Privacy, Records, HMIS - IHCDA Policies

1 post / 0 new
Elaine
Elaine's picture
Privacy, Records, HMIS - IHCDA Policies
Records of Residents/Clients of the New Hope Family Shelter

Ownership of Records: All facility and case management records are property of New Hope Family Shelter, Inc. Original records are never to be released except by the Executive Director or Director of Client Services or their directors when required by law. New Hope Family Shelter shall keep physical records for at least five (5) years after last contact with resident.

Conditions of Release of Information:  Information from resident/client records may not be released except (a) with authorization of the resident/client or (b) when a resident/client has committed a crime on New Hope Shelter property or against a staff person conducting New Hope Shelter business or (c) where required by law (including regulation governing child and adult protection), or (d) where there is concern that the resident or someone known by the resident is in life threatening danger.

Right of Resident/Client to Inspect Case Management Record - The resident/client may inspect the original record of their interactions with case management services (or an exact copy of the same, at the discretion of New Hope Shelter in the presence  of their case manager or other individual designated by the Director of Client Services or the Executive Director.
 
Resident/Client's Right to a Copy of Case Management Records - The resident/client may receive a copy of the case management file within a reasonable time, with authorization by Executive Director.

Internal Uses of Information - Information may be shared among NEW HOPE SHELTER staff, or volunteers for bona fide purposes including, but not limited to, the coordination of services, maintaining a consistent approach to certain clients and case review. No authorization by the resident/client is required. Information shared for purposes of "gossip “or shared in a public place where clients or outside persons are within hearing distance is not appropriate.  The Executive director and management staff are the only persons authorized to access information from a resident file. Resident files should not be removed from the building.

Third-Party Observation - Interviews may be observed by a third party (such as a student) only with the knowledge and consent of the client, and with the understanding that any information obtained will remain confidential. The third party must have a signed confidentiality agreement on file at New Hope Family Shelter.

Use of Anecdotal Information - Where information is used for education purposes, identifying information shall be omitted or altered to protect the identity of the individual.

Media Requests for Information - All requests from the media for information are to be referred to the Executive Director or highest-ranking staff person present.

Police and Other Visitors - All visitors are required to check in with the shelter staff before proceeding with any other activities. It is important that we maintain this procedure consistently with all visitors.
 
  1. All visitors must be preapproved by the executive director in advance.
  2. If the police are seeking an individual, but do not have a warrant or court order, we are obliged to treat them as we would any other visitor seeking a client. With their permission, we will call out the client's name and see if the individual responds. Neither the police nor anyone else shall be allowed to search or otherwise wander the building without an authorized purpose. (Such purposes may include, but are not limited to, a search based upon a warrant or tours given for educational or community relations purposes.) You may offer to take a message for a visitor to be posted in case the person they are looking for does come in the building.
Governmental Authorities - Information contained in the client's record shall be disclosed to government authorities only when required by law. If such authorities have a subpoena, court order or warrant, these will be honored. A subpoena does not require immediate release of information. The highest ranking available staff person should handle any such situations. A copy of the warrant or court order should be retained whenever possible. While New Hope Family Shelter legally may allow a client with an outstanding warrant to use the Center in a normal manner, we are required to cooperate with government authorities in verifying whether the resident/client is/was in, upon request and with evidence of the warrant or court order.

POLICY – Data Security & Reporting
 
New Hope Family Shelter's goal is to ensure the safety of all confidential material within the agency.  If confidential or sensitive information is lost, disclosed to unauthorized parties, or suspected of being lost or disclosed to unauthorized parties, both the information owner and Chief Executive Officer (“CEO”) must be notified immediately.
 
PROCEDURE
 
  1. Employees must report to the Executive Director and their immediate coordinator: (a) all losses or disclosures of confidential or sensitive information, (b) all information security violations and problems, (c) all suspected information security problems, vulnerabilities, and incidents, (d) any damage to or loss of New Hope Family Shelter computer hardware, software, or information that has been entrusted to their care.
 
  1. Any attempt to interfere with, prevent, obstruct, or dissuade an employee in their efforts to report a suspected information security problem or violation is strictly prohibited and cause for disciplinary action up to and including termination. Any form of retaliation against an individual reporting or investigating information security problems or violations is also prohibited and cause for disciplinary action up to and including termination.
 
  1. New Hope Family Shelter will not retaliate against employees who report in good faith what they believe to be a violation of laws or regulations, or conditions that could jeopardize the health or safety of other workers. These employees will not be terminated, threatened, or discriminated against because they report what they perceive to be a wrongdoing or dangerous situation.
 
  1. Employees must not play practical jokes, engage in pranks, or otherwise humorously make it look like a security incident is taking place, will take place, or has taken place when this is not true.
 
  1. Examples of confidential or sensitive information include but are not limited to: New Hope Family Shelter's private data, corporate strategies, competitor data, trade secrets, specifications, financial data, customer lists, research data; examples also include: a person’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such person: (a)  Social Security number; (b)  driver's license number or state-issued identification card number; or (c)  financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.
 
 
POLICY (Data Security)
 
New Hope Family Shelter's goal is to protect all confidential information within the agency by enforcing data safety procedures.
 
PROCEDURE
 
  1. Credit Card Software –All credit card software will have its default setting to make sure New Hope Family Shelter is not keeping information not needed.
 
  1. Lock Up Files—Store paper documents or files, as well as CDs, floppy disks, zip drives, tapes, and backups containing Personal Information in a locked room or in a locked file cabinet.
 
  • Limit access to employees with a legitimate business need.
  • Control who has a key, and the number of keys.
  • Require that files containing personally identifiable information be kept in locked file cabinets except when an employee is working on the file.
  • Employees are not to leave sensitive papers out on their desks when they are away from their workstations.
  • Employees are to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day. 
 
  1. All employees will encrypt Personal Information that is sent to third parties over public networks (like the Internet)
 
  1. New Hope Family Shelter regularly runs up-to-date anti-virus and anti-spyware programs on computers and on servers on our network.
 
  1. Employees cannot share their passwords or post them near their workstations.  Use password-activated screen savers to lock employee computers after a period of inactivity.  Lock out users who don’t enter the correct password within a designated number of log-on attempts.
 
  1. Restrict Laptops with Personal Information—Assess whether sensitive information really needs to be stored on a laptop. If not, delete it with a “wiping” program that overwrites data on the laptop. Wiping programs are available at most office supply stores. 
 
  • All laptops will be stored in a secure place. 
 
  • Personal Information will not be saved on the laptops.
 
 
  1. Firewall – New Hope Family Shelter uses a firewall to protect all computers from hacker attacks while it is connected to the Internet.
 
  1. Wireless Access – Is allowed but must be accessed via secure wireless access points that require a secure password.
 
Computer Use Policy
New Hope Family Shelter encourages the use of the Internet and e-mail because they make communication more efficient and effective. However, Internet service and e-mail are company property, and they are to be used only to facilitate company business. Every employee has a responsibility to maintain and enhance the company's public image and to use company e-mail and Internet access in a productive manner. The company has established the following guidelines for using e-mail and the Internet. Any unauthorized or improper use of e-mail or the Internet is not acceptable and will not be permitted.
 
PROCEDURE
Unacceptable Uses of the Internet and Company E-Mail 
New Hope Family Shelter e-mail and Internet access may not be used for transmitting, retrieving or storing any communications of a discriminatory or harassing nature or materials that are obscene or X-rated. Harassment of any kind is prohibited. No messages with derogatory or inflammatory remarks about an individual's race, age, disability, religion, national origin, physical attributes or sexual orientation may be transmitted or forwarded using the company system. No abusive, profane or offensive language may be transmitted through the company's e-mail or Internet system. The company's harassment policy applies in full to e-mail and Internet use. Employees do not have a personal privacy right regarding any matter created, received, stored or sent from or on the company's e-mail or Internet system or computers.

New Hope Family Shelter e-mail and Internet system also may not be used for any other purpose that is illegal, against company policy or contrary to the company's best interest. Solicitation of non-company business or any use of the company e-mail or Internet system for personal gain is prohibited.

Rules for Electronic Communication 
Each employee is responsible for the content of all text, audio or images that he or she places on send over the company's e-mail or Internet system. Employees may not hide their identities or represent that any e-mail or other electronic communications were sent from someone else or someone from another company. Employees must include their name in all messages communicated on the company's e-mail or Internet system.

Any messages or information sent by an employee to another individual outside the company via NHFS e-mail or Internet system (including bulletin boards, online services or Internet sites) are statements that reflect on New Hope Family Shelter. Despite personal "disclaimers" in electronic messages, any statements may be tied to the company.

All communications sent by employees via the company's e-mail or Internet system must comply with all NHFS policies and may not disclose any confidential or proprietary company information.

If employees receive unsolicited e-mail from outside the company that appears to violate this policy, the employee should notify his or her supervisor immediately. Similarly, if any employee accidentally accesses an inappropriate web site in the normal course of business, the employee should notify his or her supervisor immediately.

Downloading software
To prevent the downloading of computer viruses that could contaminate the e-mail or Internet system, no employee may download software from the Internet without prior authorization. Any and all software that is downloaded from the Internet must be registered to NHFS.

System Security 
NHFS reserves the right to routinely monitor how employees use e-mail and the Internet. NHFS may monitor to measure cost analysis/allocation and the management of the company's gateway to the Internet. All messages created, sent or received over the company's e-mail or Internet system are the company's property and should not be considered private information. NHFSreserves the right to access and monitor every message and file on the company's e-mail or Internet system. Despite the existence of any passwords, employees should not assume that any electronic communication is private. Highly confidential information or data should be transmitted in other ways.
 
Violations 
Any employee who violates these rules or otherwise abuses the privilege of the company's e-mail or Internet system will be subject to corrective action up to and including termination. If necessary, the company also reserves the right to advise appropriate officials of any illegal activities.

POLICY – Data Security & Reporting
 
New Hope Family Shelters goal is to ensure the safety of all confidential material within the agency.  If confidential or sensitive information is lost, disclosed to unauthorized parties, or suspected of being lost or disclosed to unauthorized parties, both the information owner and Chief Executive Officer (“CEO”) must be notified immediately.
 
PROCEDURE
 
  1. Employees must report to the CEO and their immediate coordinator: (a) all losses or disclosures of confidential or sensitive information, (b) all information security violations and problems, (c) all suspected information security problems, vulnerabilities, and incidents, (d) any damage to or loss of NHFS computer hardware, software, or information that has been entrusted to their care.
 
  1. Any attempt to interfere with, prevent, obstruct, or dissuade an employee in their efforts to report a suspected information security problem or violation is strictly prohibited and cause for disciplinary action up to and including termination. Any form of retaliation against an individual reporting or investigating information security problems or violations is also prohibited and cause for disciplinary action up to and including termination.
 
  1. NHFS will not retaliate against employees who report in good faith what they believe to be a violation of laws or regulations, or conditions that could jeopardize the health or safety of other workers. These employees will not be terminated, threatened, or discriminated against because they report what they perceive to be a wrongdoing or dangerous situation.
 
  1. Employees must not play practical jokes, engage in pranks, or otherwise humorously make it look like a security incident is taking place, will take place, or has taken place when this is not true.
 
  1. Examples of confidential or sensitive information include but are not limited to: NHFS's private data, corporate strategies, competitor data, trade secrets, specifications, financial data, customer lists, research data; examples also include: a person’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such person: (a)  Social Security number; (b)  driver's license number or state-issued identification card number; or (c)  financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.
 
 
POLICY (Data Security)
 
New Hope Family Shelters goal is to protect all confidential information within the agency by enforcing data safety procedures.
 
PROCEDURE
 
  1. Credit Card Software –All credit card software will have its default setting to make sure Agency is not keeping information not needed.
 
  1. Lock Up Files—Store paper documents or files, as well as CDs, floppy disks, zip drives, tapes, and backups containing Personal Information in a locked room or in a locked file cabinet.
 
  • Limit access to employees with a legitimate business need.
  • Control who has a key, and the number of keys.
  • Require that files containing personally identifiable information be kept in locked file cabinets except when an employee is working on the file.
  • Employees are not to leave sensitive papers out on their desks when they are away from their workstations.
  • Employees are to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day. 
 
  1. All employees will encrypt Personal Information that is sent to third parties over public networks (like the Internet)
 
  1. Agency regularly runs up-to-date anti-virus and anti-spyware programs on computers and on servers on our network.
 
  1. Employees cannot share their passwords or post them near their workstations.  Use password-activated screen savers to lock employee computers after a period of inactivity.  Lock out users who don’t enter the correct password within a designated number of log-on attempts.
 
  1. Restrict Laptops with Personal Information—Assess whether sensitive information really needs to be stored on a laptop. If not, delete it with a “wiping” program that overwrites data on the laptop. Wiping programs are available at most office supply stores. 
 
  • All laptops will be stored in a secure place. 
 
  • Personal Information will not be saved on the laptops.
 
 
  1. Firewall – Agency uses a firewall to protect all computers from hacker attacks while it is connected to the Internet.
 
  1. Wireless Access – Is allowed but must be accessed via secure wireless access points that require a secure password.
 
POLICY – Computer use
Agency (Insert here…) encourages the use of the Internet and e-mail because they make communication more efficient and effective. However, Internet service and e-mail are company property, and they are to be used only to facilitate company business. Every employee has a responsibility to maintain and enhance the company's public image and to use company e-mail and Internet access in a productive manner. The company has established the following guidelines for using e-mail and the Internet. Any unauthorized or improper use of e-mail or the Internet is not acceptable and will not be permitted.
 
PROCEDURE
Unacceptable Uses of the Internet and Company E-Mail 
The company e-mail and Internet access may not be used for transmitting, retrieving or storing any communications of a discriminatory or harassing nature or materials that are obscene or X-rated. Harassment of any kind is prohibited. No messages with derogatory or inflammatory remarks about an individual's race, age, disability, religion, national origin, physical attributes or sexual orientation may be transmitted or forwarded using the company system. No abusive, profane or offensive language may be transmitted through the company's e-mail or Internet system. The company's harassment policy applies in full to e-mail and Internet use. Employees do not have a personal privacy right regarding any matter created, received, stored or sent from or on the company's e-mail or Internet system or computers.
The company e-mail and Internet system also may not be used for any other purpose that is illegal, against company policy or contrary to the company's best interest. Solicitation of non-company business or any use of the company e-mail or Internet system for personal gain is prohibited.
Rules for Electronic Communication 
Each employee is responsible for the content of all text, audio or images that he or she places on send over the company's e-mail or Internet system. Employees may not hide their identities or represent that any e-mail or other electronic communications were sent from someone else or someone from another company. Employees must include their name in all messages communicated on the company's e-mail or Internet system.
Any messages or information sent by an employee to another individual outside the company via company e-mail or Internet system (including bulletin boards, online services or Internet sites) are statements that reflect on the company. Despite personal "disclaimers" in electronic messages, any statements may be tied to the company.
All communications sent by employees via the company's e-mail or Internet system must comply with all company policies and may not disclose any confidential or proprietary company information.
If employees receive unsolicited e-mail from outside the company that appears to violate this policy, the employee should notify his or her supervisor immediately. Similarly, if any employee accidentally accesses an inappropriate web site in the normal course of business, the employee should notify his or her supervisor immediately.
Downloading software
To prevent the downloading of computer viruses that could contaminate the e-mail or Internet system, no employee may download software from the Internet without prior authorization. Any and all software that is downloaded from the Internet must be registered to the company.
System Security 
The company reserves the right to routinely monitor how employees use e-mail and the Internet. The company may monitor to measure cost analysis/allocation and the management of the company's gateway to the Internet. All messages created, sent or received over the company's e-mail or Internet system are the company's property and should not be considered private information. The company reserves the right to access and monitor every message and file on the company's e-mail or Internet system. Despite the existence of any passwords, employees should not assume that any electronic communication is private. Highly confidential information or data should be transmitted in other ways.
Violations 
Any employee who violates these rules or otherwise abuses the privilege of the company's e-mail or Internet system will be subject to corrective action up to and including termination. If necessary, the company also reserves the right to advise appropriate officials of any illegal activities.