Privacy Policy

PromiseShip respects the rights and dignity of the children and families it serves. PromiseShip is committed to complying with all Federal and State laws regarding the protection of all personal information. PromiseShip complies with Federal Law as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PromiseShip agrees to protect an individual’s personal health information and has a number of administrative, physical and technical safeguards in place to protect all electronic medical records containing child and family personal information. PromiseShip does comply with HIPAA and all associated laws that protect client/patient safety and all electronic records from misuse.

PromiseShip treats and secures the health records and other private information of clients and employees with the maximum security reasonably possible. All personal health information is safeguarded according to applicable legal protections including HIPAA regulations as described in the comprehensive PromiseShip Information Technology Policy # 6050. All files and health records are kept at a minimum under single lock during office hours and double lock when the office is closed.

PromiseShip will comply in disclosing health information when it is required by law in regard to all state mandatory reporting requirements for child abuse or neglect and adult abuse or neglect. In addition, documents obtained from other agencies or individuals may not be released to anyone outside of PromiseShip except as permitted by law.

Parents/Legal Guardians are given written materials describing their rights and responsibilities, this includes information regarding their rights to health information as described in the “Rights and Responsibilities” documents at the first Family Team Meeting, but in no event later than ten (10) days after the family is assigned to the PromiseShip.

All employees must attend a mandatory Health Insurance Portability and Accountability Act (HIPAA) Training as part of a comprehensive new employee orientation and upon completion of the training must sign an acknowledgement of their responsibility to maintain confidentiality of the records of the clients they serve (Refer to PromiseShip Employee Orientation Acknowledgement Form). Human resources policies and procedures are in place with detailed actions to be taken if there is a violation of confidentiality with disciplinary actions and mandatory reporting guidelines. (Refer to PromiseShip Discipline Policy #5125).

PromiseShip electronic and computer resources, including voicemail, e-mail, internet, intranet, and associated hard ware and software systems (and all messages sent or received) are PromiseShip property. Employees must ensure that such resources and systems do not negatively impact the security of confidential or protected health information. In addition, access to such resources and systems are primarily for business-related activities.

Under no circumstances may confidential or protected health information be shared by employees, volunteers, interns, or contracted professionals with individuals within or outside of PromiseShip, including other employees, volunteers, interns, contracted professionals, family, or associates who do not have a “need to know” such information.

Employees, volunteers, interns, or contract professionals without professional involvement in PromiseShip client or organizational issues, who become aware of confidential or protected health information, must take reasonable steps to protect such information.

Employees may not release information about PromiseShip or its activities to individuals outside of PromiseShip or the media unless prior written authorization is given by the Executive Director or designee who will obtain permission from the Nebraska Department of Health and Human Services, Division of Children and Family Services.

PromiseShip clients’ confidential or protected health information may not be identified or referred to in speeches, interviews, or written articles.

Policy Name/Number: Privacy/HIPAA/Policy Number 4475
Domain: Administration and Management
Policy Location:
Date of Adoption: October 8, 2009
Effective Date: October 8, 2009
Date(s) of Revision: January 25, 2012
References: Council on Accreditation: CR .01-1.09; Child Welfare Information Gateway; American Academy of Pediatrics: Child Abuse, Confidentiality, and the Health Insurance Portability and
Accountability Act (HIPAA) Vol 125 no1 January 1, 2010; Boys Town “ Notice of Privacy Practices” Policy 10- 2010; National District Attorney Association ( National Center for Prosecution of Child Abuse); Health Information Privacy ( Summary of the HIPAA Privacy Rules); PromiseShip Information Technology Security Policy #6050.
DHHS References: Title II( Section 160.203(c);
Legal References: Public Law 104-191, 45 CFR Parts 160,162,& 164 amended by the Health Information Technology for Economic and Clinical Health Act (HITECH Act), Title XII of Division A, and Public Law 111-5 Title IV of Division B of the American Recovery Reinvestment Act (ARRA) 2009; Patient Safety and Quality Improvement Act of 2005 (PSQIA); PL 93-247 the Child Abuse Prevention and Treatment Act; Nebraska Child Abuse and Neglect Act 28-70 Sections 28-710 to 28-727.