From the ACT Human Resources Policy and Procedures Manual, Section: 2.16: Confidentiality
The purpose of this statement of policy and procedures is to detail ACT’s commitment to confidentiality and the responsibility of all ACT employees, volunteers and students and to preserve the privacy of employees, students, volunteers, services users and ACT by outlining obligations and procedures for dealing with personal, privileged and/or confidential information.
All employees at one time or another may receive personal, privileged and/or confidential information which may concern other employees, students, volunteers, service users or agency business and operations.
This policy applies to all employees, students, volunteers, contractors, subcontractors or anyone else who is granted access to personal, privileged and/or confidential information.
ACT is committed to protecting the right to privacy and honours the confidentiality of current, former and prospective service users, volunteers, students, members, donors, sponsors and employees.
Each of us has a legal and ethical responsibility to ensure the confidentiality and security of all personal, medical, clinical, administrative, financial, client and employee information. All employees, volunteers, students and board members are responsible for protecting the security of all related information (oral or recorded in any form) that is obtained, handled, learned, heard or viewed in the course of his/her work or association with the programs and services or business of ACT.
Use or disclosure of all information of a private or confidential nature is acceptable only in the discharge of one’s responsibilities and duties and based on the need to know. Discussion regarding such information shall not take place in the presence of persons not entitled to such information or in public places such as elevators, lobbies, event venues, off premises etc.
It is the responsibility of all employees, students and volunteers:
- To become familiar with and follow the policies and procedures regarding the collection, use, disclosure, storage and destruction of confidential information;
- To collect, access and use confidential information only as authorized and required to provide care or perform their assigned duties;
- To divulge, copy, transmit, or release confidential information only as authorized and needed to provide care or perform their duties;
- To safeguard passwords and/or any other user codes that access entry to ACT premises, telephone system, computer systems and programs;
- To identify confidential information as such when sending emails, scanned documents or fax transmissions and to provide direction to the recipient if they receive a transmission in error;
- To discuss confidential information only with those who require this information to provide care or perform their duties and make every effort to discuss confidential information out of range of others who should not have access to this information;
- To continue to respect and maintain the terms of confidentiality after an individual’s employment/affiliation with the organization ends;
- To report any suspected breaches of confidentiality to his/her Supervisor.
ACT reserves the right to conduct regular audits of employee, students and volunteer access to client information to determine compliance. Any misuse, or disclosure of confidential information without appropriate approvals, may be cause for corrective action up to and including termination of employment, loss of privileges, termination of a contract, or similar action.
Any individual receiving a breach of confidentiality complaint or having knowledge or a reasonable belief that a breach of confidentiality may have occurred shall immediately notify his/her Supervisor. The Supervisor notified, shall in turn notify the Executive Director of the alleged circumstances relating to the violation of this policy.
The Supervisor in consultation with the Executive Director shall decide whether to proceed with an investigation. If the decision is made to proceed with an investigation, the Supervisor in consultation with the Executive Director will consult with the appropriate resources, document findings and make a determination as to whether there has been a breach of confidentiality.
If it is determined that a breach of confidentiality has occurred, appropriate action will be taken up to and including termination of employment.
Confidential information includes but is not limited to the following personal service user information disclosed to ACT:
- the fact that an individual is a current, former or prospective service user;
- physical or medical diagnosis or condition;
- family relations;
- sexual orientation; and
- phone number or address.
The above includes service users who may also be students, volunteers or research participants. Service user includes any individual who provides personal information to ACT, consents to a third party providing such information to ACT in connection with services received or anticipated to be received. Service user includes prospective, current and former service users. Service user information may not be disclosed to a partner, family member or friend without the express permission of the service user. If requesting information about a person known to ACT, these individuals are to be directed back to the person about whom they were enquiring.
The following confidential information includes but is not limited to information distributed within the agency, including:
- Employee personnel matters;
- Confidential ACT business and organizational issues;
- Private information regarding employees, students or volunteers or donors;
- Mailing lists, telephone numbers or email addresses compiled of prospective, current or former: service users, employees, contributors, volunteers, sponsors and donors are confidential and are not to be shared without the express written permission of the persons involved or of the Executive Director or his/her designate.
Should any information be released without express permission of the persons involved, the Executive Director or his/her designate must notify the Board of such occurrence at the subsequent meeting of the Board of Directors.
Breach of Confidentiality
It is a breach of confidentiality to:
- Discuss any confidential information within or outside ACT where it may be heard by individuals who are not authorized to have access to that information.
- Provide confidential information or records to unauthorized individuals.
- Leave confidential information in written form or displayed on a computer terminal in a location where it may be viewed by unauthorized individuals.
All employees, volunteers, students, and other individuals with access to confidential and privileged information are required to sign a confidentiality agreement before commencing duties at ACT. Employees will be requested to sign the confidentiality statement as part of the letter of offer and/or anytime thereafter when an updated revision requires signature.
The obligation to maintain confidentiality applies to the duration of the contact with ACT and continues indefinitely after the relationship with ACT has ceased.