PROPOSED DRAFT Policy on Confidentiality of Protected Health Information to be inserted in the ACOE Accreditation Manuals in Chapter VI In the Public Interest, following the section on Confidentiality of Accreditation Reports
The manuals are published on the ACOE web site in the Accreditation Resources section.
Confidentiality of Protected Health Information
The Council shall enter into the ACOE form of Business Associate Agreement (“BAA”) with each accredited program that is a HIPAA Covered Entity, permitting the Council to receive Protected Health Information (“PHI”) from the program in the course of evaluating the program for accreditation. The ACOE adopts the following rules and guidelines related to PHI:
- It is the policy of the Council that PHI, which includes any information that could identify an individual as a patient of the facility seeking accreditation, may not be used by the Council for any purpose other than for evaluation of the program for accreditation.
- Applicants and accredited programs may not include any PHI in any correspondence or materials submitted to the ACOE, including but not limited to self-study materials. PHI that is included in any materials submitted to the Council will be destroyed. Programs may be required to resubmit materials if the originally submitted materials are destroyed because they contain PHI. The program is responsible for any resulting missed deadlines.
- Site visitors may be exposed to PHI during site visits to accredited programs, for example during a visit to a clinic where patients are receiving care. Site visitors may not take copies of any PHI with them from the site visit and must maintain the confidentiality of all PHI to which they are exposed during the site visit. PHI shall not be shared with any individuals other than Council members, site visitors and staff that have a need to know the information in order to fulfill their official duties in connection with evaluating the program for accreditation.
- All Council members, site visitors, and staff are required to sign a form certifying adherence to the Council’s policies on confidentiality of PHI, which is included in the “Certification of Adherence to Conflict of Interest and Confidentiality Policies By Members or Consultants of the Accreditation Council on Optometric Education.”
- All Council staff and volunteers must participate in ACOE HIPAA compliance training on an annual basis.
- It is the policy of the Council that individual site visitors will not sign separate confidentiality forms on site during a site visit. Confidentiality obligations exist between the Council – of which site visitors act as an agent for the limited purpose of conducting the site visit – and the program. These obligations are covered by these policies and the terms of the BAA or other confidentiality agreement entered into between the Council and the program, if any.