Whether you’re working with clients online or in person, keeping virtual or physical records of client information, you’ll need to have procedures in place to protect that sensitive information. The information collected may be considered personal/protected health information or even personal information.
It’s best practice and highly recommended for anyone storing personal health information or even personal client information to do their part in protecting this information. Also keep in mind that many countries have privacy laws that mandate how personal information is collected, used and stored (and it’s your responsibility to know what the laws are in your country).
There are many reasons that you should be protecting your clients’ personal information and one obvious reason is to ensure that no unauthorized individuals or organizations have access to the sensitive information that you’ve been entrusted to store. Being transparent with clients about how you’re storing their personal info and what you’re doing to protect it can make clients feel more confident in opening up.
Let’s dive into this a bit more.
Prevent Unauthorized Access
Sensitive information should always be handled with care. Just like a lost credit card could cause a lot of damage, so could the information shared with you by clients if in the wrong hands.
This doesn’t just mean where you store your records, this extends to how files are organized and filed, how you communicate with clients about their health, how you communicate with other providers about client health and where the communication takes place.
If you are communicating with clients over email or social media, who else has access to that information? If you are using social media to communicate with clients about personal health information, technically, these services have the right to re-use this information for their own purposes. That’s scary!
It’s important that clients feel like they can be honest and open with you regarding their health concerns. The information they provide is essential to allow you to get the full and accurate picture of what’s going on with them and how you can help.
Let’s take a trip down memory lane and think back to the first time you bought something online. Did you hesitate before providing your credit card details? Did you wonder who may have access to your card details and what they may do with it? It’s not uncommon to pause before disclosing personal information especially when you’re not sure who is going to have access to this information, what it’s going to be used for and will the information be safe.
Have you ever omitted information or even lied about information on a survey or form, be it online or on a paper form? I most certainly have and still do if I’m unsure of where this information is going. Your patients or clients can be feeling the same way and may limit the amount of or alter the information they provide to you. Limited or altered information can be dangerous and gravely affect your ability to help a client.
“Trust Leads To Approachability And Open Communication”
— Scott Weiss
Your Own Peace of Mind
Not only do you want to give clients peace of mind, but you also deserve to have the confidence that you’re doing everything in your power to protect client information.
As previously mentioned, safeguards are needed regardless of if you’re storing files digitally or in physical folders. Here are some easy ways to protect your files.
Password Protection. There are a number of ways you can protect digital client information with passwords. Use passwords wherever possible.
- Add password protection to apps, email and folders used to store and communicate about personal health information.
- Use complex passwords including a combination of letters, numbers and special characters.
- Lock your devices when stepping away.
- Going further: Create a 2-step authentication process to access your files.
I understand that you may want quick access to your files but keep in mind that if it’s easy for you to access files, it may be easier for others to access as well.
Encryption. Encryption is the process of converting information from a readable format to a version which can only be decoded by authorized parties. It’s possible to encrypt data at rest as well as during communication.
- Use encrypted email, fax and secure messaging to communicate with clients and/or about clients.
Secure Cloud Storage. As mentioned, you can also put safeguards in place to ensure that your client information is secure at rest (i.e. when not being shared/transmitted). Choose a cloud-based storage provider that has appropriate safeguards in place and that has put into writing how they use and store your data.
Physical Locks. Physical locks are easy to use and are readily available. Locks should be used on your computer, filing cabinets and your office door. The more locks you have on client files, the harder it makes it to access by unauthorized individuals.
Organize. Don’t wait until your files are piling up to file them. Be proactive with your filing to avoid losing track of or misfiling sensitive information.
“Trusting you is my decision. Proving me right is your choice.”
Speak with a lawyer to discuss your legal requirements/responsibilities and how to best communicate with clients how you handle their information and what their rights are. Your school or governing body may also have some resources/guidelines available for you.
Discuss with a lawyer what legal documents you need to have in place. For example, Privacy Policies that detail what personal information you collect from your users, how you use it, and how/where it’s being stored.
For more information on how to legalize your health business be sure to check out this blog post by Sam Vander Wielen, LLC
Security requirements vary from location to location and designation to designation. Here are some common laws that affect Health & Wellness Professionals that you may need to be mindful of.
United States :
Take Away: Whether, you’re legally required to adhere to security regulations or not regarding personal health information, countries commonly have privacy laws in place to protect personal information. Find out what laws apply to you. Be intentional with how you manage client information. Be open and honest with clients about how you intend to use their information, how it’s stored and what safeguards you’ve taken to keep their records secure.
Here are some questions to think about:
- Who will have access this information? (i.e. Yourself and any 3rd parties such as web tools, team members, etc.)
- How you will use their information? (i.e. To provide your services, for marketing purposes, etc.)
- What’s it for?
- How is it being used?
- Where/how is it being stored
ABOUT THE AUTHOR
Nathalie Garcia is the Co-Founder of Practice Better, a Practice Management Platform that allows Health & Wellness Professionals to automate their workflow so they can spend less time on administrative tasks and more time helping clients reach their health goals. www.practicebetter.io