Operations and Contact Center Policy Adopted: May 2010 Updated: May 2021
This operating policy applies to the collection, use and sharing of personal information about callers or employees. It also applies to any information collected at the agency website.
Health Insurance Portability and Accountability Act (HIPAA)
Following are HIPAA Defined Protected Health Information Elements, provided by the Florida Department of Children & Families. Gray highlighted elements are not collected by 211 Brevard. The remaining elements may be collected.
- Street Address
- Zipcode (5 digit)
- Zipcode (3 digit)
Admission date Discharge date Date of death
- Ages over 89
- Telephone numbers
- Fax numbers
- Electronic mail addresses
- Social security numbers
Medical record numbers Health plan beneficiary numbers Account numbers Certificate/license numbers Vehicle identifiers and serial number, including license plate numbers Device identifiers and serial numbers Web Universal Resource Locators (URLs) Internet protocol (IP) address numbers Biometric identifiers, including voice and finger prints Full face photographic images and any comparable images
Florida Information Protection Act (FIPA)
FIPA Defined Protected Employee/Client Information Elements: (in addition to HIPPA)
An individual’s first name or first initial combined with the individual’s last name in combination with one or more of the following:
- Social security number;
- Driver’s license or identification card number, passport number, military ID number, or other similar government-issued ID;
- Financial account number or credit or debit card number combined with the required security code;
- Any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional;
- An individual’s health insurance policy number or subscriber identification number, along with any unique identifier used by a health insurer to identify the individual.
- A user name or email address, in combination with a password or security question and answer.
- It is important to note that personal information does not include information that is encrypted, secured, or modified by any other method or technology that removes elements that personally identify an individual or that otherwise renders the information unusable.
Information shared with 211 Brevard will not be disclosed to other individuals or organizations without the express permission of the affected individual except where safety is compromised, as described below under “Exceptions.”
Use of Information:
211 Brevard may collect information to document provision of services or maintain necessary personnel records. Personal, private &/or confidential information may be reviewed by appropriate staff for quality assurance purposes. Only aggregate data will be used for internal and external reporting purposes.
All Caller, Contact, Client, Personnel & Volunteer Records
- Staff will be assigned appropriate access levels to records according to position and need for information. Access to electronic records will be controlled by user id and password; printed information will be maintained in locked files. Records will be maintained and destroyed in accordance with record retention policy.
- Caller, Contact & Client information will be released as aggregate data unless specific permission is provided authorizing individual information to be shared
- No caller/client/contact/agency can be transferred onto external devices (e.g. flash drive) unless files are encrypted and/or password protected.
2-1-1 Helpline Callers
- No more information will be collected than required to provide the appropriate referral.
- Printed data (to be faxed or reviewed by supervisor) will be placed in secure shredding cabinets after use.
- If caller information is to be shared with other agencies (for referral, advocacy, or application to Long Term Recovery or similar programs), caller’s verbal permission must be obtained and this must be documented in the appropriate Service Point checkbox.
- Contact screens are to be closed when complete or when incomplete and staff are away from workstation.
Homeless Management Information System
- Only trained and authorized users will have access to the HMIS
- Any use of the HMIS (in conjunction with Long-Term Recovery or similar services) will be done in compliance with all HMIS user and privacy policies.
- HMIS access & record security meets all security criteria established by HUD.
Employee, Board Member or Volunteer Information
- The agency will only collect and maintain personal information as required by law or worker’s compensation, unemployment or similar claims.
- Personal information will be maintained in password-protected files or locked file cabinets. Access will be controlled by the Executive Director and limited to those persons with need for access (e.g., agency accountant, auditor, etc.)
- If an individual is assessed at imminent risk of hurting him/herself or someone else, or reports having harmed or planning to harm him/herself or someone else, 211 Brevard will notify law enforcement, other individuals or organizations as needed in order to keep people safe.
- Call recordings, client records & personnel information are only shared outside the agency by court order
Information collected at 211brevard.org
Any information collected is used for internal purposes only and will NOT be disclosed without permission or sold to a third party.
Amendments to Policy
This policy may be amended by a majority vote of the Board of Directors.
Right to Notice
This notice will be posted on the agency’s website & a printed copy is available upon request.