TRANSFER OF PERSONAL INFORMATION PROCEDURE
SECTION FOURTEEN
1. INTRODUCTION
This document has been written to support the CCGs staff with the transfer of Personal Information between organisations, allowing them to do this securely, safely and in confidence.
Following these procedures ensures that the CCGs comply with:
The Data Protection Act (1998)
The Caldicott Principles
The Requirements set out in the Confidentiality: NHS Code of Practice
Further details of the Data Protection Act and the Caldicott Principles can be found in Appendix C & G.
These procedures also underpin the following CCG policies:
Data Protection Act Policy
Information Governance Policy
These procedures apply to all CCG staff and have been adopted by the CCGs Governing Bodies.
2. SCOPE
These procedures cover all personal information processed by the CCGs, including data relating to both Staff and Patients.
The CCGs recognise the importance of correct and lawful handing of Personal Data, as specified in the Data Protection Act 1998 and these procedures support this.
3. RESPONSIBILITIES
It is the role of the CCGs Governing Bodies to define the CCG’s policy in respect to the Data Protection Act. The CCGs Governing Bodies are also responsible for ensuring that sufficient resources are provided to support the requirements of the policy.
This policy applies to all staff who handle information obtained and processed on behalf of the CCGs. These responsibilities including those in key roles are outlined in more detail in Appendix B.
4. WHAT IS PERSONAL IDENTIFIABLE INFORMATION?
Personal Identifiable Information includes (although is not limited to) such data as:
Name and date of birth
Name and address
Full name (though not usually forename or surname alone)
Full address
NHS number
Personal identifiable information does not just mean patient information; it can mean information held about staff or other people who have dealings with the CCGs. This could include:
Details of a Freedom of Information Act requester.
A complainant.
Somebody who has tendered to run a service.
5. SAFE HAVEN
A Safe Haven originally referred to the siting of fax machines within NHS organisation so that personal information could be sent securely into an NHS Trust. However this meaning has now been expanded to encompass all secure methods of transmitting or transferring personal identifiable information.
Location/security arrangements
It should be a room that is locked or accessible via a coded key pad known only to authorised staff or
The office or workspace should be sited in such a way that only authorised staff can enter that location i.e. it is not an area which is readily accessible to any member of staff who work in the same building or office, or any visitors.
If sited on the ground floor any windows should have locks on them.
The room should conform to health and safety requirements in terms of fire, safety from flood, theft or environmental damage.
Manual paper records containing person-identifiable information should be stored in locked cabinets.
Computers should be not left on view or accessible to unauthorised staff and have a secure screen saver function and be switched off when not in use.
6. COMPUTERS
Access to any computer (including computer, laptop and mobile devices, such as iPads) must be password protected; this must not be shared in any
circumstances. If access is needed to someone’s diary or email, then the IT Service Desk will be able to advise you how to do this.
Computer screens must not be left on view so members of the general public or staff who do not have a justified need to view the information can see personal data. Computers or laptops not in use should be switched off or have a secure screen saver device in use. Alternatively, the computer should be “locked”.
Information should be held on the organisation’s network servers (such as the G:
drive), not stored on local hard drives (such as your C: drive) or other local media (such as CDs and USB memory sticks). Departments should be aware of the high risk of storing information locally and take appropriate security measures. In addition, folders set up on the network servers should have controlled access to only those staff that need it, if they contain personal identifiable information e.g.
access to the directory should be restricted to those members of the team that need access to it – not simply allow blanket access for all the team.
Non-CCG equipment (such as employees’ own personal computers, laptops and mobile devices, such as iPads), should never be used to store personal
identifiable information as this compromises the CCGs position as data controller.
Further guidance on appropriate use of email, internet etc. can be found in policies on the CCGs intranet.
7. SHARING INFORMATION WITH NON-NHS ORGANISATIONS
Employees of the CCGs authorised to disclose information to other organisations outside the NHS must seek an assurance that these organisations have a designated safe haven point for receiving personal information.
The CCGs must be assured that these organisations are able to comply with the safe haven ethos and meet certain legislative and related guidance requirements including:
Data Protection Act 1998
Common Law Duty of Confidence
NHS Code of Practice: Confidentiality
Staff sharing personal information with other non-NHS agencies should be aware of protocol agreements made with various local organisations.
If you need to share information with other organisations and are unsure whether a protocol is needed, then advice should be sought from the CSCSU Information Governance team.
8. PROCEDURE FOR SHARING INFORMATION BY POST
1. Confirm the name, department and address of recipient 2. Seal the information in a robust envelope
3. Mark the envelope “Private and Confidential to be opened by Addressee Only”
4. When appropriate, send the information by recorded delivery.
5. When necessary, ask the recipient to confirm receipt.
This procedure relates to Data Protection Principles 6 and 7 (Appendix C) and Caldicott Principle 4 (Appendix G).
9. PROCEDURE FOR SHARING INFORMATION BY FAX
1. Telephone the recipient of the fax (or their representative) to let them know you are going to send confidential information
2. Ask them to acknowledge receipt of the fax 3. Double check the fax number
4. Use pre-programmed numbers wherever possible
5. Make sure your fax cover sheet states who the information is for and mark it
“Private and Confidential”
6. If appropriate, request a report sheet to confirm that transmission was successful.
This procedure relates to Data Protection Principles 7 (Appendix C) and Caldicott Principle 4 (Appendix G).
10. PROCEDURE FOR SHARING INFORMATION BY TELEPHONE
1. Confirm the name, job title, department and organisation of the person requesting the information
2. Confirm the reason for the information request if appropriate
3. Take a contact telephone number (e.g. main switchboard number) but never a direct line or mobile phone number
4. Check whether the information can be provided. If in doubt tell the enquirer you will call them back
5. Provide the information only to the person who has requested it – do not leave messages unless certain it is appropriate to do so.
6. Ensure that you record your name, date and the time of disclosure, the reason for it and who authorised it. Also record the recipient’s name, job title,
organisation and telephone number to provide an audit trail.
This procedure relates to Data Protection Principle 7 (Appendix C) and Caldicott Principle 4 (Appendix G).
11. TRANSPORTING PERSONAL INFORMATION
1. Personal identifiable information should only be taken off site when absolutely necessary, or in accordance with local policy
2. Record what information you are taking off site and why, and if applicable, where and to whom you are taking it.
3. Information must be transported in a sealed container
4. Never leave personal identifiable information unattended – such as in a car.
5. Ensure the information is returned back on site as soon as possible 6. Record that the information has been returned.
This guidance relates to Data Protection Principle 7 (Appendix C) and Caldicott Principles 4 and 6 (Appendix G).
12. PROCEDURE FOR SHARING INFORMATION BY EMAIL
Email is not a secure method of transferring information – it is the equivalent of sending information on a post card, rather than a sealed envelope.
Personal information and other sensitive information (this could include information that is not personal, such as Trust financial information) should not be sent by email unless it has been encrypted to the standards approved by the NHS.
When sending personal identifiable data to a colleague by email, the data must be properly protected if the data is detailed enough that individuals can be identified from it.
Personal identifiable information must only be sent between NHSmail accounts.
Therefore information should only be sent from one NHSmail account to another NHSmail. This is because NHSmail encrypts both the email and its attachments and therefore requires no additional protection.
Therefore personal information should be sent from NHS.NET accounts to NSH.NET accounts.
NHSmail accounts to any other email address, will not be encrypted and are therefore not protected sufficiently and should not be relied upon to protect personal identifiable data.
Other partner organisations, such as social care, can apply for an NHSmail account to facilitate the exchange of information. Some partner organisations also have similar secure email addresses that interface with NHSmail – including those listed below:
GSi (*.gsi.gov.uk)
GSE (*.gse.gov.uk)
GSX (*.gsx.gov.uk)
GCSX (*.gcsx.gov.uk)
Password protection on Word, Excel, etc documents is very simple and not sufficient to protect the data included in the document. Therefore, personal identifiable information should not be sent when this is the only level of protection available.
It should be noted that although NHSmail protects the mail during transit, the user must ensure its security once it has arrived – care should especially be taken when opening NHSmail on a computer at home – as the information may well be cached (a hidden
“store” on the computer) onto the computer’s hard-drive and could still be accessed once the email is deleted.
13. PORTABLE MEDIA
It is strictly prohibited to copy any personal identifiable data onto portable media that is not encrypted to an agreed standard.
Personal identifiable data can be information relating to staff or patients and can be as little as a postcode or other demographic data.
Portable media includes USB memory sticks, CDs, DVDs, MP3 players, PDAs, etc.
This list is not exhaustive.
Guidance and policy in this area will be under continuous review during the lifespan of this policy; therefore latest guidance should be sought from the CSCSU Information Governance Team
If you are in any doubt, then do not copy onto the portable media without seeking explicit guidance from the CCGs SIRO (Chief Financial Officer) or Caldicott Guardian (Director of Nursing).