Confidentiality and Consent
CDC is reviewing this page to align with updated guidance.
Minimum professional standards for any agency handling confidential information should include providing employees with appropriate information and/or training regarding confidential guidelines and legal regulations. All public health staff involved in case investigation and contact tracing activities with access to such information should sign a confidentiality statement acknowledging the legal requirements not to disclose COVID-19 information. Efforts to locate and communicate with clients and close contacts must be carried out in a manner that preserves the confidentiality and privacy of all involved. This includes never revealing the name of the client to a close contact unless permission has been given (preferably in writing), and not giving confidential information to third parties (e.g., roommates, neighbors, family members).
Maintaining confidentiality during COVID-19 case investigations and contact tracing can be particularly difficult in congregate settings. Prior discussions with the client can generate solutions for safeguarding confidentiality. Onsite administrators/employers who already know confidential information regarding a client or contacts can be asked to respect confidentiality, even if they are not legally bound to do so.
Legal and ethical concerns for privacy and confidentiality extend beyond COVID-19. All personal information regarding any COVID-19 clients and contacts should be afforded the same protections. This includes any and all patient records. Data and security protocols should include recommendations for password-protected computer access, as well as locked, confidential storage cabinets and proper shredding and disposal of notes and other paper records. Protocols should include instructions for the protection of confidential data and confidential conversations in a working-from-home setting (e.g., make telephone or video-conferencing calls from private room to avoid the conversation being overheard). Approaches to ensuring confidentiality and data security should also be included in training of staff.