Maintaining Client Confidentiality April 5, 2017

Training Goals Understand required practices on maintaining client confidentiality Understand required practices on maintaining case file confidentiality

Why does it matter? Maintaining client confidentiality is among the core principles of case service provision Figure 1: Puzzle board of the word trust. Adapted from Pixabay. Retrieved from https://pixabay.com/en/puzzle-trust-reliability-certainty-2515123/

Why does it matter? Safeguard client’s privacy and identity – sharing information without consent may cause harm to client and family A professional and contractual requirement Ensures trust is built between staff and client Figure 1: One figure helping another one over a wall. Adapted from Pixabay. Retrieved from https://pixabay.com/en/friends-trust-friendship-together-1015312/

What is confidential or private information? “Private Information” is defined as any information that is personal and discrete in nature and relates to IRC employees, donors, refugees or any other recipients of assistance from IRC. Medical records, Claims for refugee status Benefits information What else?  Client home address and home telephone number  Client date of birth  Government identification numbers, driving license number, social security number, alien number  Passport number and visa number  Income information  Direct financial assistance information  Medical information  Family, Cross-Reference, or US Tie information  Individual benefits and services

What information should be kept confidential? Your client’s friend has learned that your client has recently resettled in Wichita and would like to get in touch with him. What can you share? Cannot share information Figure 1: Confidential stamp. Adapted from Pixabay. Retrieved from https://pixabay.com/en/confidential-secret-private-font-264516/

What information should be kept confidential? A caseworker from a different agency states that client was enrolled in their training program. The caseworker would like to get an updated phone number for client. Cannot share information Figure 1: Confidential stamp. Adapted from Pixabay. Retrieved from https://pixabay.com/en/confidential-secret-private-font-264516/

What information should be kept confidential? A staff member at your client’s school is asking for the client’s SNAP card number, so that they may be enrolled in the Reduced/Free Lunch Program Cannot share information Figure 1: Confidential stamp. Adapted from Pixabay. Retrieved from https://pixabay.com/en/confidential-secret-private-font-264516/

What information should be kept confidential? The US tie for a client who has not yet arrived would like information on the client’s status. Can you share the information you see on the RPC Monthly Caseload report (i.e. client’s security check status)? Cannot Share Information Figure 1: Confidential stamp. Adapted from Pixabay. Retrieved from https://pixabay.com/en/confidential-secret-private-font-264516/

Confidentiality Requirements Never share/discuss clients’ sensitive data with others that are not permitted to view this information. Never discuss clients’ sensitive information in public or in an open space where others might overhear you. Please find a secure office or a secluded area to have these discussions with authorized staff members only. Always be vigilant in keeping sensitive data secure and confidential. Figure 1: Lock. Adapted from Pixabay. Retrieved from https://pixabay.com/en/cyber-security-security-lock-1915626/

IRC Policies on Confidentiality The IRC’s Client Confidentiality Policy The Client Release of Information Forms The IRC Way The IRC Client Confidentiality Policy can be found on RescueNet

The IRC Confidentiality Policy

Consent to Release Information Consent to Release Information Forms are translated in all client languages The specific “consent to release information form” needs to list the specific (names, titles, organizations) of the individuals who permitted to receive the information

The IRC Way Complaint Reporting Procedure •When an IRC worker has direct knowledge or information of a policy violation, you are required to inform his/her immediate supervisor as soon as possible. OR: •Supervisor’s Supervisor •Designated HR Representative •Most senior person in the location •The Integrity and Accountability Unit, the General Counsel or the Chief HR Officer What happens if you notice a situation where a confidentiality breach may have happened?

Who is accountable for ensuring confidentiality is maintained in your office? Figure 1: Man writing on a computer. Adapted from Pixabay. Retrieved from https://pixabay.com/en/blogging-blogger-office-business-3094201/

Case File Confidentiality File Security Figure 1: File cabinet. Adapted from Pixabay. Retrieved from https://pixabay.com/en/cabinet-data-file-icon-information-1293245/  

Case File Security – Fill in the blanks… Case files should: always be kept in a ______________ never be __________ from office never left ____________on desks Figure 1: Binders. Adapted from Pixabay. Retrieved from https://pixabay.com/en/ring-binders-aligned-organization-2654130/

Case File Security Case files should: always be kept in a secure location never be removed from office never left unattended on desks Figure 1: File Cabinet. Adapted from Pixabay. Retrieved from https://pixabay.com/en/cabinet-filing-filing-cabinet-2027625/

No references to unrelated individuals/cases File Documentation No references to unrelated individuals/cases Casefiles should not reference unrelated individuals/cases Email messages should never be included in files Casenotes for special medical cases should not include a client’s specific diagnosis Follow coding/RRS protocols for victims of trafficking and other high risk cases

File Documentation No email messages Casefiles should not reference unrelated individuals/cases Email messages should never be included in files Case notes for special medical cases should not include a client’s specific diagnosis Follow coding/RRS protocols for victims of trafficking and other high risk cases Figure 1: Email symbol. Adapted from Pixabay. Retrieved from https://pixabay.com/en/icons-symbols-letters-email-post-842848/

No specific diagnosis for special medical cases File Documentation No specific diagnosis for special medical cases Casefiles should not reference unrelated individuals/cases Email messages should never be included in files Case notes for special medical cases should not include a client’s specific diagnosis Follow coding/RRS protocols for victims of trafficking and other high risk cases Figure 1: Medical paperwork. Adapted from Pixabay. Retrieved from https://pixabay.com/en/report-helth-medical-doctor-tools-2704732/

Follow coding protocols for VOTs and other high risk cases File Documentation Follow coding protocols for VOTs and other high risk cases Casefiles should not reference unrelated individuals/cases Email messages should never be included in files Case notes for special medical cases should not include a client’s specific diagnosis Follow coding/RRS protocols for victims of trafficking and other high risk cases

File Documentation Electronic files must be treated with the same level of care as paper files Electronic files must be treated with the same level of care as paper files All electronic files and file-based databases should be stored in a secure folder on a network file server, if available Under no circumstances should such files be stored on a home PC or laptop that is removed from the office Employees should be mindful of IRC’s Network policy and follow protocols for safe computing Figure 1: Laptop. Adapted from Pixabay. Retrieved from https://pixabay.com/en/laptop-notebook-computer-black-158648/

Secure folder on a network file server File Documentation Secure folder on a network file server Electronic files must be treated with the same level of care as paper files All electronic files and file-based databases should be stored in a secure folder on a network file server, if available Under no circumstances should such files be stored on a home PC or laptop that is removed from the office Employees should be mindful of IRC’s Network policy and follow protocols for safe computing Figure 1: Lock. Adapted from Pixabay. Retrieved from https://pixabay.com/en/security-secure-locked-technology-2168233/

Never on a home PC or laptop that is removed from the office File Documentation Never on a home PC or laptop that is removed from the office Electronic files must be treated with the same level of care as paper files All electronic files and file-based databases should be stored in a secure folder on a network file server, if available Under no circumstances should such files be stored on a home PC or laptop that is removed from the office Employees should be mindful of IRC’s Network policy and follow protocols for safe computing Figure 1: Laptop with error sign. Adapted from Pixabay. Retrieved from https://pixabay.com/en/mistake-404-error-computer-website-3085712/

Follow IRC’s Network Policy & Protocols for safe computing File Documentation Follow IRC’s Network Policy & Protocols for safe computing Electronic files must be treated with the same level of care as paper files All electronic files and file-based databases should be stored in a secure folder on a network file server, if available Under no circumstances should such files be stored on a home PC or laptop that is removed from the office Employees should be mindful of IRC’s Network policy and follow protocols for safe computing

Case File Security https://pilotrescuenet.rescue.org/Utilities/Uploads/Handler/Uploader.ashx?area=composer&filename=USP+Information+Systems+Data+Security+and+Confidentiality+Guidelines.pdf&fileguid=e4fe5ea9-8763-4fe6-9143-fd233aceec16 Figure 1: Laptop with error sign. Adapted from Pixabay. Retrieved from https://pixabay.com/en/shredder-document-paper-shredder-311638/

Confidentiality Requirements Never leave your screen or open documents containing staff related sensitive data unattended, not even for a minute! Always lock your computer or log out of IRIS and ETO before walking away from your laptop or computer. Never leave printouts of sensitive data. In fact, we urge that you refrain from printing out sensitive data all together. If you must print out information, please make sure to remove any sensitive data that can connect the information to an individual. Example: reports in aggregates and not by client names. Always be vigilant in keeping sensitive data secure and confidential.

Questions? Figure 1: Question Marks. Adapted from Pixabay. Retrieved from https://pixabay.com/en/question-mark-note-duplicate-2110767/