top of page

Confidentiality of Information


  • DON Services, Inc. HHA shall maintain an individual’s right to privacy and confidentiality of information.

  • Information known or contained in the patient’s medical record (known as protected health information) shall be treated as confidential and shall be released in appropriate circumstances only with the written consent of the patient or legal guardian.

  • Information concerning patients, visitors and staff shall be managed with the highest degree of appropriateness and confidentiality, pursuant to organizationwide policies and procedures.

  • Patient-identifiable OASIS information shall not be released to the public.



  • All persons employed at DON Services, Inc. HHA having access to information concerning patients, such as volunteers, HHA staff members and physicians must hold all information in strict confidence, and shall abide by the Health Insurance Portability and Accountability Act (HIPAA) regulations.

  • Confidentiality of the patient record shall be maintained at all times by keeping the record closed when not in use. If an electronic health record is used, ensure that no other individual can read the screen and log-off the computer when not in use.

  • Information concerning patients which may be considered ordinary facts and necessary for planning of specific care and services, shall be handled with professional discretion and on a “need to know” basis.

  • Information regarding physicians, staff members or volunteers shall be relayed to others as appropriate to the related job function or task and/or to facilitate patient care and services only. Information regarding physicians, staff members or volunteers shall be kept on a professional level, and only discussed in relationship to the individual’s purpose and function within the institution.

  • When receiving inquiries regarding a patient’s condition by family members, friends and visitors, the following must be observed:

    • The individual requesting information must provide evidence of his/her identity, upon which time if the patient is able to consent, verbal consent shall be obtained from the patient and documented in the medical record.

      • The information verbally provided by staff shall consist only of brief description on the patient’s current condition in terms of “stable”, “improving”, etc. The clinical healthcare provider must use their judgment in providing additional information and prudence is required.

    • If the patient is unable to provide verbal consent due to physical or mental incapacitation and there is an assigned surrogate decision maker for the patient, consent for release of verbal information shall be obtained from the surrogate and documented in the medical record.

    • If the patient is unable to provide verbal consent due to physical or mental incapacitation and there is no assigned surrogate decision maker, verbal information, as outlined in this policy, may be provided to the following individuals:

      • Husband/wife

      • Adult children

      • Children (as appropriate to age)

      • Siblings

      • Legal next of kin

      • Caregiver/guardian

  • Any other individuals requesting information regarding the patient must receive authorization from the patient’s physician.

  • Requests for patient information shall be directed to Medical Records. Disposition of such requests will be in accordance with the HHA’s established policy and procedure for Release of Information and pursuant to the HIPAA regulations.

    • As required by state and federal law, information pertaining to victims of abuse/ violence/sexual assault shall be released to regulatory agencies.

    • As appropriate to state and federal law, any patient information requested by state and/or federal agencies shall be released accordingly.

  • Advances in technology shall be reviewed as these are made available to the institution, to ensure that the technology maintains and protects privacy and confidentiality of personal health information.

  • Personal opinions as to the competence of HHA staff members or any staff members, are not to be expressed in a public environment and shall always be addressed to the staff member’s supervisor or HHA Administrator for resolution.

  • At no time shall physicians, staff members, volunteers or others associated with DON Services, Inc. HHA engage in discussions of a personal nature which are unrelated to the organization’s mission, vision, values and goals (i.e., gossip).

  • At no time shall staff members, volunteers, or others associated with DON Services, Inc. HHA, who have access to confidential patient or HHA information, speak with the news media, or others outside the HHA, without prior approval from HHA administration.  All encounters with the news media shall be directed to administration.

  • All staff shall be educated and trained about the requirements for information privacy and confidentiality appropriate for each level of employee to carry out his/her healthcare function within the HHA. Education and training shall include orientation, initial education and any ongoing education and training necessary related to changes with this organization’s information confidentiality and privacy practices.

  • Enforcement of the principles of this policy shall be monitored through the combined efforts of the HHA Administrator and the Risk Management Department. Monthly monitoring of violations of this policy shall be conducted with quarterly reports submitted to the Performance Improvement Committee and Board of Directors.

  • Outcomes from monitoring activities shall be analyzed to determine if improvements can be made in privacy and confidentiality practices.


Department of Health and Human Services (DHHS), OCR Privacy Brief, Summary of the HIPAA Privacy Rule, last revised 05/03,

bottom of page