Notice of Privacy Practices

The privacy of health information maintained by this agency is protected by Federal laws and regulations.

Confidential protected health information of all past or present clients of The Rubicon is maintained under state laws 254A.09 and 148F.135, and federal laws governing the Confidentiality of Alcohol and Drug Abuse Patient Records and its implementing regulations, 42 C.F.R. Part 2, and by the Health Insurance Portability and Accountability Act, 45 C.F.R. Parts 160 and 164.

Program staff shall not convey to a person outside the program that a client attends or receives services from the program or disclose any information identifying a client as an alcohol or other drug or mental health services client unless the client consents in writing for the release of information, the disclosure is allowed by a court order, or the disclosure is made to qualified personnel for a medical emergency, research, audit or program evaluation purposes.

Any health information, either oral or written, that identifies an individual, either directly or indirectly whether the individual is a current or former client, either living or deceased is protected health information and is covered by this policy. Protected health information will not be used or disclosed except as permitted or required by law.

This policy applies to anyone who has access to patient records including treatment staff, administrative staff, secretaries, researchers, auditors or others and continues even after they have terminated their relationship with The Rubicon.

With regard to legal requests for confidential information of substance use disorder treatment recipients, a subpoena is not sufficient to compel the release of such records. Only a court order signed by a judge can service that action.


Identifying information and other confidential information related to substance misuse or substance use disorder information, assessment, treatment, or aftercare services may be ordered to be released by the court for the purpose of civil or criminal investigations or proceedings if, after review of the records considered for disclosure, the court determines that the information is relevant to the purpose for which disclosure is requested. The court shall order disclosure of only that information which is determined relevant. In determining whether to compel disclosure, the court shall weigh the public interest and the need for disclosure against the injury to the patient, to the treatment relationship in the program affected and in other programs similarly situated, and the actual or potential harm to the ability of programs to attract and retain patients if disclosure occurs.

This agency Notice of Privacy Practices is posted in the program lobby, offered to each client at the time of intake and is available upon request at any time throughout the treatment process

The Rubicon has created the following policies and procedures to ensure compliance with the aforementioned governing laws and regulations:

1. Medical Records Storage

a. The Rubicon uses an EHR (Electronic Health Records) program to store all client data and information

i. Staff will have their own login and passwords which will not be shared with anyone else
ii. Staff will not save their passwords on the site to ensure safety of client information
iii. Each client will have a client number which is generated from the system at the time of intake

b. If there are paper versions of The Rubicon medical records must be stored in a safe and secure location. This location must be secure (behind two locks) to prevent unauthorized people from viewing the records

2. Medical Records Access and Storage

a. All documents are to be uploaded into the EHR
b. Once uploaded and verified in the system paper documents are to be shredded and placed in a secure shred-bin.
c. All Directors and Clinical Supervisors are to have access to all client’s records
d. Staff are only to access client’s charts and medical records if it is required by their job, and only the minimum necessary information to perform their job function.
e. All staff are to only access their client’s charts on their caseloads.
f. The EHR system tracks and records the navigation for each employee.
g. The Rubicon will audit employees randomly to ensure compliance.
h. Documents should not be copied or printed unless necessary as part of the care process, or as required by agreement between The Rubicon, DHS, insurance companies, ROIs or the client.
i. Documents should only be given to parties for which the client has signed an authorization to disclose information.

3. Transportation of Medical Records

a. To ensure all documents are enclosed and out of the view of others, documents transported in a vehicle must be in a closed and locked container.
b. Documents are to be stored in the trunk of the vehicle.
c. If no trunk the back of the vehicle out of view of others.
d. Documents are to be double locked for security purposes.

4. Requirements

a. The Rubicon will hold all records for a minimum of 7 (Seven) years.
b. All documents are protected in the EHR system against tampering, loss and unauthorized disclosure to someone who does not need access to the client’s record.
c. Records are stored in a safe and confidential location.



Subdivision 1.Client right to access and release private information. A client has the right to access and release private information maintained by the provider, including client records as provided in sections 144.291 to 144.298, relating to the provider’s counseling services to that client, except as otherwise provided by law or court order.

Subdivision 2.Release of private information. (a) When a client makes a request for the provider to release the client’s private information, the request must be in writing and signed by the client. Informed consent is not required. When the request involves the client records, all pertinent information shall be released in compliance with sections 144.291 to 144.298.

(b) If the provider initiates the request to release the client’s private information, written authorization for the release of information must be obtained from the client and must include at a minimum:

(1) the name of the client;
(2) the name of the individual or entity providing the information;
(3) the name of the individual or entity to which the release is made;
(4) the types of information to be released, such as progress notes, diagnoses, assessment data, or other specific information;
(5) the purpose of the release, such as whether the release is to coordinate professional care with another provider, to obtain insurance payment for services, or for other specified purposes;
(6) the time period covered by the consent;
(7) a statement that the consent is valid for one year, except as otherwise allowed by statute, or for a lesser period that is specified in the consent;
(8) a declaration that the individual signing the statement has been told of and understand the nature and purpose of the authorized release;
(9) a statement that the consent may be rescinded, except to the extent that the consent has already been acted upon or that the right to rescind consent has been waived separately in writing;
(10) the signature of the client of the client’s legally authorized representative, whose relationship to the client must be stated; and
(11) the date on which the consent is signed.

Subdivision 3.Group client records. Whenever counseling services are provided to group clients, each client has the right to access or release only that information in the records that the client has provided directly or has authorized other sources to provide, unless otherwise directed by law or court order. Upon a request by one client to access or release group client records, that information in the records that has not been provided directly or by authorization of the requesting client must be reached unless written authorization to disclose this information has been obtained from the other clients.

Subdivision 4.Board investigation. The board shall be allowed access to any records of a client provided services by an applicant or license who is under investigation. If the client has not signed a consent permitting access to the client’s records, the applicant or license must delete any data that identifies the client before providing them to the board. The board shall maintain any records as investigative data pursuant to chapter 13.

For further information about The Rubicon’s Privacy Policies & Practices, please contact our Treatment Director, John Newman at (612) 374-0495, or via email at

7250 Metro Blvd. Suite 100 Edina, MN 55439 * * 612-200-9870

Are you ready to cross your Rubicon?