| I. PURPOSE
| | To establish Los Angeles County Department of Mental Health (DMH) policy on disclosures of Protected Health Information (PHI) by whistleblowers and DMH workforce member crime victims.
| | II. DEFINITIONS
| Authorization: An individual’s permission to use or disclose PHI for purposes that do not fall within the definitions of treatment, payment, or health care operations activities.
Business Associate: An individual or covered entity, other than a DMH workforce member, who performs functions, activities, or services involved in the use and disclosure of PHI on behalf of DMH.
Protected Health Information (PHI): Individually identifiable health information held or transmitted by DMH or its business associate(s) in any form or medium, whether electronic, paper, or oral, relating to the past, present, or future physical or mental health condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. The information identifies the individual or, with respect to which there is a reasonable basis to believe, can be used to identify the individual. Whistleblower Disclosure: A disclosure of PHI by a DMH workforce member or business associate that meets the following requirements: - The DMHworkforce member or business associate believes in good faith that DMH engaged in unlawful conduct; otherwise violated professional or clinical standards; or the care provided by DMH may potentially endanger clients, other workforce members, or the public; and
- The disclosure is to an agency responsible for overseeing health care programs, an authorized representative of a public health authority, an authorized representative of a health care accreditation organization, or an attorney.
DMH Workforce Members: A workforce member directly employed by DMH, such as employees and any individual who is processed through DMH Human Resources.
| | III. POLICY
| | Whistleblower Disclosures -
DMH workforce members and business associates are permitted to make whistleblower disclosures without authorization.
-
DMH workforce members and business associates shall not be subject to sanctions by DMH for making whistleblower disclosures.
-
DMH shall not take any intimidating or retaliatory acts against DMH workforce members and business associates who make whistleblower disclosures.
-
If a DMH workforce member or business associate makes a whistleblower disclosure, DMH shall not be considered to have violated Health Insurance Portability and Accountability Act (HIPAA). Crime Victim Disclosures -
DMH workforce members are permitted to make disclosures of PHI to law enforcement officials if they are the victim of a crime and the PHI to be disclosed is about the suspect who allegedly committed the crime.
-
DMH workforce members disclosing PHI as a crime victim shall not be subject to discipline.
-
DMH shall not be considered to have violated HIPAA if a DMH workforce member who is the victim of a crime discloses PHI to law enforcement. Disclosures Not in Compliance with This Policy -
If a DMH workforce member believes that another DMH workforce member or business associate has made a whistleblower disclosure or a disclosure as a crime victim that does not comply with the requirements of this policy, the DMH workforce member shall contact the HIPAA Privacy Officer.
-
The HIPAA Privacy Officer, in consultation with Los Angeles County Counsel and the Departmental Information Security Officer, shall investigate all reports and take steps necessary to mitigate the harmful effects of any violations of this policy or other DMH privacy-related policies. | | IV. PROCEDURES
| | No procedures are associated with this policy.
| | V. AUTHORITY
| | | |
|
