Privacy and confidentiality
Fallon Health’s Confidentiality Policy protects the confidentiality of member information and records. Relevant elements of our policy are:
- We recognize that Fallon Health (Fallon) creates, collects, maintains and processes sensitive and confidential information about members, employees, practitioners, and other providers and about business and administrative functions.
- We require that Fallon’s contracted providers ensure that special security, as required, will be provided for sensitive, high-risk records (as defined in the Privacy Act of 1974, which lists protected diagnoses).
- Fallon and Fallon contracted providers must have policies for obtaining consents from those members who lack the ability to give informed consent.
- Fallon contracted providers must ensure that members have timely access to their records with the appropriate written release signed by the member.
- Confidential information will be protected from access by unauthorized individuals.
- Any data shared with non-plan entities, especially employers, must not be member-identifiable, either explicitly or implicitly, unless specific consent to such data sharing is obtained from the member.
- Members must have the opportunity to understand and give permission if identifiable information is to be shared with their employers, whether fully insured or self-insured. Fallon contracted providers must have and adhere to policies/procedures for obtaining member consent to release information to a member’s employer.
- Access to areas where confidential information may be discussed (e.g., patient treatment areas) will be limited to only those staff whose presence is required for a legitimate purpose.
- Only the member or the authorized representative of the member will be able to access the member’s medical information or discuss the member’s care.
- Confidential information obtained in the Quality Management peer review activities are to be housed within a secure area of the department, protected from disclosure.