Out in the Sun

MNIS Employee Privacy Notice

MNIS is required by law to maintain the privacy of your confidential information (CI) and protected health information (PHI) and to provide you with a copy of this notice which describes our legal duties and privacy and security practices concerning confidential information (CI) and protected health information (PHI).

PROTECTED CONFIDENTIAL AND HEALTH INFORMATION (PHI)

 Confidential Information (CI) is generally information related to a person’s employment or association with MNIS that includes, but is not limited to:

  • Information indicating that you are employed by MNIS.

  • Demographic information (such as name, address or insurance status).

  • Unique numbers that may identify you, or the person you represent (such as Social Security number, phone number, date of birth or driver’s license number).

  • APS/CPS checks.

  • Results from criminal history background checks provided by an external company.

  • Information regarding the processing of payroll.

  • Applications.

  • Employee status reports.

  • Performance issues.

  • Any other types of information that may be an identifier.

It should be noted that MNIS has separate policies to handle concerns about a corrective action taken (see MNIS Personnel Policy 006.02 Grievance Procedure) or a performance evaluation (see MNIS Personnel Policy 003.02 Wage Increases and Performance Appraisals).

When confidential information is combined with health information it becomes Protected Health Information.

Protected Health Information (PHI) is generally information about a medical condition that include, but are not limited to:

  • Medical Treatment Records/status reports pertaining an employee’s health conditions;

  • Medical Treatment Records/status reports pertaining to the Family Medical Leave Act;

  • Any statement pertaining to communicable diseases as applicable for working in a CDD;

  • Release of information concerning infectious diseases;

  • Administration of health insurance benefits.

Please be advised that MNIS does not have to secure permission to disclose certain types of PHI based on applicable federal and state laws.  More information regarding permitted disclosures may be found in MNIS Personnel Policy 001.04.

EMPLOYEE RIGHTS

 MNIS recognizes that employees and/or personal representatives have the right to access and control health information and may:

  • Receive a MNIS Employee Privacy Notice.

  • Access and inspect a copy of employee’s paper or electronic health information that may be used to make decisions about employee treatment for as long as MNIS maintains this information in our records.

  • Request amendments to the contents of their records.

  • Receive confidential communication.

  • Request limitations on information shared.

  • Upon request, obtain a list of recipients who receive their protected health information.

  • Receive a copy of MNIS Employee Privacy Notice at the time of hire and/or by contacting the Area Director or Privacy Officer.

  • File a complaint regarding a violation of privacy.

  • Know how information is shared during disaster relief situations.

  • Choose what information is shared with named personal representatives.

In the event of a disaster (i.e. tornado, flood, etc.), MNIS provides lanyards to employees that contain identifying personal information which may include protected health information (PHI).  Data back-up protocol is explained in the MNIS Privacy and Security Manual-Administrative, Physical, and Technical Safeguards.

MNIS will not disclose any protected health information (PHI) without proper consent except as indicated above.   MNIS must follow the duties and practices as described in MNIS Personnel Policy 001.04 Privacy and Security of Employee Confidential Information and other applicable policies; and state and federal law. 

The process for accessing or amending a file record and to file a complaint regarding misinformation on, or misuse of, any health care documents or confidential documents is as follows:

  1. Contacting the Area Director of your program location. 

  2. If the employee prefers to contact the Privacy Officer, he/she may do so by obtaining the Privacy Officer’s phone number and/or email address either by viewing the posted contact information at the program location office and MNIS central office, or by requesting the information from the Area Director.

  3. The Area Director or the Privacy Officer will provide the requestor with the appropriate form specific to his/her request.

  4. The form must be completed and returned to either the Area Director or the Privacy Officer within the stated timelines.

  5. If necessary, the Area Director or the Privacy Officer will conduct an investigation of the request.

  6. If the Area Director is conducting the investigation he/she will notify the Chief Executive Officer and the Privacy Officer of the complaint.  Both will provide input or may decide to assume the investigative responsibilities.  If the Privacy Officer receives the request and is conducting the investigation, he/she will notify the area program’s Director and the Chief Executive Officer of the issue and the plan for investigation.

  7. Based on the findings of the investigation, the Privacy Officer, in conjunction with the Chief Executive Officer, shall take any action and develop a plan of handling the request.

  8. Within 20 days, the investigator of the request will inform the requestor of the outcome, in writing, of the investigation.

  9. If MNIS is unable to respond within the timeframes mentioned above, the time for responding may be extended one time for no longer than an additional 10 working days.

  10. The requestor must receive written notice of the intent to extend the timelines for response.

  11. The investigative summary will be filed in the designated record set.

  12. MNIS will provide a written response to all requests. In some circumstances MNIS is permitted to deny a request.

  13. At no time will a person who is the subject of a complaint be the same person in charge of investigating the complaint.

  14. In the event that the complaint is about the Privacy Officer, the complaint shall be handled by the Chief Executive Officer.

MNIS shall review, document and investigate every complaint that a person makes regarding use or disclosure of employee or CI/PHI.

In the event the employee requests copies of information, MNIS may impose a reasonable, cost based fee for processing the request.

Disagreement with the Response to the Request Access/Amend PHI or to file a Complaint

In the event an employee disagrees with the response from MNIS, he or she should file a complaint with the Privacy Officer. A copy of MNIS Complaint Form may be obtained from the local program location by contacting the Area Director or the Privacy Officer and by asking for a MNIS Complaint Form.  The statement of disagreement must be limited to the two-page single sided MNIS Complaint Form. The form must be filed within 60 days of the response from MNIS with the Privacy Officer at MNIS’ Central Office. The Privacy Officer will render a final decision regarding the issue.

Specific to Complaints Regarding the Handling of Protected Health Information

A complaint may be filed with the U.S. Department of Health and Human Services Office for Civil Rights.  No retaliation will be made against anyone who chooses to file a complaint in this manner.  Contact information is:

US-DHHS
200 Independence Avenue, S.W.
Washington D.C. 202011-877-696-6775
www.hhs.gov/ocr/privacy/hipaa/complaints/

Out in the Sun