Minnesota CAREWare Policies and Procedures Title: Client Confidentiality Standards and Requirements Issue Date: August 21, 2009 Revised: March 24, 2015 Purpose: The Ryan White Program requires client level data for reporting to HRSA and for Parts A, B and state HIV services grant management. In Minnesota, these data are collected in Minnesota CAREWare. The privacy and confidentiality of clients’ data must be protected by all users of the shared database during the process of collecting, sharing, and reporting required client level data. Policy: To promote confidentiality and security of client data, all users must follow federal HIPAA and State of Minnesota Data Practices Act standards when entering, sharing, and reporting client data. To ensure client privacy, Minnesota CAREWare provides that client demographic data are accessible only to provider agency staff who are registered users of the shared database. Client services and clinical data will be shared among providers only with clients’ permission via a signed Release of Information (ROI). Part A and B Grantee data analysts will have access to information sufficient to carry out payment, treatment, and operations as specified by HRSA, guided by HIPAA. Procedures: All users of Minnesota CAREWare are granted access only upon completion of annual privacy or HIPAA training that incorporates Minnesota Data Practices Act standards (see also “User Registration and Renewal”). Each contracted provider agency will demonstrate, during annual site visits, that it is in compliance with the “Universal Standards for Ryan White Service Providers” items related to Client Rights (Confidentiality, Release of Information, Client Bill of Rights) and Record Keeping (Separate Secure Files, Passwords and Backups, and File Access). Agencies will honor all client requests for documentation of what data was released, to whom, and on what date.