York County, PA Confidentiality Policy

The purpose of this policy is to define the County of York's expectation that employees will maintain the privacy and security of confidential information obtained in the course of employment.

County of York employees shall maintain the privacy and security of confidential information created, used, maintained or learned in any manner in the course of employment. County employees are prohibited from disclosing or discussing with a third party any confidential information unless County business reasons make it necessary; the use or disclosure of protected health information as defined by HIPAA is permitted or required as described in the County's Notices of Privacy Practices; or there is a written court order for the disclosure. The responsibility for confidentiality extends outside York County offices and property, outside of normal work hours and continues after the end of employment with the County.

As used in this article, the following terms shall have the meanings indicated:

BUSINESS REASONS

Necessary for the effective functioning of a department, agency or business operation to accomplish its business purpose.

CONFIDENTIAL

Kept or held as secret.

FORMAT

The manner in which information is maintained such as oral, written or electronic.

HIPAA

The Health Insurance Portability and Accountability Act of 1996.

PRIVATE

Kept from others; not for public use or participation.

PROTECTED HEALTH INFORMATION (PHI)

Individually identifiable past, present and future physical and mental health information in any format.

SECURE

To keep safe and free from harm, risk or loss.

THIRD PARTY

Any person or party other than the employee, including another employee.

A.

General.

(1)

County employees may have access to information regarding confidential matters, including business affairs and protected health information, of other employees or of persons utilizing County and Court services.

(2)

Confidential information of the community, the general public and coworkers must be kept private.

(3)

Confidential information must not be disclosed to or discussed with any third party, including another employee, unless there is a business reason to do so.

(4)

Confidential information must also be kept secure so as to protect the information from harm, including, but not limited to, loss, theft, damage, or alteration. Security measures include physical safeguards, such as locking file cabinets, and electronic safeguards such as passwords.

(5)

Confidential information may be stored on devices such as laptops, flash drives, handheld devices and/or other data-storage devices that will be used for business purposes away from York County government property.

(a)

No employee shall remove data containing personal information of York County employees without first receiving permission from the employee's immediate supervisor.

(b)

All reasonable steps shall be taken to assure the security and confidentiality of information of all devices and information physically removed from York County government property.

(c)

Any employee who intentionally or unintentionally misplaces, loses or otherwise permits a release of the personal information of York County employees or residents stored on said devices shall immediately notify the York County Security Officer. The Security Officer can be reached by calling the Information Services Department at 717/771-9762 and/or by e-mail to GSMcCoy@york-county.org.

(6)

The obligation to maintain the confidentiality of information exists even after the employee leaves the employ of the County.

(7)

Violation of this policy may result in discipline including, but not limited to, termination of employment.

B.

Court proceedings. All employees involved in any capacity with Court proceedings are prohibited from disclosing any information related to pending or ongoing criminal or civil cases, whether acquired at a formal or informal proceeding, unless:

(1)

The disclosure is ordered or authorized by the Court; or

(2)

The employee is a participant in the case and there is a necessary business reason to disclose it; or

(3)

The information is part of the public record and there is a necessary business reason to disclose it.

C.

Protected health information (PHI).

(1)

Employees who work in areas of the County that are required to comply with the regulations of HIPAA shall maintain the privacy and security of the PHI of residents, clients and customers.

(2)

Protected health information may only be used and disclosed as described in the County's Notices of Privacy Practices for health information.

(3)

All PHI will be kept confidential, private and secure in accordance with the requirements of HIPAA.

(4)

Employees should contact their elected official, Executive Director or Director, or the County's HIPAA Coordinator, with any questions concerning the applicability of HIPAA regulations.

D.

Employee/employee family confidential information.

(1)

Employees utilizing County services.

(a)

Employees and members of employee families may also utilize the services of the County as residents of the Nursing Home, clients and customers of other County departments and agencies or as participants in Court proceedings.

(b)

Confidential information concerning employees and/or their family members must be handled with the same privacy and security as is the confidential information of all citizens utilizing County services.

(2)

Employee personnel information.

(a)

Confidential information concerning employees and/or employee family members may be obtained and/or utilized for personnel reasons and actions, such as to process requests for employee leaves of absence.

(b)

Employees who create, use or maintain confidential information concerning employees and/or employee family members for personnel reasons and actions must maintain the privacy and security of this information.

E.

Confidentiality agreements.

(1)

All employees affirm their commitment to the County's Confidentiality Policy, summarized in the Employee Handbook, by signing the acknowledgment of receipt for the handbook and for any updates.

(2)

Employees who request use of the County's computer system must sign an acknowledgment that they have read and understand the York County Computer Security Policy and the Pennsylvania Crime Code Information Regarding Punishment for Any Breach of Computer Security before a computer password and access to the system will be granted.

Employees who violate the County's Confidentiality Policy may be subject to disciplinary action as described in the Employee Handbook.