• No results found

Personal Data Handling and Sharing Policy

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Personal Data Handling and Sharing Policy"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Personal Data Handling and

Sharing Policy

Originator Richard Gibson Date 20 June 2012

Verifier Lynda Oliver Date 20 June 2012

(2)

Contents Page

1. Introduction

2. Purpose of the Policy 3. Responsibilities 4. Data Gathering 5. Use of Data 6. Patient Rights 7. Sharing of Data 8. Scope 9. Procedures 10. Approval

(3)

Personal Data Handling and Sharing Policy

1. Introduction

The Outside Clinic has an obligation to define the requirements for how we process data and how it is handled within the organisation structure.

2. Purpose of the Policy

The purpose of this Policy is to define why data is collected, how it is used and how data is kept confidential. It also sets out the parameters for all employees of The Outside Clinic who are involved in how to share patient identifiable/sensitive information outside the

organisation.

3. Responsibilities

The Data Controller is responsible for keeping patient information confidential. The Data Controller is the Head Of Operations.

4. Data Gathering

The Outside Clinic keeps records about patient’s health and any treatment and care that is provided. These records help to ensure that we deliver the best possible care. The records may be written down (manual records) or held on computer. These records may include:

Basic details about the patient such as address, date of birth.

Contact we have had with the patient such as eye and hearing examinations. Notes and reports of the patient’s health.

Details and records about the patient’s treatment and care.

Some of this information will be held centrally to be used for statistical purposes. In these instances we take strict measures to ensure that individual patients cannot be identified. The information will only be used with their consent, unless the law requires us to pass on this information.

5. Use of Data

Patient records are stored so that they can be used to guide and administer the care that is provided to them.

Our medical professionals involved in their care has accurate and up-to-date information to assess their health and decide on the most appropriate care for them.

Patient concerns will be fully investigated if a complaint is raised.

The Outside Clinic will ensure that the appropriate information is available if the patient attends another medical professional or they are referred to a specialist, their GP or another part of the NHS or similar organisation.

6. Patient Rights

Patients have a right of access to the information that we hold about them. The information can be provided by the patient making a request in writing to the Data Controller. We are required to respond within 40 days. The patient will need to give The Outside Clinic adequate information to ensure that the patient’s identity can be verified.

(4)

7. Sharing of Data

It is the Policy of The Outside Clinic to share patient information appropriately in order to ensure seamless and appropriate care for patients. Every member of staff has a contractual obligation to pass on or share patient identifiable information safely and securely.

The Outside Clinic acknowledges that patients have a right to be aware when their data is being shared. If the sharing does not contribute to, or support the delivery of their care, then it may be that their written consent will be required.

The sharing will be carried out in a safe environment and within the constraints of the Data Protection Act 1998, the Data Protection Principles and the Caldicott Principles.

8. Scope

This Policy applies to all patient identifiable or The Outside Clinic sensitive information, be it manual or electronic, that is being shared or is planned to be shared with another

organisation or individual.

9. Procedures Postal Security

Envelopes should be securely sealed, clearly addressed to a known contact and marked “confidential” and “addressee only”. A return to sender address should also be marked on the envelope

Telephone Security

Telephone validation or “callback” procedures should be followed before disclosing

information to someone you do not know to confirm their identity and authorisation.

Fax Machine Security

All fax machines, which could receive patient information when unsupervised, must be in an area that could be locked so that unauthorised staff or the general public cannot gain access to them.

Confidential information should only be sent by fax where absolutely necessary. If you do send information that identifies a patient, always send a cover sheet with the fax, which contains a statement “ This fax is confidential and is intended for the person whom it is addressed…”.

When faxing patient information, steps must be taken to minimise the risk of miss dialling. Pre-programmed dialling is recommended and you should never dial from memory.

Never send a fax to an unsupervised machine, unless it is designated “ safe haven” or “secure”. Make sure that an appropriate person is available to receive that fax. It is good practice to make sure after sending the fax that the right person has received it.

Confidential information sent via fax should be accompanied by a phone call to the recipient. Coded numbers should be used instead of names/address wherever possible. The data should be anonymised where possible and kept to a minimum.

Email Security

Emailing patient confidential information is only permitted if it is encrypted or where system-to-system networks are known to be secure or by use of an NHS net email address.

(5)

Using Anonymised or Pseudonymised Information

Anonymising data means to remove factors that would enable an individual to be identified and is the method to be used for the sharing of bulk data.

Pseudonymisation is the process of applying a pseudonym to replace person identifiable information and can be used with certain IT programs when transferring information concerning individuals.

Encryption

All portable media etc (laptops, data sticks) that are to be used for the downloading of patient identifiable/sensitive information must be:

o Supplied by The Outside Clinic. o Encrypted.

Any enquiries about encryption should be addressed to the Hardware and Network Manager.

Data Sharing

Examples of data sharing are:

Patient data returns to the NHS England and Health Authorities. Communications with GP Practices.

Copies of records being supplied to other hospitals taking over the care of the patient because, for example, the patient has moved.

Outsourcing initiatives. Clinical audit or research.

Patient information being shared with other health care agencies.

Staff and Training

Reference to Data Sharing is part of Information Governance training that takes place at induction and at mandatory updates.

10. Approval

This policy has been approved by the undersigned and will be reviewed on an annual basis.

Originator: Richard Gibson Date: 20 June 2012

Verifier: Lynda Oliver Date: 20 June 2012

References

Download now ( PDF - 5 Page - 120.02 KB )

Related documents

The Foundations of Big Data Behavioral Analytics

Substantive expertise means that domain knowledge of information security is critical for a proper understanding and interpretation of the data.. Again, the Information Security

Commission on Teacher Credentialing

To be granted initial accreditation by the Committee on Accreditation as a program of professional preparation, the program proposal must (a) demonstrate that

Statistics Pocket Guide

The Department of Life Sciences was formed on 1 August 2007 by the linking of the Divisions of Biology, Cell and Molecular Biology, and Molecular Biosciences. The statistics for

Learning Interpretable Features of Graphs and Time Series Data

matrices of the multivariate time series data of solar events as adjacency matrices of labeled graphs, and applying thresholds on edge weights can model the solar flare

Fake Perfect in X-marked Conditionals

The tense morphology is interpreted as temporal anteriority: the eventuality described in the antecedent is localised in the past with respect to the utterance time.. Compare this

Year: 2016 Volume: 4 Number: 1 (Special Issue on STEM Education)

We support the idea of integrated STEM education in a Turkish context in ways that students spend efforts to solve a real-world problem, which requires content knowledge and skills

Expert Clinician to Novice Nurse Educator. Learning from First-Hand Narratives

clinical faculty, the authors designed and implemented a Clinical Nurse Educator Academy to prepare experienced clinicians for new roles as part-time or full-time clinical

Fatigue Loads Estimation Through a Simple Stochastic Model

Sketch of the proposed idea for estimating fatigue loads: one derives a stochastic model from the data series of the wind speed and torque measured at Turbine 1; using this model