resource center for smmer assised living facilities

Technology Tips For Keep ALF Records Confidential

Many small assisted living facilities don't have the benefits of large IT departments or dedicated staff making sure their data is safe.  Even with that being the case, there are a few easy tips that you can use to significantly increase the protection your data has.

Password-protect your access - Use a strong password or pass-phrase to protect access to your data. 
No one but you should know your password, don't share it with anyone. Even though it's a little harder to remember, a password shouldn't be a common word of something some one else can guess. 

  • Your dog's name may not be something anyone knows, but words are the first things hackers try. 

  • A strong password or phrase should be at least six characters in length, with uppercase and lowercase letters and punctuation marks or numbers mixed in.

  • Change your password as frequently and as conveniently as you can.

Encrypt or password protect your data - If possible, encrypt stored data. When you encrypt a file or folder, you are converting it to a format that can't be read by other people. This key (known only to you) is needed to read the file.

  • New operating systems usually provide an option to encrypt your data.  By doing so you can prevent people from looking at your data even if the physical computer is stolen. 

  • Your files can be protected by encrypting the entire hard drive or just the files you need.

  • The major drawback for this is that if the encryption key or password is lost, there is a very real possibility that the data may be lost as well.

  • Another way to protect files is password protection. This is a mid-level form of protection that should keep out all but the most determined or skilled.

From the Microsoft Website:

To password-protect a file in Word or Excel, open the document. Go to Tools > Options > Security tab. Enter your password in the Password to open box. When you click OK, you will be prompted to re-enter your password. Save your file. When you close and reopen it, you will be prompted to enter the password you chose.

If you're using Office 2007, the steps for creating a password-protected file are a little different. In either Word or Excel, click the Microsoft Office button and click Save As > Tools > General Options, type your password in the Password to open box, confirm the password, then hit OK.

Keep physical copies of data safe - Having a secure network or computer won't help if you have printed copies of sensitive documents with easy access.  Additionally, back-ups and other removable media are easy ways to obtain large quantities of data quickly.  

  • Keep people physically away from the computers and files to which they don't need access.

  • Limit transporting or transmitting confidential data if you don't need to. Sending materials by email or keeping copies of files on "flash drives" is an easy way to lose control of data either accidentally or have it stolen. 

  • If you do need to transport data, make sure it is deleted or destroyed when you don't need it any longer.

Organize Your Data - Have directories on your computer or network where you store confidential data. 

  • Don't just keep files on your desktop or put them in arbitrary locations.

  • Once you have a specific location for these files, don't network share them out or give others access to the data. 

  • Create as many of these locations as you need as different uses have different access needs.  For example, someone who might need a resident's medical records may not need a resident's financial records or vice versa.

Add a user account for each person who needs one - There is no reason to share accounts and no reason to give people access to files they don't need. 

  • If your computer is used by more than one person, create individual accounts. By doing this, everyone has their own password to log in and can only access their own saved files.

  • Other users should be given a limited account without administrative privileges.

If you have a wireless or small local area network, restrict network or shared access - Access to data should be on a "need-to-know" basis.

  • A person who just needs to check emails or create some Word documents does not need access to financial or medical records. 

  • Additionally, if you have a wireless network, make sure you limit access by encrypting the traffic and limiting access based on MAC addresses, these are settings on your wireless router. 

  • No sensitive data should ever be sent (or be accessible) via a wireless network since it can never be 100 percent secure.

Source: Legal Aid Bureau’s Maryland Legal Assistance Network, in partnership with the Senior Legal Helpline, and the Assisted Living Project  the under a grant from the Maryland Department on Aging  to the Legal Aid Bureau   

Date last reviewed (no legal content): 10/20/07 (MLAN/DD)