There is often confusion on what information you can share out loud, via emails, via social media or in documents at the workplace. Saying a simple “Congrats on the pregnancy” on someone’s Facebook page may seem like a normal thing to do, but think twice! Even if you have internal Human Resources with your own rulebook, you can forget from time to time what is acceptable and not acceptable to do or say.
If you work in a business environment that’s more laid-back and may not have many rules, be sure to read through 3 basic rules your business should use to help keep information secure. Even the acronym is easy to remember – “CIA”!
1. Confidentiality - means that data or information is not made available or disclosed to unauthorized persons or processes.
Have someone of authority be the go-to person for controlling data destruction and shredding decisions. Do not make the decision on your own. When in doubt, check it out!
2. Integrity- means that data or information has not been altered or destroyed in an unauthorized manner.
Did you throw away a USB with business information on it instead of checking with your boss first on how to safely destroy it? How about “shredding” a 6-month old report in your own recycle bin when you know you have ongoing shredding in a secure bin or console down the hall?
Make sure to always check with your boss to ensure you understand the protocols to follow and follow data-destruction rules, or else the exception to the rule you made may cost you.
3. Availability - means that data or information is accessible and useable upon demand only by an authorized person.
If you don’t have internal Human Resources, make sure employee’s personal files aren’t in a shared filing cabinet. Keep them locked with the highest person of authority in their office only.
Sources:
1. Rule definitions taken from UNC’s HIPAA Rulebook
2. Image from Flickr user nikcname under the CC License