Select Page

APN Connection Privacy Policy

Policy Area


Referring Rule:

Records of Care, Treatment and Services

Individual Health Records

2 CCR 502-1; 21.170.2-4



Title of Policy:

Effective Date:

Last Modified:

Confidentiality, Consent, and Release of Records of care

February 2020

August 2020



To effectively maintain the integrity of records of care and ensure responsibility of compliance efforts to meet CO OBH and TJC standards.

Privacy Policy


APN will at all times maintain the confidentiality of the individual record, including all medical, mental health, substance use, psychological and demographic information in accordance with all applicable state and federal laws and regulations. APN will maintain compliance with Federal Confidentiality Law 42 CFR Part 2 and the Health Insurance Portability and Accountability Act (HIPAA)

The information in this section shall not be construed to limit the access of duly authorized representatives of CO OBH and TJC to confidential material for purposes of assuring compliance with these rules. Such duly authorized representatives of CO OBH and TJC are obligated to protect the confidentiality of any individual information reviewed.


The following apply to all individuals served at APN:

  1. A written agreement shall be executed between APN and the individual or the individual’s legal representative at the time of admission. The parties may amend the agreement provided such amendment is evidenced by the written consent of both parties. No agreement shall be construed to relieve the organization of any requirement or obligation imposed by law or regulation.
  2. Individual consents shall include consent to treatment.
  3. Services shall involve families and significant others with written individual consent, unless clinically contraindicated.

Release of Information

APN will comply with release of information regulations per 42 CFR Part 2 and the Health Insurance Portability and Accountability Act (HIPAA); no amendments or later editions are incorporated

The signed release of information shall state, at a minimum:

  1. Persons who shall receive the information;
  2. For what purpose;
  3. The information to be released;
  4. That it may be revoked by the individual, parent, or legal guardian at any time;
  5. That the release of information shall be time limited up to two (2) years, unless deemed otherwise.

Records shall be released to the staff of the governor’s designated Protection and Advocacy System for Individuals with Mental Illness, per Section 27-65-121(1)(i), C.R.S., under the following guidelines for all records of:

  1. Any individual who is an individual of the system or the legal guardian, conservator, or other legal representative of such individual has authorized the system to have access;
  2. Any individual with a mental health disorder, who has a legal guardian, conservator, or other legal representative, with respect to whom a complaint has been received by the system or with respect to whom there is probable cause to believe the health or safety of the individual is in serious and immediate jeopardy, whenever:
    1. Such representative has been contacted by such system upon receipt of the name and address of such representative;
    2. Such system has offered assistance to such representative to resolve the situation;
    3. Such representative has failed or refused to act on behalf of the individual.
  3. Whenever a family member or other party requesting information, not including the agency, requests that information revealed to treating personnel remain confidential, such information shall not be released unless otherwise provided by law or court order.
    1. Whenever confidential information provided by a family member or other party providing information is ordered released, attempts shall be made to notify the family member or informant of the release of information by the individual who has obtained the court order.
    2. The fact that confidential information is being withheld may be disclosed to individuals requesting the information, but if the individual’s attorney has requested the information, the fact that confidential information is being withheld shall be disclosed.


APN operates with the following procedures regarding the individual served’s record of care:

  1. All Clients’ records are the property of All Points North Lodge.
  2. Information within the record will be managed in accordance with federal and state confidentiality guidelines, as well as federal HIPAA policy.
  3. The Client owns the information documented in the record and may exercise control over the release of that information, except as outlined in these guidelines.
  4. The Client will be requested to authorize release of information to specified individuals and agencies who are not a part of All Points North Lodge but need information to provide services on behalf of the Client, such as, medical, pharmacological, psychological educational, legal insurance, or administrative services.
  5. Consent forms to release information will contain the following data which meets federal regulations:
    1. Name of program making the disclosure.
    2. Name of individual or organization to receive the information.
    3. Name of person who is the subject of the disclosure.
    4. Purpose for the disclosure.
    5. Extent or nature of information disclosed.
    6. Statement that the person may revoke the consent at any time.
    7. Date the consent expires.
    8. Signature of person and witness.
    9. Date the consent is signed.
  6. Consent forms will be maintained in the Client’s record.
  7. Information received from an outside source will be managed in accordance with this policy.
  8. Information not governed by confidentiality rules includes imminent danger of Client to self/others, medical emergency (limited disclosure to meet the needs of the emergency) child abuse and crimes committed on the facility property.

When records are disclosed, the disclosure shall be accompanied by a written statement which reads:

“This information has been disclosed to you from records whose confidentiality is protected by Federal Law. Federal Regulation (42CFR, Part 2) prohibits you from making any further disclosure of it without the specific written consent of their person to whom it pertains, or as authorization of the release of medical or other information is not sufficient for this purpose.”

  1. Information disclosed shall always be limited to that information relevant and necessary to the purpose for which the information is sought.
  2. Confidential information released through the mail will be sealed and stamped CONFIDENTIAL, FOR PROFESSIONAL USE ONLY.
  3. Confidential information disclosed verbally will be treated with the same respect as written information.
  4. Consent for the release of information concerning follow-up surveys will be completed on admission.
  5. Individuals, other than employees but including students and volunteers, who have access to confidential information who fail to comply with the policy shall be denied access to confidential information by the facility.
  6. Access to records shall include the provisions located within the Code of Colorado Regulations, Behavioral Health, relating to items 21.170.3. C-D. This addresses the governor’s designated staff access and restrictions as outlined in the Protection and Advocacy System for Individuals with Mental Illness (section 27-65-121(1)(i), CRS.
  7. Original & printed Client records may be removed from the facility premises only under the following conditions:
    1. In accordance with a subpoena to produce document or object or other order of the court or when Client records are needed for district court hearings held in accordance with any Colorado General Statutes;
    2. Whenever Client records are needed for treatment/habilitation or audit purposes, records may be transported within an area facility or between state facilities;
    3. In situations where the facility determines it is not feasible or practical to copy the Client record or portions thereof, Client records may be securely transported to a local health care provider, provided the record remains in the custody of a delegated employee;
    4. Whenever a Client expires at an area or state facility and an autopsy is to be conducted, the Client record may be transported to the agency wherein the autopsy will be performed provided the agency complies with Colorado General Statutes.
    5. Safety-related evacuation drill or circumstance.
  8.  In the event of a breach of confidential information, or loss of identity or service information
    1. Employee discovering the breach shall complete a Risk Incident Report (use client ID # only) the event of a breach of confidential information, or loss of identity or service information:
    2. An investigation into the causes and consequences will be conducted by the Chief Operating Officer or designee.
    3. Notification to the affected parties will occur within the constraints of federal and state confidentiality law and regulation.
    4. A corrective action plan will be implemented and monitored in accordance with the QA and PI process.