Section 14: Security Of And Access To Records Flashcards
What does the code state in terms of location of records?
Practice records must be maintained or stored at the registrants primary place of practice, and another location under the sole control of the registrant, under the control of another appointed registrant, or in a professional storage facility, obligated to provide confidential and secure storage
What three things must a registrant ensure in terms of security of records?
1) the records of all the professional services, including those of their supervise are secured, including, but not limited to buy restricting access, access to files, walking file cabinets and providing secure storage for files
2) the privacy of all client information and data is assured
3) if a professional storage facility is used, it maintains appropriate security practises
What must registration ensure when information that is required to be prepared kept or maintained under this code is prepared, kept or maintained by electronic or optical techniques?
A registrant must ensure that these techniques are designed and operated so that the information is reasonably secure from loss, tampering, interference or authorized use or access. A registration must also take all reasonable steps to ensure any electronica or optical storage is updated as necessary to ensure the information remains accessible if previous storage drudgeries become obsolete.
What is the code state in terms of handling confidential records?
A registration must maintain the confidentiality of all the records under their control in whatever form they are maintained, and at all times, including while they are being created, stored disposed of access or transferred
Registrants who have determined that they must produce all or any part of their practice record, and response to request or order must if this circumstance permit provide a copy of the records, rather than the original any fees, set for copying, and releasing records, must be set consistently with the code Registered contract for offsite professional copying services provided those services are minimum what three things?
Hint: C, S, A and L
1) confidential, there’s a confidential agreement between the registrant and the copying service provider
2) secure in which the documents are kept, secure and separate from the rest of the printing operations anyways, from the copying is retained and shredded
3) Accurate and legible in which services include 100% quality control page by page check of copies against the original assets services include a legibility, check for difficult to copy items, such as pencil notations and perceived errors and omissions are recorded and recorded back to the registrant
In terms of contingency planning for clients and records what two things must registrant do?
1) be in compliance with the requirements to name a professional executor
2) make plans in advance, so that confidentiality of records and data is protected in the event of the registrant death and capacity or withdrawal from the position of practice. Such plans must include consideration of all practice record locations, including institutions, and professional storage facilities, if any.
What two things must a registrant, ensure when, leaving the college, such as when retiring?
1) each client record for which they have primary responsibility is transferred to another registrant whose identity is made known to the client the institution or the project under whose auspices the psychological services were provided
2) his client for whom they have primary responsibility is notified in a timely fashion that the registrant intends to resign, and that the client can obtain copies of the client on record or have copies provided to such persons as a client may direct
What six things must a registrant do who is employed in a multidisciplinary setting, where a common filing system is used?
1) exercise, appropriate care, when placing information in common file in order to ensure that their opinions reports findings and recommendations are not misunderstood by members of other disciplines
2) work with their employer, were appropriate to develop written policies and procedures that ensure the maintenance storage and access to all practice records and psychology files with both privacy legislation, and with the registrants responsibilities under this code
3) educate others in the workplace regarding the privacy and confidentiality of the clients , with regard to psychology practice records under this code, and under privacy legislation, and require some form of confidentiality agreement for others in the workplace who may come in contact with psychology practice records as appropriate
4) establish policies and procedures for handling copying and destroying psychology practice records for protecting the confidentiality of psychology, practice records, and for ensuring there’s a succession plan in the event of the registrants death in capacity, resignation, transition or withdraw from employment
5) prior to seeing clients clarify, if and how record-keeping policies and procedures of the publicly funded or multidisciplinary, setting impact on the confidentiality of clients and review this information with clients as part of obtaining their informed consent to provide services
6) assume responsibility for the appropriate management of any psychological test being purchased under the name and qualifications of the registrant, including by ensuring written policies and procedures, exist for the storage and handling of these materials accordance with contractual obligations to the test publisher, the code of conduct and privacy and legislation, and sharing that these policies and procedures, taken into account future changes in psychology staffing and educating others in the workplace about the proper maintenance and storage of test, materials and test results
What must a registrant do if confidential information concerning clients is to be entered into a database or system of recordkeeping, which is available to persons whose access has not been authorized by the client?
A registrant must use coding or other techniques to avoid the inclusion of personal identifiers
What must a registrant do if a research protocol approved by an institutional review board or similar body requires the inclusion of personal identifiers?
A registered must ensure that those identifiers are deleted before the information is made accessible to person other than those who the client has authorized access to
If a registrant is not able to delete personal information from a client records, then the registrant must take steps to determine the appropriate consent of personally identifiable individuals has been obtained before what two things?
1) the data is transferred to others
2) they review the data collected by others
Recognizing that ownership of records and data is covered by legal principles what must registration do?
A registrant must take reasonable and lawful steps to ensure that records and data remain available to the extent needed to serve the best interest of clients, research, participants and appropriate others
