Colorado Medication Assisted Recovery Privacy Policy

This is the website of Colorado Medication Assisted Recovery

We collect the e-mail addresses of those who communicate with us via e-mail, or through information volunteered by the consumer, such as survey information and/or site registrations. The information we collect is used to improve the content of our Web page and services. It is not shared with other organizations for commercial purposes. We do not set any cookies.

If you do not want to receive e-mail from us in the future, please let us know by sending an e-mail.

If you supply us with your postal address on-line you may receive periodic mailings from us with information on new products and services or upcoming events. If you do not wish to receive such mailings, please let us know by calling us. Please provide us with your exact name and address. We will be sure your name is removed from the list.

Persons who supply us with their telephone numbers on-line may receive telephone contact from us with information regarding new products and services or upcoming events. If you do not wish to receive such telephone calls, please let us know by sending us e-mail or calling. Please provide us with your name and phone number.

With respect to Ad Servers: We do not partner with or have special relationships with any ad server companies.

From time to time, we may use customer information for new, unanticipated uses not previously disclosed in our privacy notice. If our information practices change at some time in the future we will post the policy changes to our Web site to notify you of these changes and provide you with the ability to opt out of these new uses. If you are concerned about how your information is used, you should check back at our Web site periodically. Customers may prevent their information from being used for purposes other than those for which it was originally collected by calling us at the number provided above.

Upon request we provide site visitors with access to contact information (e.g., name, address, phone number) that we maintain about them. Consumers can access this information by writing to us at the above address. With respect to security: We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you at our site. If you feel that this site is not following its stated information policy, you may contact us at the above addresses or phone number.

Patient Privacy, Regulation, and Rights

Purpose

It is the policy of CMAR to respect the rights of all individuals that are in the care of CMAR. CMAR will inform all patients (or “clients”) of their rights and work to uphold those rights while they are at CMAR.

Procedure

1. Upon intake a client will receive a list of their legal and human rights while they are in the care of CMAR. It shall be explained at this time what these are and how to exercise them. CMAR does not take away any of their civil rights. The client will sign the list acknowledging that they received it and understand it.
2. Upon intake, patients shall be given the opportunity to sign Releases of Information (ROI’s), for stakeholders to stay up to date on various aspects of a patient’s progress. Intake staff will educate new patients on their rights regarding ROI’s, and will ultimately leave the decision to sign any ROI’s (along with what to information each ROI will allow to be shared), to the patient. (Per CFR Part 2, and HIPAA).
3. CMAR orientates all new staff, upon hire, of client’s rights and how we uphold them while they are in our care.
4. CMAR respects the cultural and personal values, beliefs, and preferences of the all clients served, taking investigation and corrective action whenever matters arise calling this respect into question.
5. All visitors that come to CMAR are required to read and sign a “Confidentiality Statement”. They are not to repeat anything they hear or see while they are here including who is a client here.
6. All staff, upon hire will be oriented in CMAR’s Confidentiality Policy. They will be required to read, understand, and sign the policy.
7. Management staff shall receive training, once annually, on cultural sensitivity and harassment. All other staff shall receive this training separately.
8. All clients of CMAR are free to practice any religious belief. The staff at CMAR will accommodate that religious belief.
9. All clients at CMAR will have access to any and all of their personal records at any time subject to clinical appropriateness. All clients are also allowed to change any and all Release of Information (ROI) form at any time.
10. Upon intake, all clients will have the opportunity to read over CMAR’s Emergency Management Plan which covers what the policy is in case of any emergency (i.e.; weather related emergencies, medical emergencies, fire, etc.) The Emergency Management Plan is available at any time to all clients after intake.
11. During the intake process and upon intake, all clients are informed of the rules of CMAR. RI
12. Upon intake, if a client is disoriented or is lacking the capacity to understand their rights, he or she will be informed again when he or she is able to understand.
13. CMAR will provide all clients with a copy of their rights in a manner tailored to his or her language and ability to understand.
14. CMAR will provide interpretation and translation services, as necessary.
15. All clients are involved in making decisions about his or her care, treatment or services. CMAR will encourage all clients to actively participate in the creation of their treatment plan and what goals they want to achieve while they are here.
16. All clients at CMAR have the right to refuse care, treatment, or services. CMAR is a voluntary treatment center and all clients have the right to leave at any time.
17. All clients of CMAR have the right to involve his or her family into their treatment process and are made aware of said right.
18. CMAR will accommodate all clients served if they choose to consult with an outside consultant.
19. CMAR will accommodate all clients served if they choose to request an internal review of his or her treatment plan.
20. CMAR will accommodate all clients to exercise their citizenship privileges, including but not limited to their voting privileges.

Monitoring

1. The list of client rights will be signed by the client and staff during the intake process. This form will be kept in the client’s paper chart. Client paper charts will be audited quarterly by the Clinical Director.
2. A signed receipt of rights including this one will be kept in the employee’s file. All employee files will be audited quarterly by the HR Manager and/or designee to ensure completion.
3. Clinical director will audit charts quarterly to monitor adherence to this policy.
4. All new employees will be trained in this policy during orientation.
5. Documentation of this training will be placed in the employee’s employee file. All employee file’s will be audited quarterly by the HR Manager and/or designee to ensure completeness and accuracy.
6. The Clinical Director will be in charge of supervising all clinical staff.
7. The Medical Director will be in charge of supervising all medical staff.
8. All errors will be documented in an incident report.
9. Incident Reports will be brought to the weekly management meeting for further review and possible action plan.

Documentation Regulations/Medical Records

Purpose

It is the policy of CMAR to ensure that patient care is correctly documented, and securely stored. The below process is used to verify that documentation is being completed correctly.

Procedure

KIPU client file rules:

1. Intake paperwork (including financial), shall be filled out and signed by both patient and staff, within 1 day of admission date
2. Psych intake is to be done within 10 days of admission date and signed by reviewer within 7 days of psychiatrist doing it (this will ensure clients see psych within 10 days of admission)
3. Initial treatment plans are to be signed by staff with 3 days of admission date and reviewed by Clinical Director within 4 days of therapist signing
4. Master Treatment Plan is be signed by patient within 3 days of transferring level of care, therapist to sign within 1 day of patient and clinical director to sign within 7 days of therapist.
5. Urinalyses and BA’s are to be signed by client within 1 day of form being opened and signed by staff present within 1 day of client signing
6. RTU’s are to be signed by therapist within 1 day of form being created and by CD within 7 days of staff signing
7. Intake documentation, medical services, urinalysis, case management, non-attendance (any service), family contact, family therapy, individual therapy, group therapy and discharge summaries, and family session notes: are to be signed within 1 day of the form being opened, and reviewed within 7 days of therapist signing them.
8. Orientation Packet must be signed by staff within 1 day of admission date, and documented in a live “Orientation Checklist” Google Doc (under private access, only accessible to staff, and always kept locked, behind at least two passwords (one to access the computer, another to access the “doc”):
   • If something is red it is overdue
   • If it is yellow it is due tomorrow
   • If it’s white it’s not in violation yet

Accurate, up-to-date individual attendance records:

1. Upon intake, patients shall be educated on the treatment processes and standards, expected at CMAR. This education shall include an explanation of our attendance process.
2. Attendance sheets shall be passed around at the beginning of each group. For all individual services, the patients “note” in KIPU shall also function as a “roster”.
3. At the end of group, the clinician will verify the number of attendees against the roster, making note of each absent patient. Total absences will be reported via email, at the end of the day by the clinical director (who will follow up, make a plan of action, and ultimately resolve any ongoing attendance issues.)
4. When submitting rosters for reimbursement, the billing staff at CMAR shall verify each submitted roster, against the KIPU system, to verify that a note has been completed. If it has not, we will not bill for the service until documentation is complete. We do not bill insurance for absent patients.
5. Patient documentation records shall remain stored behind two locks, in either physical or digital form (or both), available to authorized users for a minimum of 5 years.

Accurate, up-to-date individual payment records:

1. Patients shall understand (and have the right to choose whether or not to agree) to a transparent pricing system, whether the patient is a cash or insurance-pay patient. There are NO hidden fees at CMAR.
2. A patient (or fiduciary), and appropriate staff, shall both sign a document, outlining any specific financial agreements that have been made. This document shall be binding, and all parties shall adhere to it (subject to federal and state law.)
3. Patients (or fiduciary), shall be reminded of payments due, prior to the due date (by office manager). The Managing Partner shall ensure that each patient has a HIPAA protected financial file, separate and uniquely accessible to administrative staff (and the patient) only.
4. Patient financial records shall remain stored behind two locks, in either physical or digital form (or both), for a minimum of 2 years following patient discharge, and a maximum of 6 years.

Monitoring

1. The Clinical Director will monitor and hold all staff accountable to timely, accurate, and complete documentation.
2. The Human Resources Manager will conduct quarterly audits of all confidentiality agreements.
3. A receipt confirming that all employees have read this policy and procedure will be kept in employee files.

Confidentiality and Privacy

Purpose

It is the policy of CMAR to ensure that information and records pertaining to clients, in the course of persons visiting CMAR evaluating its program, or working with clients, are kept strictly confidential.

Procedure

1. Any and all visitors, employees and/or potential employees of CMAR are required to read, sign, and comply with this policy.
2. The content of conversations regarding clients and staff members is also confidential and is not to be discussed with individuals other that appropriate staff in regards to care and treatment.
3. All staff will read and sign the Employee Confidentiality Agreement outlining HIPPA compliant standards of client health information management.
4. After signature, the Confidentiality Agreement will be stored in the employee’s file with the Human Resources Manager.
5. Any violations of these policies are subject to progressive disciplinary action. Violations will be reported to governing bodies as required by state and federal regulations.

Monitoring

1. The Human Resources Manager will conduct quarterly audits of all confidentiality agreements.
2. A receipt confirming that all employees have read this policy and procedure will be kept in employee files.

Health Information

Purpose

It is the policy of CMAR to ensure that all health information is kept private by limiting the use of information to only what is needed to provide care, treatment, or services.

Procedure

1. All health information for all clients of CMAR is kept private. The only time any health information is released to anyone outside of CMAR is when a written consent (Release of Information or “ROI”) has been filled out and signed by the client. IM 02.01.01 EP 4
2. All staff members will be trained in CMAR’s privacy policy during new hire orientation. They will be trained on HIPPA and what is expected of them regarding client health information while they are staff at CMAR. IM 02.01.01 EP 2
3. All client health information is used strictly to better care for the client. Records of previous treatment centers, health information or other doctors may be requested to benefit the client’s treatment at CMAR only. IM 02.01.01 EP 3
4. All paper client charts are kept in the filing room and behind two locks. Authorized personnel (Such as the human resources representative and persons in the Clinical Department) are the only staff members that will have keys to access these files.
5. CMAR monitors compliance with information privacy by training all staff on HIPPA compliance. IM.02.01.01 EP5
6. All computers that have access to Kipu are kept in an office with a lock and the computer is password protected. Whenever the computer is not being used, the computer will be locked. Any time the employee is out of their office their office will be locked.
7. All staff computers will be backed up on an external hard drive once per week to ensure that if the computer crashes the information can still be available. IM 02.01.03 EP 2
8. All client health information will be kept on CMAR property for 7 years after the client discharges. After 7 years all information will be shredded. IM 02.01.03 EP 3
9. The only time that health information may be removed from the client file is to send it to an approved person, with written consent by client. IM 02.01.03 EP 4
10. CMAR protects against unauthorized access, use, and disclosure of health information by keeping all client health information behind two locks and password protecting it. IM 02.01.03 EP 5
11. CMAR protects health information against loss, damage, unauthorized access, unintentional change, and accidental destruction by backing up electronic files on password protected external hard drives and staff training on how to handle health information (both physical and electronic). IM.02.01.03 EP6
12. The organization controls against intentional destruction of health information by backing up electronic information, and having checklists for paper files. IM.02.01.03 EP7

Monitoring

1. All trainings will be documented in the employee’s file.
2. Staff Sign a “Confidentiality Agreement” upon hire.
3. All employee file’s will be audited quarterly by the HR Manager to ensure that all employees have received the proper training.
4. All client files will be audited quarterly by the Clinical Director and/or designee to ensure that no information was removed without authorized consent by the client. IM 02.01.03 EP 8

Telehealth

Purpose

It is the policy of CMAR to remove as many barriers to access of care as possible while preserving the program’s clinical excellence.

Procedure

1. It is the policy of CMAR to utilize Telehealth services as a last case intervention to support clients. Telehealth may be used when the client and/or practitioner are not able to meet in-person and the service still needs to be provided. Practitioners are to use their best professional judgement when deciding between the use of telehealth and in person services. Possible reasons telehealth may be provided are as follows
   • Weather issues
   • Unsafe travel
   • Emergency situations
   • Sickness and concern of spreading sickness
   • Travel
   • Pandemic
   • Community violence
2. When providing telehealth services it is the facilitators responsibility to ensure confidentiality to the best of their ability. Zoom and/or other HIPAA safe telehealth platforms may be utilized.
3. The session facilitator should remind begin the session by informing the client about the potential risks to one’s confidentiality when utilizing technology and telehealth services.

Monitoring

1. Clinical Director will be responsible for monitoring the programs use of telehealth.
2. All Telehealth sessions will be documented in KIPU and the reason telehealth was utilized instead of in-person session will be documented as well.
3. During regular chart auditing procedure – Clinical Director will review the use of telehealth.

Protecting Data Collected for Internal Research

Purpose

In an effort to consistently improve our services, we will collect patient data from the day they enter our care, for a minimum of five years . In order to ensure this longitudinal study is ethical, we will inform patients about the specific information we plan to track, and give them the option of whether to participate. Those who don’t participate will receive the exact same quality of treatment as those who do. We shall ensure the protection of data collected for research, by both ensuring it is protected in the same manner as other HIPAA protected data, and also by keeping the data anonymous.

Procedure

1. The “Research informed consent” form, once signed, allows CMAR to track patient data, in order to consistently improve our patient care. It will not track identifying information, but rather the patients’ demographic, medical and clinical data, as well as their feedback. Patients will not be asked for their names, address, identifying contact information, SS numbers, etc.
2. A patient may choose not to include any information, whether or not they feel that it could be revealing, at any time. That said, CMAR will not guarantee that we can undo or erase any previously collected data.
3. A patient may stop their participation at any time.
4. A patient may file a grievance, internally or externally at any time, should they feel that their information has not been protected, or has otherwise been misused.
   • Grievances should be made internally, to Cortland Mathers-Suter, Managing Director. He can be reached at (928) 277 7209. If you do not feel comfortable going to Cortland, please see reception to identify an alternative.
   • Grievances should be made externally, to the Colorado Office of Behavioral Health. They can be reached by Phone at: (303) 866-7400.

Monitoring

1. All errors will be documented in an incident report.
2. Incident Reports will be brought to the weekly management meeting for further review and possible action plan.
3. The Clinical Director or designee will review and check each client’s electronic file quarterly to ensure accuracy and completeness.
4. All new employees will be trained in this policy during orientation.
5. Documentation of this training will be placed in the employee’s employee file. All employee file’s will be audited quarterly by the HR Manager and/or designee to ensure completeness and accuracy.
6. The Clinical Director will be in charge of supervising all clinical staff.
7. The Medical Director will be in charge of supervising all medical staff.