Directors have the ultimate responsibility and privilege of keeping records in a way that protects client information, maintains confidentiality, collects the information required by funders, and protects the program from liability.
What? The bare necessities.
Directors make sure that clients are in charge of how and when their information is shared. Documentation should be minimal and focus on factual information such as services provided. Program statistics should be non-personally identifiable aggregate data. Decide what information the program will gather, what to keep, and for how exactly how long.
Where? Lock it up.
Records should be kept in a locked file with access limited to pertinent staff. Decide who can access records for what purposes and communicate that clearly with staff.
When? Only when a client says so.
Directors provide guidance to staff on the proper timeframes for collecting, recording, and shredding client information. Directors ensure that the program is adhering to proper timeframes related to release of information expiration dates, length of time for storing client records, submission of statistical data required by funders, and ensuring timely response to legal documents such as release of information forms and subpoenas.
How? Talk it out.
Be prepared to respond to subpoenas, warrants, and requests for information and make sure your staff knows how to refer requests to you or the designated person trained to respond to these requests. Establish a relationship with an attorney who understands domestic violence confidentiality laws. Educate funders and outside entities about confidentiality laws that protect your client’s information. Relay the advocacy values of self-determination, autonomy, and empowerment that guide our work when talking about confidentiality and record keeping.
Why? Information is powerful.
Federal and state laws protect survivor information, and advocates and programs could be liable for releasing information. Client records contain personal information that could impact safety. Client information belongs to the client, not the program. Assuring that the client determines what information is shared, and to whom, is central to client safety, autonomy, and self-determination. Keeping minimal records may prevent detailed and sensitive information from being shared if the program is forced to share client records with an outside entity.
Staff may be required to release information without a client’s written permission.
- In the event of a court order, after a judge privately reviews the records to determine their relevance. It’s best to seek legal counsel before releasing records in response to court orders and subpoenas.
- If the program suspects child abuse or neglect, you are required to contact Child Protective Services. Be aware that CPS may ask for the child’s relevant records. CPS does not have the right to request the parent’s records. This is a good reason to keep separate files for parents and children.
- If the program knows there is potential suicidal behavior or threat of harm to others that is likely to result in a clear, imminent risk of serious physical injury or death to themselves or another person.
Preparing your program to protect records
- Create clear policies and procedures on record keeping
- Designate who is in charge of destroying client records and how often they do it
- Create a plan if someone wants to serve a subpoena or law enforcement demands information or records. You and/or a designated person have the information needed to protect client records.
- Establish a relationship with an attorney who understands domestic violence confidentiality laws
- Train staff on what to do when an outside party requests information or records
For more detailed information, check out our Confidentiality resources.