CBA activities are subject to confidentiality and privacy regulations. All information generated as a result of CBA activities is strictly confidential and is accessed only by those authorized personnel within the scope of their job duties. All relative information is kept in locked files and secured computer systems.
CBA will follow corporate guidelines to comply with the Health Insurance Portability and Accountability Act (HIPAA). The scope of CBA’s activities is primarily related to payment and health care operations as defined in HIPAA. As such, all authorizations, medical records and other correspondence will be maintained in such a manner as to protect the privacy of individuals’ personal health information. Documentation from utilization review services shall be made available to appropriate personnel only in accordance with company policy and state and federal law.
In addition, CBA complies with the federal regulation [42 CFR Part 2.32] prohibiting exchange of clinical information on substance abuse records to anyone without express consent of the patient. CBA also applies this policy to protected health information for mental health diagnoses.