February 22, 2012
Adult Care Homes and Facilities are required to provide security for the confidential, financial and other information of their clients and customers, it is helpful to know and understand what steps to take to keep your institution from being threatened.
Employee Management and Training
- Regularly remind all employees of your company’s policy and legal requirement to keep customer information confidential and secure.
- Limit access to customer information to employees who have business reason to see it.
- Do background checks and check references before hiring employees who will work with confidential information.
- Ask every new employee to sign an agreement to follow your company’s confidential and security standards for handing customer information.
- Manage access to sensitive information by incorporating “strong” passwords that are changed frequently.
- Create policies for appropriate use and protection of laptops, PDA’s, cell phones, or other mobile devices.
- Train employees to take steps to maintain the security, confidentiality, and integrity of customers.
- Develop policies for employees who telecommute.
- Prevent terminated employees from accessing customer information.
- Know where sensitive customer information is stored and store securely.
- Take steps to insure the secure broadcast of customer information.
- Get rid of customer information in a secure way and with the FTC’s Disposal Rule www.ftc.gov/os/2004/11/041118disposalfrn.pdf
Detecting and Managing System Failures
- Monitor the websites of your software vendors and reading applicable industry publications for news about emerging threats and available defenses.
- Maintain current and appropriate programs and controls to avoid unauthorized access to customer information.
- Use the correct oversight or audit procedures to detect the inappropriate disclosure or theft of customer information.
- Take steps to defend the security, confidentiality, and integrity of customer information in the event of a breach.
- Consider informing customers, law enforcement, and businesses in the event of a security breach.