Genesis Shelter, Inc. HMIS
Personal Protected Information Policy

  

Client Privacy Policy | Donor Privacy Policy

Client Privacy Policy

I. Confidentiality
A. The Agency will uphold relevant Federal and State confidentiality regulations and laws that protect client records, and the Agency will only release confidential client records with written consent by the client, or  the client’s guardian, unless otherwise provided for in the regulations or laws. A client is anyone who receives services from the Agency and a guardian is one legally in charge of the affairs of a minor or of a person deemed incompetent .  

  1. The Agency will abide specifically by Federal confidentiality regulations as contained in the Code of Federal Regulations, 42 CFR Part 2, regarding disclosure of alcohol and/or drug abuse records. In general terms, the Federal regulation prohibits the disclosure of alcohol and/or drug abuse records unless disclosure is expressly permitted by written consent of the person to whom it pertains or as otherwise permitted by 42 CFR Part 2. A general authorization for the release of medical or other information is not sufficient for this purpose. The Agency understands that Federal rules restrict any use of the information to criminally investigate or prosecute any alcohol or drug abuse patients .
  2. The Agency will abide specifically with the Health Insurance Portability and Accountability Act of 1996 and corresponding regulations passed by the U.S. Department of Health and Human Services. In general, the regulations provide consumers with new rights to control the release of medical information, including advance consent for most disclosures of health information, the right to see a copy of health records, the right to request a correction to health records, the right to obtain documentation of disclosures of information may be used or disclosed. The current regulation provides protection for paper, oral, and electronic information .   
  3. The Agency will abide specifically by Georgia State law, which in general terms requires an individual to be informed that any and all medical records she/he authorizes to be released, whether related to physical or mental health, may include information indicating the presence of a communicable or venereal disease. The Agency is required to inform the individual that these records may include, but are not limited to the inclusion of information on diseases such as hepatitis, syphilis, gonorrhea, tuberculosis, and HIV/AIDS .   
  4. The Agency will abide specifically by Georgia law in that this law prohibits agencies from releasing any information that would identify a person as a client of a mental health facility, unless client consent is granted .    
  5. The Agency will provide a verbal explanation of the Pathways Community Network HMIS (Pathways) and arrange for a qualified interpreter or translator in the event that an individual is not literate in English or has difficulty understanding the consent form(s) .    
  6. The Agency will not solicit or input information from clients into the PATHWAYS unless it is essential to provide services or conduct evaluation or research .   
  7. The Agency will not divulge any confidential information received from the PATHWAYS to any organization or individual without proper written consent by the client unless otherwise permitted by relevant regulations or laws .     
  8. The Agency will ensure that all persons who are issued a User Identification and Password to the PATHWAYS within that particular agency abide by this Partnership Agreement, including the confidentiality rules and regulations. The Agency will ensure that each person granted PATHWAYS access at the Agency receives an PATHWAYS manual. This manual will include information on how to use the PATHWAYS as well as basic steps to ensure confidentiality. The Agency will be responsible for managing any of its own requirements that individual employees comply with PATHWAYS confidentiality practices, such as having employees sign a consent confidentiality practices form. It is understood that those granted Agency Administrator access within each PATHWAYS agency must become a Certified PATHWAYS Agency Administrator through training provided by PATHWAYS .
  9. The Agency understands that the database server-which will contain all client information,  including encrypted identifying client information-is protected by both Genesis Shelter security  systems and that Pathways’ server that stores all information is kept in a secure environment , in a  locked data center.

B. The Agency agrees to maintain appropriate documentation of client consent or guardian-provided consent to participate in the PATHWAYS.

  1. The Agency understands that informed client consent is required before any basic identifying client information is entered into the PATHWAYS for the purposes of interagency sharing of information. Informed client consent will be documented by completion of the standard PATHWAYS client Authorization to Release and Exchange Basic Information for the PATHWAYS form.
  2. The Client Authorization form mentioned above, once completed, authorizes basic identifying client data to be entered into the PATHWAYS , as well as non-confidential service transaction information. This authorization form permits basic client identifying information to be shared among all PATHWAYS Member Agencies and non confidential service transactions with select PATHWAYS Member Agencies based on relevance.
  3. If a client denies authorization to share basic identifying information and non-confidential service data via the PATHWAYS , identifying information shall only be entered into the PATHWAYS if the client information is locked and made accessible only to the entering agency program, therefore, precluding the ability to share information. In this case, the PATHWAYS will not be used as a resource for that individual client and her/his dependents. The Agency also has the right to refuse the provision of services if the client denies authorization.
  4. The Agency will incorporate an PATHWAYS Clause into existing Agency Authorization for Release of Information form(s) if the Agency intends to input and share confidential client data with the PATHWAYS . The Agency’s modified Authorization for Release of Information form(s) will be used when offering a client the opportunity to input and share service information. The Agency will communicate to the client what information, beyond basic identifying data and non- confidential services will be shared if client consent is given. The Agency will communicate to the client that while the Agency can restrict information to be shared with select agencies, those other agencies will have access to the information and are expected to use the information professionally and to adhere to the terms of the PATHWAYS Partnership Agreement. Agencies with whom information so shared are each responsible for obtaining appropriate consent before allowing further sharing of client records. The PATHWAYS will conduct periodic audits to enforce informed consent standards, but the primary oversight of this function is between agencies.
  5. If a client denies authorization to have information beyond basic identifying data and beyond non- confidential service transactions both entered and shared among the PATHWAYS , then this record must be locked and made available only to the entering agency program, therefore, precluding the ability to share information. If either this choices is not selected, the PATHWAYS will not be used as a resource for information beyond basic identifying data and beyond non- confidential service transactions for that individual client and her/his dependents.
  6. The Agency agrees to place all Client Authorization for Release of Information forms related to the PATHWAYS in a file to be located at the Agency’s business address and that such forms are made available to the Corporation for periodic audits. The Agency will retain these PATHWAYS related Authorization for Release of Information forms for a period of 5 years, after which time the forms will be discarded in a manner that ensures client confidentiality is not compromised.
  7. The Agency understands that in order to update, edit, or print a client’s record, the Agency must have on file a current authorization from the client as evidenced by a completed standard PATHWAYS Authorization to Release form pertaining to basic identifying data, and/or a modified Agency form with a PATHWAYS clause pertaining to confidential information.
  8. The Agency understands the Corporation does not require or imply that service be contingent upon a client’s participation in the PATHWAYS

Participation in data collection, although optional, is a critical component of the community's ability to provide the most effective services and housing possible. Please understand that access to shelter and housing services is available without participation in data collection. The Agency will provide referrals to other housing and shelter services if the client chooses not to participate our Pathways data collection process. The information gathered and prepared by the Agency will be included in a HMIS database of collaborating agencies (list available), and only to collaborating agencies, who have entered into an HMIS Agency Participation Agreement and shall be used to:
 a) Produce a client profile at intake that will be shared by collaborating agencies
 b) Produce anonymous, aggregate-level reports regarding use of services
 c) Track individual program-level outcomes
 d) Identify unfilled service needs and plan for the provision of new services
 e) Allocate resources among agencies engaged in the provision of services
 f) Provide individual case management                                               

Information Collected   

  1. Identifying information (Name, birth date, social security number)
  2. Demographic information (gender, race, residential information, family composition)
  3. Letter to number code conversion for name and Date of Birth, Demographic information (gender, race, residential information, family composition)
  4. Medical records (except HIV/AIDS and alcohol and drug treatment), Psychological records and evaluations, vocational assessment, care coordinators recommendations and direct observations, employment status, etc
  5. Financial information (income verification, public assistance payments, food stamps)
  6. HIV/AIDS diagnosis
  7. Substance abuse diagnoses, treatment plan, progress in treatment, discharge.


This release can be revoked by the client at any time. The revocation must be signed and dated by the client. This consent is subject to revocation at any time, except to the extent that the Agency has already taken action in reliance on it. If not previously revoked, this consent terminates automatically 1 year after clients last treatment or discharge from the agency where the client was seeking services. These records are protected by federal, state, and local regulations governing confidentiality of client records and cannot be disclosed without client’s written consent unless otherwise provided for in the regulations.

Participation in data collection is optional, and clients are able to access shelter and housing services if they choose not to participate in data collection.

back to top   Client Privacy Policy | Donor Privacy Policy



Donor Privacy Policy
 
What Personally Identifiable Information of Yours is Collected? 
 
This means information that tells us something about who you are, such as your name, phone number, email address, mailing address, or even credit card number (if you use a credit card to make a donation). 
 
Genesis only collects information after you initiate a donation to our program.  When making a donation, we collect your name, phone number, email address, mailing address, and credit card number to process the transaction.  Afterward, this information is used to add you to future mailings from Genesis Shelter.
 
What Choices Are Available to You Regarding Collection, Use, and Distribution of Your Information? 
 
Now, or at any time in the future, you can correct or update information about you, and you can tell us not to send you any messages or solicitations at all. 
 
How You Can Access, Update, or Delete Your Information 
 
Please contact our Office Manager to obtain, change, update or delete our records of your personal information.  You can contact the Office Manager at 404-522-6056 or by emailing genesisshelter@bellsouth.net.   
 
What Kind of Security Procedures Are In Place to Protect Against the Loss, Misuse, or Alteration of Your Information? 
 
We store your personally identifiable information on secure systems. We also use other "anti-hacking" security measures and accept credit card donations only via a secure server. 
  
**Genesis Shelter, Inc. is a 501 (c) 3 tax-exempt organization and does not share or sell any donor or client information with outside agencies or firms. **