Protect your clients' most sensitive information with these simple tips

Whether you’re an entrepreneur or an educator, protecting sensitive information is a priority. For some industries, such as healthcare, there are strict laws and ethical codes that govern private information. Since private information is routinely stored electronically, any conversation on confidentiality must cover cybersecurity. While codes, laws, and technology are complex topics, the foundation of confidentiality is simple: awareness. Always be conscious of your actions, aware of your surroundings, and informed about your responsibilities.

Method 1
Method 1 of 3:

Protecting Confidential Information

  1. 1
    Handle private documents carefully. Don’t leave private documents unattended, whether you’re a nurse, lawyer, or an employee handling your company’s confidential material. Remain aware of where the materials are and who can access them. When disposing of confidential documents, do not merely use a single paper shredder, as the shredded paper can be re-integrated. Try to shuffle the documents and then process documents at several paper shredders. If you tend to destroy confidential documents in bulk, contact confidential recycling company on site.[1]
    • For example, if you’re a healthcare professional, don’t leave a patient’s medical records unattended on a cafeteria table or in a reception area.
  2. 2
    Lock file rooms, cabinets, and other storage spaces. In addition to securely storing confidential materials, ensure they’re protected from damage. For instance, irreplaceable vital documents should be stored in fireproof, waterproof safes or cabinets.[2]
    • When you leave a secure room, make sure drawers, cabinets, and doors are locked. To avoid accidental breaches, get in the habit of double checking every handle before you walk away from a storage unit or door.
    Advertisement
  3. 3
    Use discretion when discussing confidential information. Always be aware of your surroundings whenever you talk about private information. Discuss sensitive information in a private setting, and make sure only authorized personnel are within earshot.[3]
    • When you have to confer with a colleague about a patient or client, discuss only the necessary details. Depending on your location and industry, you might be legally required to withhold or change any identifying information.
    • If a client or patient calls you, head to a private location to talk. Unless it’s an emergency, avoid discussing confidential over the phone. Discuss scheduling issues over the phone, for example, but save sensitive information for a face-to-face conversation.[4]
  4. 4
    Protect intellectual property with confidentiality agreements. Regardless of your role or industry, you’ll most likely sign a non-disclosure agreement at some point in your professional career. Always read any contract carefully before agreeing to its terms.[5]
    • If you’re an employee, make sure you understand terms such as using your company’s intellectual property within certain bounds or not discussing operations with family and friends. Report to your manager if you need to access to confidential documents, if necessary.
    • If you operate a business, you’ll want to secure any confidential information you need to exchange during transactions, negotiations, and other occasions. For instance, if you’re presenting an invention to a potential investor, it’s wise to have your lawyer draft a non-disclosure agreement to ensure your intellectual property won’t be used without your consent.
  5. Advertisement
Method 2
Method 2 of 3:

Complying with Privacy Laws

  1. 1
    Familiarize yourself with your specific legal and ethical requirements. From healthcare professionals to educators, each profession has its own ethics codes on confidentiality. Furthermore, laws that govern confidentiality vary by location, and industries are regulated in different ways.[6]
    • While ethical and legal obligations can get complicated, not knowing them won’t be an excuse if you accidentally breach them. Your employer or professional organization should provide resources on ethical and legal compliance.
    • If you’re not sure about a situation that could lead to a potential ethical or legal pitfall, don’t do anything without doing your homework. Consult your profession’s code of ethics, look up applicable local or federal laws, get advice from a trusted colleague (without disclosing private information), or contact your professional organization.
  2. 2
    Inform clients and patients how their information is used. If you handle confidential information for a client or patient, you’re most likely ethically or legally bound to make sure they understand their privacy rights. Tell them what information is recorded, how it’s stored and for how long, and how it’s used.[7]
    • Ask them if they have any questions about how information such as medical or legal records are stored and used.
    • Additionally, inform them of the limitations of their right to privacy. For instance, if you’re a therapist, inform your patient that you’re obligated to report if they threaten to harm themselves or others.
  3. 3
    Comply with the more stringent law when 2 privacy laws interact. When 2 laws interact, 1 takes precedence over the other. In general, comply with the law that offers stricter privacy protections for a patient or client.[8]
    • Suppose you’re a psychologist in New Hampshire and you’ve received a subpoena requesting information about a patient. New Hampshire (NH) state law and the Health Insurance Portability and Accountability Act (HIPAA) both govern how providers handle patient records, but vary when it comes to disclosing patient records to legal authorities.
    • Since NH law requires a court order or patient consent, rather than a subpoena alone, it offers stricter protection than HIPAA. In this case, you’d be breaking the law if you complied with the subpoena.
  4. 4
    Discuss legal compliance with any third-party associates. Make sure any other entities that you do business with understand privacy laws that regulate your industry. Check their history of compliance, and steer clear if you find any violations in their history.[9]
    • For instance, suppose you’re a doctor or counselor running a private practice. Research all associates you hire or services you retain, including billing specialists, medical staff, insurers, labs, and internet service providers. If someone on staff or a service you use mishandles confidential information, your practice could lose its reputation and suffer legal consequences.
    • Title 13 in the United States Code mandates that all of the data collected by the Census Bureau is confidential.[10]
    • There are all kinds of legal restrictions, so it cannot share the data.[11]
    • But there are no restrictions for Facebook and Google. They can share their data.[12]
  5. 5
    Obey mandatory reporting laws. Sometimes, you’re legally obligated to disclose information that would otherwise be confidential. For instance, if you’re a healthcare professional, you’re required to contact the authorities if a patient tells you they plan on harming themselves or others. Failure to do so could land you in legal trouble and jeopardize your professional certification.[13]
    • Additionally, patient or client records might be requested by subpoena, court order, or warrant. If necessary, disclose only the information specified in the legal demand. For instance, if a court order requests information about a specific injury, don’t disclose records about an illness they had as a child.
    • Keep in mind that attorney-client privilege takes precedence over legal demands, such as a discovery request or ordering a lawyer to testify under oath.[14]
  6. Advertisement
Method 3
Method 3 of 3:

Securing Electronic Information

  1. 1
    Install and update antivirus and anti-malware software. The first step to safeguarding electronic data is to keep your antivirus software updated. If it’s not updated, you’re not protected from the latest online threats.[15]
    • Additionally, make sure you and anyone you work with use the internet safely. For instance, don’t click on suspicious links or open email attachments from unknown senders.
  2. 2
    Position screens that display personal information strategically. More data is compromised due to shoulder surfing than computer viruses, but it’s an often overlooked aspect of cybersecurity.[16] Make sure monitors, computer screens, and other devices that display confidential information are visible only to authorized personnel.[17]
    • For example, if you own a small restaurant, don’t leave your laptop open on the bar with your financial information visible. If you’re a doctor, make sure patients can’t see screens that display personal information from the waiting area or reception desk.
    • It’s also wise to use privacy screen savers and password-protected lock screens.
  3. 3
    Verify a recipient’s information before sending private documents. Always make sure you’ve correctly entered an email address or fax number before sending any documents that contain sensitive information. If think you might have a letter or number wrong, call the recipient to verify their contact information.[18]
    • Additionally, review your industry’s code of ethics and local laws to make sure you’re allowed to send a given confidential document.
  4. 4
    Encrypt private electronic data whenever possible. Even if you’re not legally required to encrypt electronic data and communications, you should still consider it. Look into hiring an IT security specialist to develop a secure portal through which you can communicate with patients or clients.[19]
    • If you’re a member of a professional organization, they might partner with a company that specializes in secure communications for your industry. You might be able to hire that company at a discounted rate.
  5. Advertisement

About This Article

Matthew Snipp, PhD
Co-authored by:
Research Fellow, U.S. Bureau of the Census
This article was co-authored by Matthew Snipp, PhD. C. Matthew Snipp is the Burnet C. and Mildred Finley Wohlford Professor of Humanities and Sciences in the Department of Sociology at Stanford University. He is also the Director for the Institute for Research in the Social Science’s Secure Data Center. He has been a Research Fellow at the U.S. Bureau of the Census and a Fellow at the Center for Advanced Study in the Behavioral Sciences. He has published 3 books and over 70 articles and book chapters on demography, economic development, poverty and unemployment. He is also currently serving on the National Institute of Child Health and Development’s Population Science Subcommittee. He holds a Ph.D. in Sociology from the University of Wisconsin—Madison. This article has been viewed 93,195 times.
5 votes - 80%
Co-authors: 7
Updated: May 30, 2022
Views: 93,195
Categories: Social Interactions
Advertisement