Part 6: Privacy and confidentiality
Ensuring client privacy and confidentiality are standards of care that are critical to the success of this program. Confidential information includes any material that identifies or can readily be associated with the identity of a person and is directly related to his/her HIV status, risk behavior, and/or health care (whether oral or recorded in any form or medium).
Minimum professional standards for any agency handling confidential information should include providing employees with appropriate information regarding confidential guidelines and legal regulations. Agencies should develop and maintain procedures to protect the privacy and confidentiality of all clients, including ensuring the security of all client records.
|“Filling out documentation in front of people so they can see what you’re doing is important. Also, when you go into a locked filing cabinet, people can see that the information is secure.”|
Any agency planning to use the social networks strategy should describe procedures for protecting the privacy and confidentiality of clients and ensuring the security of all client records. These procedures must comply with the information security requirements in the local area. In addition, procedures should include, but not be limited to, the following:
- All staff with access to confidential information should sign a confidentiality statement acknowledging the legal requirements not to disclose HIV information.
- All services, whether in the office or clinic or in the field should be provided in spaces that maintain the client’s privacy.
- Efforts to contact and communicate with clients, network associates, partners, and spouses should be carried out in a manner that preserves the confidentiality and privacy of all involved.
- Client records should be kept in a locked office or file room when not being used to provide services.
- Access to client records should be limited to designated staff in the organization.
- When records are being used outside of the room designated for file storage, they should not be left visible or accessible to unauthorized persons.
- Databases containing electronic client records should be password-protected and should never be left open and visible on unattended computers.
- Computers with access to electronic client records should be kept in locked offices.
- Client information should not be released to other persons, agencies, or organizations without written informed consent from the client (or her or his legally designated representative).
- Policies and procedures regarding release of client information to other persons, agencies, or organizations must comply with all applicable requirements related to the Health Information Portability Privacy Act (HIPAA).
Go to Section One; Part