9.4.1.3: Written Policy on Confidentiality of Records

The facility should establish and follow a written policy on confidentiality of the records of staff and children that ensures that the facility will not disclose material in the records (including conference reports, service plans, immunization records, and follow-up reports) without the written consent of parents/guardians for children, or of staff for themselves. Consent forms should be in the native language of the parents/guardians, whenever possible, and communicated to them in their normal mode of communication. Foreign language interpreters should be used whenever possible to inform parents/guardians about their confidentiality rights. At the time when facilities obtain prior, informed consent from parents/guardians for release of records, caregivers/teachers should inform parents/guardians who may be looking at the records (e.g., child care health consultants, mental health consultants, and specialized agencies providing services).

Written releases should be obtained from the child’s parent/guardian prior to forwarding or sharing information and/or the child’s records to other service providers. The content of the written procedures for protecting the confidentiality of medical and social information should be consistent with federal, state, and local guidelines and regulations and should be taught to caregivers/teachers. Confidential medical information pertinent to safe care of the child should be provided to facilities within the guidelines of state or local public health regulations. However, under all circumstances, confidentiality about the child’s medical condition and the family’s status should be preserved unless such information is released at the written request of the family, except in cases where child maltreatment is a concern or to determine compliance with licensing regulations. In such cases, state laws and regulations apply.

The director of the facility should decide who among the staff may have confidential information shared with them. Clearly, this decision must be made selectively, and all caregivers/teachers should be taught the basic principles of all individuals’ rights to confidentiality. Caregivers/teachers should not disclose or discuss personal information regarding children and their families with any unauthorized person. Confidential information should be seen by and discussed only with staff members who need the information in order to provide services. Caregivers/teachers should not discuss confidential information about families in the presence of others in the facility.

Procedures should be developed and a method established to ensure accountability and to ensure that the exchange is being carried out. The child’s record should be available to the parents/guardians for inspection at all times.

If other children are mentioned in a child’s record that is authorized for release, the confidentiality of those children should be maintained. The record should be edited to remove any information that could identify another child.

Caregivers/teachers should not disclose or discuss personal information regarding children and their families with any unauthorized person. Confidential information should be seen by and discussed only with staff members who need the information in order to provide services. Caregivers/teachers should not discuss confidential information about families in the presence of others in the facility.

RATIONALE

Confidentiality must be maintained to protect the child and family and is defined by law (1). Serving children and families involves significant facility responsibilities in obtaining, maintaining, and sharing confidential information. Each caregiver/teacher must respect the confidentiality of information pertaining to all families, staff, and volunteers served (2).

Someone in each facility must be authorized to make decisions about the sharing of confidential information, and the director is the logical choice. The decision about sharing information must also involve the parent/guardian(s). Sharing of confidential information should be selective and should be based on a need-to-know and on the parent’s/guardian’s authorization for disclosure of such information (3).

Requiring written releases ensures confidentiality. Continuity of care and information is invaluable during childhood when growth and development are rapidly changing. Providing consent forms in the native language of the parents/guardians and providing an interpreter to explain the confidentiality policy and procedures helps to insure that the signed consent is informed consent.

The California Childcare Health Program developed with the Child Care Law Center, “Consent for Exchange of Information Form” that can be viewed at: http://ucsfchildcarehealth.org/pdfs/forms/CForm_ExchangeofInfo.pdf.

COMMENTS

Parental trust in the caregiver is the key to the caregiver’s ability to work toward health promotion and to obtain needed information to use in decision making and planning for the child’s best interest. Assurance of confidentiality fosters this trust. When custody has been awarded to only one parent, access to records must be limited to the custodial parent. In cases of disputed access, the facility may need to request that the parents/guardians supply a copy of the court document that defines parental rights. Operational control to accommodate the health and safety of individual children requires basic information regarding each child in care.

Release formats may vary from state to state and within facilities. User friendly forms furnished for all caregivers/teachers may facilitate the exchange of information.

TYPE OF FACILITY

Center, Early Head Start, Head Start, Large Family Child Care Home, Small Family Child Care Home

RELATED STANDARDS

9.4.2.8 Release of Child’s Records

REFERENCES

1. U.S. Congress. 1974. Family Educational Rights and Privacy Act (FERPA). 20 USC Sec 1232.
2. U.S. Department of Health and Human Services (DHHS), Office for Civil Rights. HIPAA administrative simplification statute and rules. Washington, DC: DHHS. http://www.hhs.gov/ocr/privacy/hipaa/administrative/index.html.
3. U.S. Department of Education. FERPA regulations. http://www2.ed.gov/policy/gen/reg/ferpa/.