Download Article
Protect your clients' most sensitive information with these simple tips
Download Article
Whether you’re an entrepreneur or an educator, protecting sensitive information is a priority. For some industries, such as healthcare, there are strict laws and ethical codes that govern private information. Since private information is routinely stored electronically, any conversation on confidentiality must cover cybersecurity. While codes, laws, and technology are complex topics, the foundation of confidentiality is simple: awareness. Always be conscious of your actions, aware of your surroundings, and informed about your responsibilities.
Steps
-
Handle private documents carefully. Don’t leave private documents unattended, whether you’re a nurse, lawyer, or an employee handling your company’s confidential material. Remain aware of where the materials are and who can access them. When disposing of confidential documents, do not merely use a single paper shredder, as the shredded paper can be re-integrated. Try to shuffle the documents and then process documents at several paper shredders. If you tend to destroy confidential documents in bulk, contact confidential recycling company on site. [1] X Research source
- For example, if you’re a healthcare professional, don’t leave a patient’s medical records unattended on a cafeteria table or in a reception area.
-
Lock file rooms, cabinets, and other storage spaces. In addition to securely storing confidential materials, ensure they’re protected from damage. For instance, irreplaceable vital documents should be stored in fireproof, waterproof safes or cabinets.
- When you leave a secure room, make sure drawers, cabinets, and doors are locked. To avoid accidental breaches, get in the habit of double checking every handle before you walk away from a storage unit or door.
Advertisement -
Use discretion when discussing confidential information. Always be aware of your surroundings whenever you talk about private information. Discuss sensitive information in a private setting, and make sure only authorized personnel are within earshot. [2] X Research source
- When you have to confer with a colleague about a patient or client, discuss only the necessary details. Depending on your location and industry, you might be legally required to withhold or change any identifying information.
- If a client or patient calls you, head to a private location to talk. Unless it’s an emergency, avoid discussing confidential over the phone. Discuss scheduling issues over the phone, for example, but save sensitive information for a face-to-face conversation.
-
Protect intellectual property with confidentiality agreements . Regardless of your role or industry, you’ll most likely sign a non-disclosure agreement at some point in your professional career. Always read any contract carefully before agreeing to its terms. [3] X Research source
- If you’re an employee, make sure you understand terms such as using your company’s intellectual property within certain bounds or not discussing operations with family and friends. Report to your manager if you need to access to confidential documents, if necessary.
- If you operate a business, you’ll want to secure any confidential information you need to exchange during transactions, negotiations, and other occasions. For instance, if you’re presenting an invention to a potential investor, it’s wise to have your lawyer draft a non-disclosure agreement to ensure your intellectual property won’t be used without your consent.
Advertisement
-
Familiarize yourself with your specific legal and ethical requirements. From healthcare professionals to educators, each profession has its own ethics codes on confidentiality. Furthermore, laws that govern confidentiality vary by location, and industries are regulated in different ways. [4] X Trustworthy Source American Psychological Association Leading scientific and professional organization of licensed psychologists Go to source
- While ethical and legal obligations can get complicated, not knowing them won’t be an excuse if you accidentally breach them. Your employer or professional organization should provide resources on ethical and legal compliance.
- If you’re not sure about a situation that could lead to a potential ethical or legal pitfall, don’t do anything without doing your homework. Consult your profession’s code of ethics, look up applicable local or federal laws, get advice from a trusted colleague (without disclosing private information), or contact your professional organization.
-
Inform clients and patients how their information is used. If you handle confidential information for a client or patient, you’re most likely ethically or legally bound to make sure they understand their privacy rights. Tell them what information is recorded, how it’s stored and for how long, and how it’s used. [5] X Research source
- Ask them if they have any questions about how information such as medical or legal records are stored and used.
- Additionally, inform them of the limitations of their right to privacy. For instance, if you’re a therapist, inform your patient that you’re obligated to report if they threaten to harm themselves or others.
-
Comply with the more stringent law when 2 privacy laws interact. When 2 laws interact, 1 takes precedence over the other. In general, comply with the law that offers stricter privacy protections for a patient or client. [6] X Trustworthy Source American Psychological Association Leading scientific and professional organization of licensed psychologists Go to source
- Suppose you’re a psychologist in New Hampshire and you’ve received a subpoena requesting information about a patient. New Hampshire (NH) state law and the Health Insurance Portability and Accountability Act (HIPAA) both govern how providers handle patient records, but vary when it comes to disclosing patient records to legal authorities.
- Since NH law requires a court order or patient consent, rather than a subpoena alone, it offers stricter protection than HIPAA. In this case, you’d be breaking the law if you complied with the subpoena.
-
Discuss legal compliance with any third-party associates. Make sure any other entities that you do business with understand privacy laws that regulate your industry. Check their history of compliance, and steer clear if you find any violations in their history. [7] X Trustworthy Source American Academy of Family Physicians Organization devoted to improving the health of patients, families, and communities Go to source
- For instance, suppose you’re a doctor or counselor running a private practice. Research all associates you hire or services you retain, including billing specialists, medical staff, insurers, labs, and internet service providers. If someone on staff or a service you use mishandles confidential information, your practice could lose its reputation and suffer legal consequences.
- Title 13 in the United States Code mandates that all of the data collected by the Census Bureau is confidential. [8] X Trustworthy Source United States Census Bureau The United State's leading and trusted source of quality data about its people and economy. Go to source
- There are all kinds of legal restrictions, so it cannot share the data. [9] X Trustworthy Source United States Census Bureau The United State's leading and trusted source of quality data about its people and economy. Go to source
- But there are no restrictions for Facebook and Google. They can share their data. [10] X Research source
-
Obey mandatory reporting laws. Sometimes, you’re legally obligated to disclose information that would otherwise be confidential. For instance, if you’re a healthcare professional, you’re required to contact the authorities if a patient tells you they plan on harming themselves or others. Failure to do so could land you in legal trouble and jeopardize your professional certification. [11] X Trustworthy Source American Psychological Association Leading scientific and professional organization of licensed psychologists Go to source
- Additionally, patient or client records might be requested by subpoena, court order, or warrant. If necessary, disclose only the information specified in the legal demand. For instance, if a court order requests information about a specific injury, don’t disclose records about an illness they had as a child.
- Keep in mind that attorney-client privilege takes precedence over legal demands, such as a discovery request or ordering a lawyer to testify under oath. [12] X Research source
Advertisement
-
Install and update antivirus and anti-malware software. The first step to safeguarding electronic data is to keep your antivirus software updated. If it’s not updated, you’re not protected from the latest online threats. [13] X Trustworthy Source American Academy of Family Physicians Organization devoted to improving the health of patients, families, and communities Go to source
- Additionally, make sure you and anyone you work with use the internet safely. For instance, don’t click on suspicious links or open email attachments from unknown senders.
-
Position screens that display personal information strategically. More data is compromised due to shoulder surfing than computer viruses, but it’s an often overlooked aspect of cybersecurity. [14] X Trustworthy Source United States Department of Justice Official website of the U.S. Department of Justice Go to source Make sure monitors, computer screens, and other devices that display confidential information are visible only to authorized personnel. [15] X Trustworthy Source American Academy of Family Physicians Organization devoted to improving the health of patients, families, and communities Go to source
- For example, if you own a small restaurant, don’t leave your laptop open on the bar with your financial information visible. If you’re a doctor, make sure patients can’t see screens that display personal information from the waiting area or reception desk.
- It’s also wise to use privacy screen savers and password-protected lock screens.
-
Verify a recipient’s information before sending private documents. Always make sure you’ve correctly entered an email address or fax number before sending any documents that contain sensitive information. If think you might have a letter or number wrong, call the recipient to verify their contact information. [16] X Research source
- Additionally, review your industry’s code of ethics and local laws to make sure you’re allowed to send a given confidential document.
-
Encrypt private electronic data whenever possible. Even if you’re not legally required to encrypt electronic data and communications, you should still consider it. Look into hiring an IT security specialist to develop a secure portal through which you can communicate with patients or clients. [17] X Trustworthy Source American Academy of Family Physicians Organization devoted to improving the health of patients, families, and communities Go to source
- If you’re a member of a professional organization, they might partner with a company that specializes in secure communications for your industry. You might be able to hire that company at a discounted rate.
Advertisement
Expert Q&A
Ask a Question
200 characters left
Include your email address to get a message when this question is answered.
Submit
Advertisement
Tips
Submit a Tip
All tip submissions are carefully reviewed before being published
Name
Please provide your name and last initial
Thanks for submitting a tip for review!
References
- ↑ https://www.rch.org.au/uploadedFiles/Main/Content/rchhis/Maintaining_Confidentiality_Guide.pdf
- ↑ https://www.rch.org.au/uploadedFiles/Main/Content/rchhis/Maintaining_Confidentiality_Guide.pdf
- ↑ https://www.forbes.com/sites/allbusiness/2016/03/10/the-key-elements-of-non-disclosure-agreements/#1f5efab8627d
- ↑ http://www.apa.org/monitor/jan03/10ways.aspx
- ↑ https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/200146/Confidentiality_-_NHS_Code_of_Practice.pdf
- ↑ http://www.apa.org/monitor/jan03/hipaa.aspx
- ↑ https://www.aafp.org/fpm/2005/0400/p43.html
- ↑ https://www.census.gov/history/www/reference/privacy_confidentiality/title_13_us_code.html
- ↑ https://www.census.gov/history/www/reference/privacy_confidentiality/title_13_us_code.html
- ↑ https://www.theguardian.com/commentisfree/2018/mar/28/all-the-data-facebook-google-has-on-you-privacy
- ↑ http://www.apa.org/monitor/jan03/10ways.aspx
- ↑ https://www.law.cornell.edu/wex/attorney-client_privilege
- ↑ https://www.aafp.org/fpm/2005/0400/p43.html
- ↑ https://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud
- ↑ https://www.aafp.org/fpm/2005/0400/p43.html
- ↑ https://www.rch.org.au/uploadedFiles/Main/Content/rchhis/Maintaining_Confidentiality_Guide.pdf
- ↑ https://www.aafp.org/fpm/2005/0400/p43.html
About This Article
Thanks to all authors for creating a page that has been read 127,316 times.
Advertisement