient consent.
001.6. Informed Consent:
- Certificants and licensees shall obtain informed consent from patients before disclosing any patient-related information, explaining the purpose and scope of the disclosure.
001.7. Electronic Data Security:
- Certificants and licensees shall implement and maintain secure electronic systems and protocols to protect patient information from data breaches or cyberattacks.
001.8. De-Identification and Anonymization:
- Certificants and licensees shall de-identify or anonymize patient information when possible, removing any personally identifiable information before use in research or educational activities.
001.9. Reporting Breaches:
- Certificants and licensees shall promptly report any actual or suspected breaches of patient privacy or confidentiality to CSL Therapy and, when required by law, to the appropriate authorities and affected individuals.
001.10. Education and Training:
- Certificants and licensees shall undergo periodic training and education on patient privacy and confidentiality to stay updated with evolving laws and best practices.
001.11. Record Retention:
- Certificants and licensees shall maintain patient records for the required duration (5 years) as mandated by organization requirements, applicable laws, and regulations while ensuring secure disposal of records when they are no longer needed.
001.12. Non-Disclosure:
- Certificants and licensees shall not disclose or discuss patient information outside of necessary professional communication, ensuring that discussions do not compromise patient privacy or confidentiality.
Failure to comply with this Patient Privacy/Confidentiality & Public safety regulation may result in disciplinary actions by CSL Therapy, including but not limited to certification or licensure suspension or revocation, dismissal fines, and incarceration in accordance with CSL Therapy’s disciplinary policies and procedures.
This regulation shall be effective as of [September 18, 2023] and shall remain in effect until revised or updated by CSL Therapy.
