Whether they're located in private homes, preschools or day care centers, child care providers have legal and ethical obligations to protect the privacy of their charges. Having a system in place to guard the confidentiality of personal, behavioral and health information helps reassure parents. Enforcing that system can avoid damaging trust in the staff, which could lead parents to withhold information affecting their child’s care.
Families provide names, addresses, birth dates and phone numbers when they enroll their children in child care. The application also may include health and employment information and Social Security numbers. All count as confidential information that child care facilities must guard to protect children and parents alike. Family circumstances such as financial problems and pending divorces, which might be revealed in conversation, also constitute confidential information to be shared among staff on as-needed basis only.
The federal Health Insurance Portability and Accountability Act, or HIPAA, applies to child-care providers. State confidentiality regulations vary, however. For example, Maine law gives children the right to confidentiality and requires childcare facilities to maintain confidentiality on any child in their care or formerly in their care. The state of Washington requires facilities to keep confidential records but doesn't regulate their disclosure, while California licensing requirements do. All states designate childcare providers as mandatory reporters of suspected abuse or neglect, according to the U.S. Department of Health and Human Services.
The 2011 National Health and Safety Performance Standards recommend that childcare operations have a confidentiality policy in writing. State law may even require child-care facilities to tell parents about their confidentiality policy. A typical policy, given to parents in a welcome handbook, explains what types of information the facility keeps in a secured file and promises that confidential information is only shared with their permission. A confidentiality policy for employees also should be created and reviewed during new hire orientation and annual performance evaluations.
Keeping a file for each child and storing files on all children under the facility's care in an area separate from the activity rooms limits access to confidential information. Files can be locked as an additional precaution, but at least one staff member present should have a key at all times in case of an emergency or an inspection. Facilities can protect confidential information found in medication logs and allergy records by designating a secure place for them that's out of sight of parents and visitors. The facility should ensure its licensing and inspection files contain no personal information about employees or children.
A child-care program's website and social media pages should not use videos or photos of any child without a parent's written permission. The sites must never reveal confidential information about staff, children or families. Anyone making comments in online discussions that reveal private information should be blocked and their messages deleted. Facilities also should take precautions to erase electronic data kept on computers and cross-shred paper documents containing confidential information upon disposal.