Purpose
To establish comprehensive guidelines for maintaining the confidentiality and security of participant and client information while ensuring compliance with NBCC standards and data protection regulations. This policy outlines procedures for secure record maintenance, confidentiality preservation, breach response, and appropriate handling of participant and client information in continuing education programs.
Guidelines
1. Confidentiality and Information Protection
• All participant and program-related records are confidential and accessible only by authorized personnel.
• Participant information sharing requires explicit consent, except for NBCC audits or legal obligations.
• Client information discussed in CE programs must be anonymized or accompanied by explicit, documented consent.
2. Record Maintenance and Storage
• Retain all program records for a minimum of five (5) years.
• Store physical records in locked, access-controlled locations.
• Secure digital records with encryption and role-based access controls, implementing regular backups.
3. Required Program Documentation
Maintain the following for each NBCC credit program:
• Complete participant rosters.
• Presenter information, qualifications, and descriptions of presented content.
• Program content descriptions and materials.
• Participant evaluations.
• Marketing and promotional materials.
• Program agendas and distributed materials, including learning objectives.
4. Data Collection and Usage
• Collect only essential information needed for program administration.
• Use data solely for authorized purposes, such as program management or NBCC audits.
• Remove personal identifiers from evaluation summaries when shared internally or externally.
• Obtain explicit consent for any additional data usage beyond its original purpose.
5. Client Information in Training Materials
• Prohibition on Identifiable Information:
• No identifiable client information should be included unless explicit, written consent is obtained.
• Use of Anonymized Examples:
• Presenters must anonymize or use composites of client scenarios.
• Informed Consent Requirements:
• Consent must detail the purpose, method of presentation, and the client’s right to withdraw consent.
• Documentation Standards:
• Include disclosure statements in program materials and maintain copies of all consent forms.
6. Security Measures
• Implement multi-factor authentication for all digital systems.
• Conduct regular security audits and maintain access logs.
• Provide confidentiality and security training for staff and presenters.
7. Breach Response Protocol
• Immediately assess and contain any data breaches.
• Notify affected participants promptly and provide corrective actions.
• Document incidents and update protocols to prevent recurrence.
Procedures
1. Access Control
• Assign role-specific permissions to authorized personnel.
• Regularly review and update access rights.
• Maintain detailed logs of access to physical and digital records.
2. Document Management
• Implement a consistent filing system for physical and digital records.
• Regularly audit stored records to ensure compliance.
• Maintain backup copies of critical documents securely.
3. Secure Disposal
• Shred physical documents after the five-year retention period.
• Permanently delete digital records using secure methods to ensure no recoverable data remains.
• Document all disposal activities.
4. Monitoring and Compliance
• Conduct annual reviews of storage systems, procedures, and security practices.
• Update confidentiality protocols based on audit findings or changes in NBCC standards.
5. Staff Training
• Provide annual training on confidentiality protocols, data security measures, and breach response procedures.
• Document all training activities for recordkeeping.
6. Client Information in Training Materials
• Review Program Materials:
• Presenters submit all materials for review prior to the program.
• Obtain and Document Consent:
• Collect and verify informed consent forms for identifiable client information.
• Disclosure Statement Requirement:
• Ensure materials include statements specifying anonymization or consent where applicable.
• Monitoring During Presentations:
• Designated staff observe live programs to ensure compliance with confidentiality standards.
7. Incident Management
• Investigate potential breaches promptly and provide resolutions within 30 days.
• Notify participants, implement corrective measures, and document outcomes.
Contact Information
For questions or concerns related to record keeping and confidentiality, contact:
Adler Academy of Minnesota
Email: [email protected]
Website: https://www.adleracademy.org
v1.0
Leave a Reply