Data Privacy and Privacy of Protected Health Information/HIPAA

It is the policy of Mains’l to safeguard and protect the privacy of protected health information it creates, acquires, or maintains in accordance with the Privacy Regulations of the Health Insurance Portability and Accountability Act (HIPAA) and other applicable state laws. Mains’l employees and individuals receiving services receive the “Notice of Privacy Practices” which explains the use and disclosure of Protected Health Information as well as the individual’s rights to that information. The Privacy Official for Mains’l is the National Director of Human Resources. Individuals may file a privacy complaint with the Mains’l Privacy Official, or the Secretary of Health and Human Services. Mains’l does not retaliate or take any adverse action against any person who files a complaint.

Mains'l policy regarding access, release and duplication of information pertaining to persons receiving service is in accordance with federal and state statutes regarding data privacy, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the definition of political subdivisions which include corporations that provide social services "under contract to any political subdivision, statewide system, or state agency".

Mains’l employees are allowed to share information with the following persons or entities without a release:

• Individual receiving service;
• Authorized Representative/Managing Party;
• Parent/guardian of individual under age of 18;
• Legal guardian of individual 18 years or older;
• Mains'l personnel and consultants on a need-to-know basis;
• Representatives of responsible federal, state and county agencies; i.e. case managers, licensers, DHS investigators.

The person receiving services and/or their legal representative may have access to all written records regarding the person.

Confidentiality of Data

Only data/ information needed to make a determination of eligibility for service is requested of applicants. Only data necessary for provision of service is generated and retained for persons receiving service from Mains'l. All such confidential data is responsibly stored in a person’s file at all times. Only those persons identified above are allowed access. The files are not allowed to leave the corporate office without written permission of the senior manager or director.

No Mains'l personnel shares or releases any confidential information regarding a person receiving service to any unauthorized person/agency without adherence to the procedure regarding access. No written correspondence or documentation regarding a person receiving service should reference the full name of other persons receiving service.

Access to Outside Persons/Agencies

No personal data or information, including pictures, is shared with or released to outside persons/agencies unless authorization is obtained from the person receiving service or their legal representative as outlined in Mains'l procedure regarding release of information (see Procedure: Data Privacy). This includes legal advocates, volunteers, and interns. 

Information pertaining to a person receiving service from Mains'l may be released to responsible federal, state and county agencies without authorization.