Client Privacy Settings on the Client level
Clarity would be so much more robust and flexible if client privacy settings were tied to the client and not the agency. Our community offers clients the ability to revoke consents. We also import data from another system so we are forced to choose between database health (client matching on) or client privacy. All of these issues would be resolved if client privacy was set at the client level vs. the agency.
Elisa Rawlinson commented
I have to agree with Joshua Kramer-Jensen!
Jennifer Allen commented
For an agency that serves regular shelter clients and then has a separate RHY funded program departments should allow for the RHY program to easily default clients created as not shared.
Karl Jenkinson commented
We have clients who come to work for us as staff. They are concerned about other staff seeing them in the database and knowing about their past. At the same time, our admin team needs to be able to find all clients when responding to legal actions such as subpeonas. They are not "computer experts", so using a spreadsheet or Direct SQL Access does not work well for them. We would like to mark a client as Private and have their PII not visible to regular staff. System Admins, and maybe Agency Managers, would have full visibility.
Noah Frigault commented
We're with an agency that provides both supportive housing and on-site case management services. It is critical that we protect sensitive information on the case management side internally, especially HIPAA-protected medical information.
Joshua Kramer-Jensen commented
To expand on this, currently, client privacy is tied to the Agency which created the client. Private clients can only be associated with one agency, and clients with data from multiple agencies cannot be changed to private. Clients with data in multiple agencies must be duplicated, which breaks cross-agency reports, as the duplicated client will show up as multiple individuals.
These issues could be resolved by a Client Privacy Setting that restricts access to a client record based on the agencies it is currently associated with.
For example, a client is enrolled with AgencyA and AgencyB, then revokes sharing permission. Enabling the proposed privacy setting for the client would cause them to be visible only to these agencies. If the client were then enrolled with AgencyC, a new client record would need to be created, as the original is not visible to AgencyC. This record could then be merged with the original, private client by an Admin, and would then only be visible to AgencyA/AgencyB/AgencyC.
Matan BenYishay commented
Or confidential programs as well!