Confidentiality

Download as PDF
Revision/Review Date Board Approval Date Effective Date

Policy

It is the policy of PIC that all consumer information, employee information and certain internal business affairs of PIC are confidential.  Each employee has a continuing obligation to protect confidential information and may not disclose any information without written authorization unless required by law.

Practice

  1. The individuals and families we serve entrust PIC with important personal information.  This includes any individually identifying information, whether oral or written, that can be used to identify the individual.  The nature of this relationship requires maintenance of confidentiality and privacy practices.  In safeguarding the information received, PIC earns their respect and further trust and operates in compliance with federal laws (HIPAA) and grant agreements.
  1. All PIC employees and Business Associates will sign and comply with our Confidentiality Agreement.  All employees will receive training on confidentiality and privacy practices.  
  1. Any violation of confidentiality seriously injures PIC’s reputation and effectiveness and could endanger our funding.  Failure to protect private health information could result in fines to employees and/or the agency reaching $250,000 and possible imprisonment, per federal laws protecting individual’s private health information.  
  1. No employee can discuss PIC clients with anyone who does not work for PIC, nor with fellow employees without their “need-to-know” such information to conduct business or provide services.  
  1. No employee can discuss individuals or families with anyone outside of the agency without a signed authorization to release information.  
  1. Any employee who becomes aware of anyone breaking this trust must report the matter to management immediately.
  1. The following are practices employees must follow to ensure individual’s rights to privacy, confidentiality and security of protected health information:
    1. Keep offices and work areas free of personally identifiable information (names, telephone numbers, addresses, social security numbers, Medicaid numbers, etc.) that can be seen by others without the “need-to-know”.
    2. Lock computers when away from work area and position computer screens so that passers by may not view work.
    3. When printing or faxing confidential consumer information, employees are required to attend to the printer or fax machine.  Do not leave confidential information unattended on an agency printer or fax machine.
    4. Bulletin boards must remain free of personally identifiable information.
    5. Confidential information stored in offices must be in locked filing cabinets.
    6. Telephone and face-to-face conversations should not be conducted as to be overheard by others without the “need-to-know”.
  2. No one is permitted to remove or make copies of any PIC consumer/family or employee records, reports or documents for non PIC related purposes without prior management approval.
  3. PIC employees should only use devices registered to/from PIC.  If using a privately owned device (laptop, tablet, smartphone), it must be approved by PIC and the employee must complete a “Bring Your Own Device” acknowledgement form and agree to the confidentiality measures.
  4. Information regarding policies, practices and financial or operational systems of PIC are confidential and may be released only by or with the explicit approval of an Executive Director.
  5. PIC complies with HIPAA confidentiality and privacy practices requirements.

E-mail 

  1. Ownership and User Privacy of E-Mail
    1. Use of electronic mail is part of PIC’s business processes.  All e-mail originating within or received in PIC is the property of PIC.
  1. Confidentiality of Electronic Mail
    1. When e-mail is used for communication of individually identifiable health or other confidential information:
      1. A notation referring to the confidential nature of the information should be made in the subject line.
      2. The information is to be distributed only to those with a legitimate “need-to-know”.
      3. All emails containing client information or PHI should be encrypted.

Faxes

  1. Sending Faxes
    1. If information must be faxed, it must be accompanied by a fax cover page that specifies the addressee and sender and includes a confidentiality notice.
  2. Receiving Faxes
    1. In order to protect the confidentiality of consumers via documents received by fax, only PIC staff are authorized to remove information from the fax machine.  Incoming documents will be removed promptly, senders will be notified of any problems and instructions noted on the cover page will be followed.
  1. De-identified Information
    1. PIC may choose to share information that has been “de-identified” with anyone, anytime, for any reason.  Generally, this type of information is shared in the form of statistics for funding agents.  
    2. The following identifiers of the consumer or guardian must be removed prior to sharing information;  names, addresses, dates, telephone/fax numbers, internet addresses, social security numbers, medical record numbers, account numbers, photographs or fingerprints, and any other unique identifying number, characteristic or code.  The only exception to this is personally identified information that is required as part of our funding agreements.Image removed. https://picak.sharepoint.com/:u:/r/hrgen/Forms/New%20Admin%20Hire%20Forms/Signature%20forms/Current%20BYOD%20form.url?csf=1&web=1&e=esS9b6

Texts

    1. When texting to or about clients/consumers, only agency approved devices should be used.
    2. Privately owned cell/smart phones should not be used to communicate with clients unless approved by PIC and a "Bring Your Own Device (BYOD) agreement is in place.