Maintaining clients over time often involves communication within treatment teams.
Q: Is consent assumed in workplace communication, allowing colleagues to discuss a case?
The key concept to remember is that the data belongs to the organization that has collected it. The organization is responsible for maintaining the confidentiality of the information.
Specific levels of consent are assumed in workplace discussions between colleagues. This is tied to the role and responsibilities of the employee. People working within an organization have access to the internal data that is appropriate for their security clearance level. They are allowed to have case discussions with others that have similar roles and responsibilities.
Organizations are required to have safeguards in place so that people who don't have security clearance cannot access the information. Leaving a confidential file on top of a desk overnight would be inappropriate because the cleaning staff would be able to read that file. Similarly, having a case discussion in a public cafeteria or elevator would be inappropriate. Security badges, locked doors and passwords are all examples of safeguards that protect the privacy of clients.
Q: Should supervisors or students be able to observe telepractice sessions in a clandestine way, without their participation being obvious to the client or clinician?
Sometimes a clandestine observation is better than an interruption which derails the session. Your policy regarding observations should be explained at the beginning. It should be part of the informed consent. ZOOM Cloud Meetings offers this for agency accounts, but not individual accounts.
Q: Can my coworkers see my clinical notes?
Yes, many workplaces use some type of central, secure storage for data so that the data survives long after you are gone. If you retire or move to another job, the information about your past clients will stay with the organization.
Q: My workplace has a VPN which I use when I work from home. What is that?
Here are some definitions that you should know:
Intranet: An intranet is a private LAN accessible only to an organization’s staff. Intranets can act as communication hubs for organizations. If you are an approved employee, you can store information such as clinical records, staff news and announcements centrally and your co-workers will be able to access the information at any time.
Intranet versus Internet: There is one major distinction between an intranet and the Internet: The Internet is an open, public space, while an intranet is designed to be a private space.
Remote Access Server (RAS): A remote access server is a type of server that provides a suite of services to remotely connected users over a network or the Internet. It operates as a central server that connects remote users with an organization's internal local area network (LAN). Thus, an approved employee would be able to log into the private space without being in the building. It allows employees to work remotely.
Virtual Private Network (VPN): A VPN allows you to create a secure connection to another network over the Internet. If you are working for an agency from a remote location, your agency will want to prevent unauthorized people from being able to access the private space. A VPN encrypts everything from end to end and makes it appear as though you are in the same location as the server that you are logging into.
