Policies and Procedures
The best way that a sexual assault crisis and victim services center can ensure that confidentiality is maintained is by establishing comprehensive written policies and procedures that are distributed to, discussed with, and understood by staff, volunteers, and board members; given and explained to victims; and annually reviewed and updated by board members and executive staff.
A comprehensive confidentiality policy should include the following:
- Confidentiality policy statement.
- Exceptions to the policy.
- Procedures for notifying victims of the policy.
- Procedures for ensuring compliance with the policy.
- Procedures for collecting, storing, and disposing of records.
- Procedures for ensuring that victims have given informed consent, preferably in writing, when waiving their right to confidentiality.
- Confidentiality for support groups.
- Procedures for providing confidential services to minors.
- Procedures for internal communications and supervision.
- Procedures for responding to subpoenas.
The center should have clear and comprehensive written procedures and protocols on file to ensure the consistent application of its confidentiality policy.
A confidentiality agreement should be signed by all staff, volunteers, student interns, and board members. The confidentiality agreement should include the printed name of the individual, the date, and the individual's signature, which should be witnessed by at least one other person. The confidentiality agreement also should state, minimally: the center's confidentiality policy; exceptions to that policy; the consequences of violating confidentiality policies (such as serious disciplinary action or termination); and, for dual sexual assault and domestic violence shelter programs, an assurance that the individual will not disclose the location of the shelter. The confidentiality agreement should be signed prior to beginning work with the center (for example, as part of orientation). The original signed agreement should be kept in the employee's or volunteer's personnel file or a similar file, and the individual who has signed the agreement should receive a copy.
Sexual assault crisis and victim service centers should also have a policy for recordkeeping and security of program records. Victim records should be minimal, containing only information that is necessary to provide the services being sought by the victim.
Victim files should not include the following:
- A victim's verbatim statements.
- Clinical diagnoses, speculations, or any medical information.
- Notes, memos, or internal communications from volunteers or other staff regarding the victim.
- Diaries or personal notes kept by the victim.
- Information from other sources (such as medical records or police reports).
A center can further protect the security of victim information by keeping records in locked file cabinets or drawers that are only accessible to certified sexual assault counselors. Access to victim records by auditors, funders, or government oversight agencies should be limited to aggregate data and nonidentifying victim information; personally identifiable information can be redacted from copies of records if needed. A center should destroy old records in a timely manner to ensure that no confidential information is disclosed and should establish a means for the proper destruction of victim-related material on computer backup media.