Privacy Policies: What and When Information is Collected
The first step in protecting privacy and confidentiality is limiting the amount of information that is collected.
Many recovery homes use applications from other programs or put unnecessary information into their application.
An application process should be limited only to information needed to determine if someone is eligible and a good fit for the program.
Examining the application and ensuring that only needed information is collected, and collected at the appropriate time, can limit the amount of information that needs to be protected.
Also, examine other forms and documents to make sure that all of the information collected is pertinent to its purpose. This is an extreme example, but an organization doesn’t need to collect the resident’s Social Security number on a grievance form. A simple way to reduce the risk that the information will get out is to not have a space on the form for this information.
Finally, it is a best practice to develop a records retention policy. Find out how long an organization is legally required to keep residents’ records. Set and follow document retention policies, and appropriately destroy records on the defined schedule, based on those policies.