51.45—Confidentiality of protection and advocacy system records.
(a)
Records maintained by the P&A system are the property of the P&A system which must protect them from loss, damage, tampering or use by unauthorized individuals. The P&A system must:
(1)
Except as provided elsewhere in this section, keep confidential all records and information, including information contained in any automated electronic database pertaining to:
(i)
Clients to the same extent as is required under Federal or State laws for a provider of mental health services;
(ii)
Individuals who have been provided general information or technical assistance on a particular matter;
(iii)
Identity of individuals who report incidents of abuse or neglect or furnish information that forms the basis for a determination that probable cause exists; and
(2)
Have written policies governing access to, storage of, duplication and release of information from client records; and
(3)
Obtain written consent from the client, if competent, or from his or her legal representative, from individuals who have been provided general information or technical assistance on a particular matter and from individuals who furnish reports or information that forms the basis for a determination of probable cause, before releasing information to individuals not otherwise authorized to receive it.
(b)
Nothing in this subpart shall prevent the P&A system from. (1) Issuing a public report of the results of an investigation which maintains the confidentiality of the individuals listed in paragraph (a)(1) of this section or,
(2)
Reporting the results of an investigation which maintains the confidentiality of individual service recipients to responsible investigative or enforcement agencies should an investigation reveal information concerning the facility, its staff, or employees warranting possible sanctions or corrective action. this information may be reported to agencies responsible for facility licensing or accreditation, employee discipline, employee licensing or certification, or criminal prosecution.
(c)
For purposes of any periodic audit, report, or evaluation of the performance of the P&A system, the Secretary shall not require the P&A system to disclose the identity, or any other personally identifiable information, of any individual requesting assistance under a program. This requirement does not restrict access by the Department or other authorized Federal or State officials to client records or other records of the P&A system when deemed necessary for audit purposes and for monitoring P&A system compliance with applicable Federal or State laws and regulations. The purpose of obtaining such information is solely to determine that P&A systems are spending their grant funds awarded under the Act on serving individuals with mental illness. Officials that have access to such information must keep it confidential to the maximum extent permitted by law and regulations. If photostatic copies of materials are provided, then the destruction of such evidence is required once such reviews have been completed.
(d)
Subject to the restrictions and procedures set out in this section, implementing section 106 (a) and (b) of the Act (42 U.S.C. 10806 (a) and (b)), this part does not limit access by a legal guardian, conservator, or other legal representative of an individual with mental illness, unless prohibited by State or Federal law, court order or the attorney-client privilege.