Standards of Confidentiality and Information Sharing

Healthy Families Florida

Standards of Confidentiality and Information Sharing

I.  Release and Waivers

A.  Informed Consent

At the initial home visit with the participant/family, program staff should discuss with the participant/family the nature of the information that may be shared and with whom, and that any information shared with the Ounce of Prevention Fund/Healthy Families Florida and the Department of Children and Families will be only for the purpose of evaluation and determining the service needs of the family. The participant, who is the subject of the information, gives consent to share this information through a signed written release. Copies of all signed releases should be maintained in the participant file.

B.  Requirements of Release

Each release should include:

1.  The name of the person who is the subject of the information

2.  The name of the person, program, or agency sharing the information

3.  The name of the person, program, or agency with whom the information will be shared

4.  The reasons for sharing the information

5.  The kind of information that will be shared

6.  The signature of the person authorizing the exchange of information

7.  The date the release is signed

8.  A statement that the subject of the information has the right to revoke the release at any time

9.  An expiration date for the release (remember that even after completion of the program, information may continue to be shared for a specified amount of time for the purpose of program evaluation and the expiration date should include this time frame)

I.  Obstacles to Making Informed Consent

An informed consent is one in which the person possesses sufficient knowledge of the risks and benefits of the release of information and is capable of making a reasoned choice between alternatives. The following situations should be considered to ensure informed consent is not hindered.

A.  Legal incompetence – Authorizations for exchange of information must be signed by a legal guardian in cases where the subject of the information has been legally determined to be incompetent.

B.  Minors – Individuals under the age of 18 are considered minors and require the signature of a parent or guardian unless the individual is, or ever has been married or has been legally emancipated. Mothers under the age of 18 may still sign consent for services and authorize exchange of information regarding their child.

C.  Language and culture – A written release of information in a language not understood by the client is invalid. The release form should be presented in the individual’s native language. Many immigrants fear that the personal information they provide may put them or their families at risk of deportation. Whenever this is an issue, staff should explain that information is not given to the Immigration and Naturalization Services office.

II.  Protocols to ensure participant confidentiality

All staff should ensure that the confidentiality of the participant/family is preserved at all times. The procedures include, but are not limited to:

A.  Affidavit of understanding of confidentiality – The affidavit constitutes promises not to disclose participant information to any other person or agency unless specifically authorized in writing. These affidavits are written, signed and witnessed and kept in the staff’s personnel file.

B.  Phone protocol – All staff should be trained in how to answer phone calls requesting information on participants. A standard “I cannot confirm or deny that the person you are asking about is involved with our program. If you would like, leave your name and phone number and we will get back to you” can be used. This allows the staff time to check the participant’s file to verify if we have a release to share information with the caller/agency.

C.  Participant files – Any papers or files that may contain sensitive or identifying information should be kept in a secure place (locked file cabinet or desk drawer). When staff leave their desk or computer, files should be securely stored.

D.  Computer workstations - Computer workstations that have confidential information or access to confidential information must use the screen lock when staff are away from their desk. All electronic files containing confidential information saved on local workstations or server must be password protected.

E.  Management Information Systems (MIS) – All automated MIS should have established security systems that allow only authorized personnel access. Access to computers that are networked to the MIS should be limited as well as modem lines. A computer that has a modem should also be protected from unauthorized access. Passwords and software can assist in securing the data. Project staff are not allowed to share their passwords. MIS systems should include a method for updating passwords and eliminating access for any staff that leave.

F.  Mailing documents – When it is necessary to mail documents that include confidential information, the envelope containing the documents should be sent via registered or certified mail. The intended recipient should be notified the package is being mailed and the receipt of the package should be verified.

G.  Faxing – Documents with confidential information should be faxed only between secure fax machines and the recipient should be notified prior to sending. The recipient should stand by to receive the fax.

H.  Email – Confidential information should never be included in e-mail or through any social networking venue. If it is necessary to send confidential information via e-mail, the information should be placed in a password protected attachment. If it is necessary to communicate via a social networking venue, transactions should occur only through private messaging. Comments and/or communication should never be posted in such a way that it can be viewed by others.

I.  Disposal of documents - Once documents have exceeded the required timeframe for document retention, documents containing confidential information should be disposed of properly by mechanical shredding.

J.  Referrals among programs – When referring a participant to another program for services, project staff should inform the participant of the referral, obtain a Limited Authorization for Exchange of Information to be shared with the referral source and alert receiving program if confidential participant information accompanies the referral.

K.  Transfer of participants between Healthy Families programs – Prior to transferring a family to another Healthy Families program, project staff should obtain a signed release of information to share information with the receiving project. Once the receiving project has obtained a signed consent to participate in the program, the project may send a copy of the participant file via certified mail to the receiving project. All information except for information related to the following may be sent to the receiving project:

1.  Acquired Immune Deficiency Syndrome (AIDS),

2.  Human Immunodeficiency Virus (HIV),

3.  Tuberculosis (TB),

4.  Sexually transmitted diseases (STDs),

5.  Alcohol or substance abuse, and

6.  Mental health treatment Information.

Information related to these topics requires an additional release to be signed specific to this information.

My signature below indicates I have read the Standards of Confidentiality.

Staff Signature: ______Date: ______

Supervisor Signature: ______Date: ______