Safeguarding Confidential Information is not just a HIPAA Obligation
Throughout your career you may be asked questions about your job duties and about the organization you work for. Think about conversations you may have outside the workplace such as a conversation over lunch with friends from an organization other than the one you are employed for. What if one of your friends asks you questions about your current job duties, and what it is your organization does. What information would you share? Should you only be concerned with HIPAA obligations?
Trade Secrets – personal, proprietary, and/or confidential information
An organization's proprietary information is also known as a trade secret. Your organization may have proprietary information, or trade secrets, they wish to keep confidential. For information to be considered proprietary organizations must treat it as confidential. Under the Uniform Trade Secrets Act, a trade secret is:
- "Information, including a formula, pattern, compilation, program, device, method, technique or process,
- That derives independent economic value, actual or potential, from not being generally known to or readily ascertainable through appropriate means by other persons who might obtain economic value from its disclosure or use; and
- Is the subjects of efforts that are reasonable under the circumstance to maintain its secrecy."
As an employee, you may create, discover, use, access, or receive personal, proprietary, and/or confidential information during your employment. Your obligation to safeguard all confidential information extends to all situations in which you may collect, access, use, maintain, transport, or disclose such information including when you're away from work or working remotely.
As part of your employment you may be required to sign a statement in an employee handbook or a confidentiality form when you start work. The confidentiality agreement says that you as an employee acknowledge that violations of office policies may lead to disciplinary actions up to and including termination. By signing the confidentiality agreement you not only have an obligation to safeguard protected health information; you have an obligation to safeguard your organization's personal, proprietary, and confidential information.
In the scenario above, if you are asked about your job duties and what your organization does it would be best to respond with answers that can be found in public sources. For example, a nurse for an Orthopaedic clinic may respond with:
Thank you for asking about my career. I enjoy being a nurse at "Some Name" Orthopaedic Clinic. My job is to provide top notch patient care to the patients I care for. If you are interested in more information about our organization, may I suggest checking out our website.
Unless previously permitted by your employer, responding with a general statement such as the one above ensures you have taken care of your obligation to safeguard all confidential information in all situations. We recommend not disclosing information about your organization's products, services, methods, systems, company plans, and information about the company's current, former, and prospective employees, patients, or vendors. There is a possibility the information could end up being misused or illegally appropriated.
Be sure to check out the Tip of the Week for instructions on downloading and customizing the Confidentiality and Non-Disclosure Agreement.
If you have any questions about safeguarding confidential information, please do not hesitate to contact one of our professional consultants.