Privacy and confidentiality

Fallon Health’s Confidentiality Policy protects the confidentiality of member information and records. Relevant elements of our policy are:

  1. We recognize that Fallon Health (Fallon) creates, collects, maintains and processes sensitive and confidential information about members, employees, practitioners, and other providers and about business and administrative functions.
  2. We require that Fallon’s contracted providers ensure that special security, as required, will be provided for sensitive, high-risk records (as defined in the Privacy Act of 1974, which lists protected diagnoses).
  3. Fallon and Fallon contracted providers must have policies for obtaining consents from those members who lack the ability to give informed consent.
  4. Fallon contracted providers must ensure that members have timely access to their records with the appropriate written release signed by the member.
  5. Confidential information will be protected from access by unauthorized individuals.
  6. Any data shared with non-plan entities, especially employers, must not be member-identifiable, either explicitly or implicitly, unless specific consent to such data sharing is obtained from the member.
  7. Members must have the opportunity to understand and give permission if identifiable information is to be shared with their employers, whether fully insured or self-insured. Fallon contracted providers must have and adhere to policies/procedures for obtaining member consent to release information to a member’s employer.
  8. Access to areas where confidential information may be discussed (e.g., patient treatment areas) will be limited to only those staff whose presence is required for a legitimate purpose.
  9. Only the member or the authorized representative of the member will be able to access the member’s medical information or discuss the member’s care.
  10. Confidential information obtained in the Quality Management peer review activities are to be housed within a secure area of the department, protected from disclosure.

Return to the Provider Manual table of contents