Be Vigilant in Protecting Resident Information

HUD has established “Privacy Principles” in which the agency outlines its obligation to protect privacy and safeguard the information that individual citizens entrust to it (see HUD's Privacy Principles on p. 7). This obligation is, HUD says, a fundamental part of its mission to administer its programs fairly and efficiently.

HUD has established “Privacy Principles” in which the agency outlines its obligation to protect privacy and safeguard the information that individual citizens entrust to it (see HUD's Privacy Principles on p. 7). This obligation is, HUD says, a fundamental part of its mission to administer its programs fairly and efficiently.

It's clear that HUD takes the protection of residents' personal information seriously, says Mark Chrzanowski, trainer and compliance specialist with Indiana property management firm Gene B. Glick Co. The agency expects that site managers will take every necessary precaution to safeguard such information and that all staff members are educated to do likewise.

“You must adopt a frame of mind to keep everything about residents and households confidential,” Chrzanowski says. “In fact, a good rule of thumb for privacy is to never divulge anything—that includes whether the person is a resident or even an applicant.”

The “never divulge” rule applies even when someone asks whether a person is a resident of your site, Chrzanowski points out—or an applicant, for that matter. “The right response to that question is along the lines of, ‘I cannot confirm or deny that information’—and leave it at that,” he says.

Set the Right Tone

Much of what you should do to protect the confidentiality of resident information is common sense, Chrzanowski adds. It should be part of a culture that you create as the site manager to respect and safeguard resident privacy. Here are several tips he has for helping you set a tone that says you are serious about the matter.

Be extra attentive when accessing resident files. If you have a paper file open on your desk or an electronic file open on your computer screen and someone comes into your office, close the file promptly. This should go without saying, Chrzanowski says, but it's a common issue.

“The person who comes in could easily see the information, inadvertently or not,” he says. “The person may have paperwork of his own that he places on your desk on top of the open resident file. When he gathers his papers to go, he could accidentally take a paper from the file. It happens.”

Chrzanowski says regardless of whether the person is another staff member, another resident, or a vendor, resident data should be kept from his view.

“And you should work on only one file at a time,” he cautions, “especially with paper files. With multiple files spread out on your desk, it would be easy for papers to wind up in the wrong file.”

Secure all resident information. HUD assumes you have appropriate security measures in place, Chrzanowski notes. For example, paper files are kept in a locked cabinet in a secure office or area. Electronic files are accessed only by a secure password. If your compliance software is Web-based and you transmit voucher and tenant data electronically, take reasonable safety precautions.

“Don't write your user name and password on a Post-It Note and place it by your computer screen,” he stresses. “And don't save your password on your computer.”

Chrzanowski cautions against keeping resident information on a laptop, especially one that you would carry in and out of your office, and take home. There's more risk of it being taken and no real reason for the resident information to be maintained there, he says.

Don't discuss resident matters with other people. This means with others in your office who have no need to know, as well as outside your office, with friends or family.

“For example, don't go to lunch with a friend and talk about a resident,” Chrzanowski says. “Even if you don't use a name or use only a first name, you've put yourself in a potentially serious situation of breaching confidentiality.”

Limit office staff's access to resident information. “Certainly others need access in case the site manager is not there,” Chrzanowski says, “but that access should be limited.”

Educate staff. Emphasize the importance of respecting resident privacy and maintaining confidentiality. “Simply tell them it's part of the program; it's the way we work here,” Chrzanowski says. “We do not talk about our residents.”

Train your staff to always be aware of who's around them when they are going about their work. Don't get caught up in a conversation with one resident about another resident. Maintenance staff, for instance, can find themselves in this kind of situation, Chrzanowski says, because they are in and out of many units.

“You have a maintenance guy who gets friendly with a resident. He thinks he's sharing something with a buddy. That's the kind of thing your staff needs to be educated to avoid,” he says.

Confidentiality Connects to Liability

The bottom line on maintaining confidentiality of resident information is that it is the right thing to do. Equally important is the fact that failure to do so could put you in a bad position, explains Chrzanowski. If resident information is revealed and the resident is harmed as a result, you could be held liable.

“Resident files contain very sensitive information,” he says. “Obviously there are Social Security numbers, birthdates, verification of income, amount of assets. But there also could be information about a disability, medications, pharmacy printouts, or a doctor's name.

“Consider what could happen if others see that information,” he continues. “They see a doctor's name, and they know that doctor is a psychiatrist. Or they see an amount of assets…they don't know what the resident's assets are, but still they know that he or she has assets. They could spread that information, and the resident could be harmed as a result. It's your job to make sure that does not happen.”

Insider Source

Mark Chrzanowski: Compliance Specialist, Gene B. Glick Co., 8425 Woodfield Crossing, Ste. 300W, Indianapolis, IN 46240; (317) 469-5885;


HUD's Privacy Principles

HUD's Privacy Principles state that:

  • Protecting individual privacy and safeguarding confidential information are a public trust.

  • No information will be collected or used that is not necessary and relevant for the administration of HUD's program, and other legally mandated or authorized purposes.

  • Information will be collected, to the greatest extent practicable, directly from the individual to whom it relates.

  • Information about individuals collected from third parties will be verified to the greatest extent practicable with the individuals themselves before any adverse action is taken against them.

  • Personally identifiable information will be used only for the purpose for which it was collected, unless other uses are specifically authorized or mandated by law.

  • Individual information will be kept confidential and will not be discussed with, nor disclosed to, any person within or outside of HUD other than as authorized by law and in the performance of official duties.

  • Unauthorized access to individual information constitutes a serious breach of the confidentiality of that information and will not be tolerated.

  • Requirements governing the accuracy, reliability, completeness, and timeliness of individual information will ensure fair treatment of all individuals.

  • The privacy rights of individuals will be respected at all times and every individual will be treated honestly, fairly, and respectfully.


Search Our Web Site by Key Words: Privacy Principles; confidentiality; liability