You hear about these types of incidents fairly often, and it should be a concern for all of us. Problems with confidentiality often occur where you least expect it – people just being sociable. It is easy for employees to slip when they talk about what they are working on to a co-worker, a spouse, or to someone in the lunch room.

A company's computer system is hacked, and employees' private information is stolen. Or consumers' confidential financial data is compromised when a credit card company discards an outdated computer. Or taxpayer's names, addresses, and social security numbers are potentially jeopardized when a government computer is stolen.

You hear about these types of incidents fairly often, and it should be a concern for all of us. And it's more than just electronic files that we must worry about. Problems with confidentiality often occur where you least expect it - people just being sociable. It is easy for employees to slip when they talk about what they are working on to a co-worker, a spouse, or to someone in the lunch room.

Under HIPAA, employers have responsibilities for securing "protected health information." A pharmaceutical company was sued after an employee found a box of old personnel records in a closet and used the information to open 25 credit card accounts. The company had failed to keep the confidential information secure.

And it's more than just electronic files that we must worry about. A pharmaceutical company was sued after an employee found a box of old personnel records in a closet and used the information to open 25 credit card accounts. The company had failed to keep the confidential information secure.

Organizations must understand the confidential information it holds, who has access to that information, and what must be done to protect that information.

Medical records
The Americans with Disabilities Act requires you keep applicant and employee medical information confidential and separate from the general personnel file. Medical information is to be kept secured, with access limited only to those that have a true business need for the information.

Social security numbers
Social Security numbers should be used only where they are absolutely necessary, such as on certain paperwork. Some states restrict the use and display of employees' Social Security numbers to prevent identity theft. However, some employers are still using social security numbers as employee identification numbers.

This includes supervisors who may discuss an employee's medical condition with that employee's co-workers.

I-9s
You must complete an I-9 on every employee. It's suggested that I-9s, and any sensitive background information checks, be kept separately.

How KOL can help
You have a duty to safeguard employee personal information. Impress on employees that they should not be discussing private or confidential information with anyone who does not have a business reason to know that information. This includes supervisors who may discuss an employee's medical condition with that employee's co-workers.

A folder thoughtlessly left on a manager's desk could be seen by a passing employee.

Your emphasis, when it comes to confidential information, should be to give out only what is absolutely necessary to the few people who absolutely need it.

The risk is not only identity theft, but someone in the company making decisions based on information they see – not promoting an employee to a position that requires travel if they have young children, or if an employer is older than perceived he or she might be passed over based upon age. These types of discrimination are actionable.

So you need to be aware of the need to keep information confidential. KellerOnline offers Topics on Security, Medical Recordkeeping, Social Security, and Recordkeeping. This information can assist you in reviewing your procedures to be sure that you are doing all you can to ensure employee privacy.

For more information, visit the J.J. Keller & Associates Web sites at www.jjkeller.com.