Show:
Files & Records
He said, She Said
Digital Dilemma
Ring Ring Ring
Paper Trails
100
100: Your UC customer calls wanting a print-out of her benefits. She says this urgently needs to be faxed to her auto loan company, so she can get a hardship extension to keep her vehicle. She can’t pick it up and the bank needs it by 12 noon today. You send the fax.
Yes. Customer must come in person with a state issued ID. Or the document may be mailed to address of record. We cannot fax confidential documents to third parties. “Unemployment Compensation Records are confidential by law. [443.171, 443.1715, 443.181, F.S. (2005)] All information entered into an information management system regarding the employment services a PREP/REA customer may receive is confidential.” (ADM-DR-0060 Establishing and Maintaining Confidentiality) Any employee receiving or releasing confidential information that violates any provision of this subsection commits a misdemeanor of the second degree punishable as provided in sections 775.082 and 7775.083, F.S. (2005). (AWI Policy Number 1.02 Confidentiality of Records and Public Records Requests and Subpoenas)
100
100: You are heading out for lunch. A customer, without an appointment, comes out of the resource room and stops you in the waiting area. She is upset over being sanctioned, and immediately launches into a detailed (and loud) explanation about her circumstances.
Yes. Services a customer receives are confidential. While she has disclosed them herself, it is our duty to direct the customer to a quiet location to discuss private details. “All parts of a WT participant’s file are confidential.” (ADM-DR-0060 Establishing and Maintaining Confidentiality)
100
100: You get an e-mail from a customer. It has an attachment that does not appear to be a resume. You open the attachment and it is a file with links to a site selling herbal supplements.
Yes. This might be spam containing a virus. Some viruses can infect your computer or the entire network, allowing access and confidential information to be relayed electronically to a third party. Notify IT immediately. “It is the responsibility of all WORKFORCE plus network users to take reasonable steps to prevent virus outbreaks… Do not open unexpected e-mail attachments, even from coworkers.” (WORKFORCE plus Network Policy and Procedures)
100
100: You receive a phone call. “I want to know if my son was there today. He said he had to go to a PREP workshop.” You check the attendance roster and tell the caller, “No, sorry I did not see Michael today.”
Yes. "Unemployment Compensation Records are confidential by law. All information entered into an information management system regarding the employment services a PREP/REA customer may receive is confidential." (ADM-DR-0060 Establishing and Maintaining Confidentiality)
100
100: You create a file folder for your new customer. The label contains First Name, Last Name and the full SSN.
Yes. Confidentiality Protocols: provider staff will ensure…: “Any reports created will reflect only the last four digits of a customer’s social security number.” (ADM-DR-0060 Establishing and Maintaining Confidentiality)
200
200: You are called to the front desk. There is someone making a public records request of files from your program. Your OM and your supervisor are in meetings all day and cannot be reached. This person wants copies of the files today. You make the requested copies and provide them to the visitor.
Yes. All program files except portions of WIA records are confidential. If a public records request is made, the Board would be contacted. Records requests and/or subpoenas should be in writing. “Customer/Client Records – In any case in which WORKFORCE plus is served with a subpoena {or a public records request} requiring access to customer/client records, or information from such records is required to be furnished; the Program Evaluator Specialist (currently the Performance Unit Manager) must be notified.” (ADM-PL-0064-A_Sept-05-2012 WORKFORCE plus Administrative Plan) “WIA records are public records pursuant to Section 185, WIA. However, public access is not allowed if: (a) disclosure of information would constitute a clearly unwarranted invasion of personal privacy; and (b) the information constitutes a trade secret, or commercial or financial information that is obtained from a person that is privileged or confidential.” (AWI Policy Number 1.02 Confidentiality of Records and Public Records Requests and Subpoenas)
200
200: You have a frequent customer at your desk. She is always very genuine and personable, and her visits are like catching up with an old friend. You know that some of her family members are also customers. She asks you if her sister-in-law has been in lately, or were you able to get her child care for the part time job she was offered. You tell her that yes, she did get the childcare, but you haven’t heard from her since she started working.
Yes. Services provided to customers are confidential. “I will not disclose any individual data to any parties who are not authorized to receive such data …” (ADM-FR-0061_Nov-19-2009 Individual Non-Disclosure and Confidentiality Information)
200
200: You are logged into your computer and assisting a customer. There is someone at the front desk for you dropping off a document. It will only take a moment for you to run up and get it. You leave your customer at your desk.
Yes. Confidentiality Protocols: provider staff will ensure…: “Removal of confidential data from office/cubicle areas, including computer screens, when staff is not present, and/or a customer is present.” (ADM-DR-0060 Establishing and Maintaining Confidentiality)
200
200: Your customer misses her appointment again. You call the contact number and there is no answer. You locate an alternate contact number. This time a cousin answers. Customer is not there. You give the cousin your name and number and tell her to please ask your customer to call today, or she will lose her cash assistance.
Yes. “All parts of a WT participant’s case file are confidential…” and “Any telephone calls made to schedule, remind and/or confirm a customer’s participation will not reference confidential information.” (ADM-DR-0060 Establishing and Maintaining Confidentiality)
200
200: You’ve cleared an hour to catch up on case-notes and to close files. There is a large stack of files on your desk. A walk-in customer asks for you, you go up front and bring her back to your desk.
Yes. Confidentiality Protocols: provider staff will ensure…: “Removal of confidential data from office/cubicle areas… when staff is not present, and/or a customer is present.” (ADM-DR-0060 Establishing and Maintaining Confidentiality)
300
300: You print out your FSET customer’s Notice of Failure to Comply and Possible Sanction form. You see a mistake, so you make the correction and reprint the form. You tear up the first copy with the mistake; toss it in the box for shredding under your desk.
Yes. Any documents (even Post-it notes or receipts) containing information identifying a customer are confidential. This document must go in one of the secure shred bins right away. It cannot be left out where an unauthorized person might come across it. Confidentiality Protocols: provider staff will ensure…: “Removal of confidential data from office/cubicle areas… when staff is not present, and/or a customer is present.” (ADM-DR-0060 Establishing and Maintaining Confidentiality)
300
300: You see a customer in the office going to another CS. She is the mother of your child’s classmate, but you have only seen her a few times. The classmate lives with his grandmother, as his parents appear to be out of the picture. Your child often plays after school at the grandmother’s home with a group of other kids. You’ve heard a lot of negative gossip, and don’t want to assume the worst about this woman – but you want to know more. You look her up in EFM and OSST.
Yes. “I will use access to the systems only for purposes authorized by law to secure information to conduct official program business consistent with my official public duties.” (ADM-FR-0061_Nov-19-2009 Individual Non-Disclosure and Confidentiality Information)
300
300: During lunch, you check your personal e-mail on your office computer. By the title of the message, you see your Great-Aunt Gertie sent you another one of her chain e-mails. Sometimes these messages can be funny, so you open it, hoping for a much-needed laugh.
Yes. Chain e-mails are prohibited by policy due to the risk of viruses infecting our network. These viruses could breach confidential information. “It is the responsibility of all WORKFORCE plus network users to take reasonable steps to prevent virus outbreaks… Do not open unexpected e-mail attachments, even from coworkers.” (WORKFORCE plus Network Policy and Procedures)
300
300: A co-worker has stopped by your desk. The phone rings and a customer on the line engages you in a conversation with lots of personal details. You finally get off the phone. You say to your co-worker. “Well, it was Emmitt Brown AGAIN. Remember the guy that comes in here with a ‘substance-abusing’ girlfriend half his age? He is being evicted and can’t go to his interview today. I told him where he could get assistance for his rent last month, or to look for a cheaper place. Now he won’t have a place to live and he will be up here all day, every day, with the girlfriend and her kids running around.”
Depends. If your co-worker works with this customer and has some need to know the customer is being evicted, then no, it is not a breach. If your co-worker does not have professional contact with this customer, then yes it is. “I will not disclose any individual data to any parties who are not authorized to receive such data …” (ADM-FR-0061_Nov-19-2009 Individual Non-Disclosure and Confidentiality Information)
300
DAILY DOUBLE!!! 300: Your staff activity form is on your desk. Customer signs in and points to another name on the page – a customer you saw earlier that day. “I know HER! She goes to my church. I didn’t know she came in here.”
Yes. Confidentiality Protocols: provider staff will ensure…: “Removal of confidential data from office/cubicle areas… when staff is not present, and/or a customer is present.” (ADM-DR-0060 Establishing and Maintaining Confidentiality) This issue can come up with the front desk sign in sheets. How can we safeguard customer confidentiality?
400
400: A file is transferred over to you. This customer has a thick file with a long history. You know that there may be special circumstances with this customer and want to review the file before she comes in. You are booked solid with appointments, so you take the file home with you to read.
Yes. It is NEVER okay to take customer files off-site. Customer files are the property of WORKFORCE plus and must remain on the premises unless specifically authorized. Confidentiality Protocols: provider staff will ensure…: “Case files are stored in locked cabinets/drawers” (ADM-DR-0060 Establishing and Maintaining Confidentiality)
400
400: You are shopping at Publix. You see one of your customers and say Hello. You ask him how the last few referrals turned out. You remind him he should come in for that Training Academy class you’ve been recommending.
Yes. Customer information is confidential, beginning with his or her identity and extends to services provided. If customer speaks to you first, it is fine to greet each other and engage in small talk. Conversations related to services should be deferred until you are at the office. If you initiate a conversation, that may put customer in a position to have to explain his or her relationship to you to members of his party. “I will not disclose any individual data to any parties who are not authorized to receive such data …” (ADM-FR-0061_Nov-19-2009 Individual Non-Disclosure and Confidentiality Information)
400
400: You are working in EFM, and find that you do not have the access level required to complete a task. You e-mail a request to your supervisor and the Administrative manager requesting the additional access. You know the request goes through IT, and you are not sure how long it will take. While you are waiting, you ask your best friend/co-worker to log in under her password, so you can look up what you need.
Yes, a breach of policy has occurred if your co-worker allows you to use her password. “I will not disclose my user identification, password, or other information needed to access the systems to any party nor shall I give any other individual access to information secured.” (WORKFORCE plus Network Policy and Procedures)
400
400: You have a co-worker at your desk. The phone rings and a customer on the line engages you in a conversation with lots of personal details. You finally get off the phone. You say to your co-worker, “Well, it was Emmitt Brown AGAIN. Remember the guy that comes in here with a ‘substance-abusing’ girlfriend half his age? He is being evicted and can’t go to his interview today. I told him where he could get assistance for his rent last month, or to look for a cheaper place. Now he won’t have a place to live and he will be up here all day, every day, with his crack-head girlfriend and her kids running around.” Unbeknownst to you, Mr. Brown’s nephew, Marty McFly is in the next cubicle for an appointment and hears everything you said. Marty’s mother and Mr. Brown’s wife are sisters. Marty immediately texts his mother everything he heard.
Yes. While you believed you were having a private conversation, it clearly wasn’t. Steps must be taken to safeguard that identifiable customer information must remain confidential. “I will not disclose any individual data to any parties who are not authorized to receive such data …” (ADM-FR-0061_Nov-19-2009 Individual Non-Disclosure and Confidentiality Information)
400
400: You have a drawer that contains some files that are closed in the system. The follow-ups are complete on these customers. But you are familiar with the histories and patterns of these customers. They will all be back to see you in the next month or so; you are certain.
Yes. ”Para. 11: I will retain the confidential data only for that period of time necessary to perform my public duties. Thereafter, I will either arrange for the retention of such information consistent with federal or state record retention requirements or destroy such data, and any copies made, after the purpose for which the information is disclosed is served in such a way to prevent the information from being reconstructed, copied, or used by any means.” (ADM-FR-0061_Nov-19-2009 Individual Non-Disclosure and Confidentiality Certification)
500
500: A customer brings you a copy of his documents including some medical records. You record any pertinent information electronically, and then you store all of the documents in his file folder, along with your other files in your cubicle.
Yes. Confidentiality Protocols: provider staff will ensure…: “All health information is stored securely and separately from the primary case files of individuals” (ADM-DR-0060 Establishing and Maintaining Confidentiality) “Medical forms and documentation will be maintained in the participants case file, secured in a sealed envelope clearly marked “Confidential”, and be secured in a locked cabinet. Unlike Domestic Violence documentation which is maintained in a file separate from the participant’s case file, and stored in a locked cabinet. (WTP-DR-0033 Medical Incapacity Directive)
500
500: You have a customer at your desk. You phone keeps ringing repeatedly. Finally assuming it must be some emergency, you pick up and a customer on the line engages you in a conversation with lots of personal details. You finally get off the phone. You say to the customer at the desk, while shaking your head. “Sorry about that. That woman calling has got so many problems. She was arrested again. She’s about to lose her kids. And you heard her yelling at me that she can’t accept a retail job because she doesn’t have a car.”
No. Confidentiality was not broken, so long as no identifying information was provided. But, this conversation is unprofessional behavior. Care should be taken that customers can trust in staff member’s discretion.
500
500: You often check and reply to your WORKFORCE plus e-mail on your smart phone. This is your personal phone, and was not issued through WORKFORCE plus.
Yes. Two issues actually. 1) Wireless transmissions may not always be secure. Some less reputable Apps and Games function as spyware, possibly allowing a third party to gain access to your e-mail log-in and our systems. Files or downloads on your phone may also contain viruses, that may enter our network through e-mail access. 2) E-mail accounts belong to WORKFORCE plus. “Electronic communications systems and all messages generated on or handled by electronic communications systems, including back-up copies, are considered to be the property of WORKFORCE plus, and are not the property of users of the electronic communication services.” (WORKFORCE plus Network Policy and Procedures) Additionally, if WORKFORCE plus becomes a party to litigation, electronic communications and devices used to convey electronic messaging may be subpoenaed and subject to inspection. This means you may be asked to temporarily surrender your personal mobile devices as evidence.
500
500: You are trying to reach your customer and he does not have an e-mail address. He calls while you are out and leaves you a contact number on your voice-mail. The connection is poor, and you are not positive of the number. You try the number and reach a generic robot recording from the wireless carrier. You leave your name, number, and say you are calling from WORKFORCE plus.
No. You did not leave the customer’s name in the message. Even assuming, it was a wrong number, you have not disclosed the identity of the customer. It is okay to leave your name and say you are calling from Workforce Plus. “Any telephone calls made to schedule, remind and/or confirm a customer’s participation will not reference confidential information.” (ADM-DR-0060 Establishing and Maintaining Confidentiality)
500
500: A colleague asks you a work-related question about a customer in an e-mail. The e-mail contains the customer’s name and last four. You think you know the answer, but to double check your response, you forward the entire message to another staff member asking for input.
Yes. If you forward this message to a staff member that does not come into contact with this customer, then it is a breach. “I will not disclose any individual data to any parties who are not authorized to receive such data …” (ADM-FR-0061_Nov-19-2009 Individual Non-Disclosure and Confidentiality Information) “Recognizing that some information is intended for specific individuals and may not be appropriate for general distribution, electronic communications users should exercise caution when forwarding messages.” (WORKFORCE plus Network Policy and Procedures)