I.STATEMENT OF PURPOSE
In order to clarify and make specific the policy regarding confidentiality as regards data and information obtained in whatever context or format the following statements relating to protection of privacy and confidentiality are herein enunciated as Board policy and procedure. The District recognizes its responsibilities under the Kentucky Open Records/Open Meetings laws as well as the Freedom of Information Act, and finds compliance with these laws not in conflict with this Confidentiality Policy.
It is the policy of the District that all board and staff functions and responsibilities are to be carried out in such a manner so as to assure that every individual's, every corporate entity's, and every unit of government's right to privacy be protected. Further, it is the policy of the District that data and information relating to individuals, whether program client or participant, corporate entity(ies), and unit(s) of government be obtained, utilized and maintained with assurance of the strictest confidentiality.
It is understood that the District is required to obtain a broad range of data and information relating to individuals, corporate entities, and/or units of government for purposes of area planning and program and project implementation. It is also understood that the District must often obtain detailed personal information on an individual, or proprietary information on corporate entities, and unit(s) of government as may be required to establish their respective eligibility for participation in assistance programs and projects.
Pursuant to this policy all information gathering, use, and maintenance for planning purposes and/or for program and project implementation purposes shall conform to the following procedures:
RE : Personal and proprietary data and information
1.Data and information relating to individuals, entities, or units of government may be obtained only by the authorization of the individual, or his/her guardian, officials or other designated person directly associated with an entity, and the appropriate elected or appointed officials of a unit of government. Such data and information may be obtained only by person(s) specifically authorized to do so.
2.Only that personal and/or proprietary information specifically required and for the development or managment of a program or project shall be obtained from any individual, entity, or unit of government requesting services of the District.
3.Any and all personal and/or proprietary information generated as authorized by an individual, an entity, and/or unit of government shall be used or disseminated only after a written release to do so is granted by the individual, entity, or unit of government.
4.Any and all personal health information as protected by the Health Insurance Portability and Accountability Act of 1996.
RE: All data and information
5.All data and information developed and/or generated by the District is proprietary; diligence and care commensurate with the nature of specific data, information, or related policy issue shall be exercised by board and staff including the enforcement of appropriate security measures, as warranted.
6.Dissemination of data and information and commentary on same or related policy issue for any purpose including response to media inquiries is restricted solely to the chairperson of the Board, the Executive Director, the Program Director and others by specific delegation.
I have been provided a copy of the Big Sandy ADD's Confidentiality Policy. I
have studied this policy, understand it, and agree that my participation as a
member of the Board of Directors, or as a committee member, or as an
employee, or as a volunteer, or as a work-training program participant with the
District is conditioned upon my compliance with the elements of this policy. I
also understand the provisions of the law regarding Personal Health
Information (PHI) privacy and the Health Insurance Portability & Accountability
Act of 1996, and will comply with this law.