Wirral Code of Conduct for Handling Personal Identifiable Information Relating to both patients and staff

Transcription

1 Wirral Code of Conduct for Handling Personal Identifiable Information Relating to both patients and staff Applicable to the organisations listed below The Clatterbridge Cancer Centre NHS Foundation Trust Wirral Community NHS Trust Wirral University Teaching Hospital NHS Foundation Trust Code of Conduct for Handling Personal Identifiable Information July July 2014

2 This Code of conduct has been agreed by the Wirral Caldicott Guardians and represents the standard we should meet for safeguarding the personal information of both patients and staff. The signatories below continue to approve and support its contents and restate this is the required expectation for handling personal information. Andrew Cannell Chief Executive Simon Gilby Chief Executive David Allison Chief Executive Code of Conduct for Handling Personal Identifiable Information July July

3 Contents Page No. Foreword 4 What is confidential information 5 Disclosing and using personal information including pseudonymisation 5 Patient consent to disclosing information 6 Obligations on individuals working in the NHS 6 Caldicott 7 What is personal identifiable information 8 Who is an unauthorized person 8 Organisational contacts 9 Sharing information across organizational boundaries 9 Routine transfer of personal information 10 Physical and electronic security 11 Safeguarding manual personal information 12 Safeguarding information on computers 12 (including portable computers) Removable media 14 Memory Sticks Personal Digital Assistant Pocket PC Smartphones Trust supplied tablet computers Use of the system 15 Texting 16 Indiscreet conversations (including social networking sites) 17 Faxing personal information 18 Record keeping best practice 17 Security Incident Reporting 19 Legal implications 19 Agreement to sign 21 Appendices 1. Caldicott Principles 2. Data Protection Principles 3. Table 4. Subject Access Requests 5. Useful Resources Code of Conduct for Handling Personal Identifiable Information July July

4 Foreword The Wirral Code of Conduct aims to clarify the principles that govern all use of personal identifiable information and to ensure that certain practices are adhered to. None of these practices are onerous and they should already be in every day use. We continue to re-state them as an expectation of how systems should be maintained by NHS staff in Wirral. It should be noted that this is a generic Code of Conduct for all NHS Staff in Wirral and covers personal information concerning staff as well as patients. PLEASE NOTE: As this Code is generic, it does not mention specific organisational procedures and there may be procedures and policies within your organisation for dealing with some elements mentioned, i.e. fax procedures, telephone procedures, etc. The Health Service holds large amounts of confidential information about you, members of your family, friends, and colleagues; but the vast majority of this information will be about strangers, most of whom you are unlikely to meet. The information belongs to them and we are merely the custodians. Their information should be treated with as much respect and integrity as you would like others to treat your own information. It is your responsibility to protect that information from inappropriate disclosure and to take every measure to ensure that personal identifiable information is not made available to unauthorised persons. Equality & Diversity Statement If you wish to obtain a copy of this Code in a different format, for example, large print or Braille, please ask the WHIS Information Governance Facilitator - see Appendix 4 Useful Resources & Contacts Patients and staff should feel valued and be treated with respect and dignity particularly with regard to age, disability, gender, race, religion/beliefs and sexual orientation. For further advice and guidance see the Equality and Diversity policy for your organisation. Remember, you are bound by the same rules of confidentiality whilst away from your workplace as you are when you are at your desk. Code of Conduct for Handling Personal Identifiable Information July July

5 What is confidential information? All NHS staff have a common law duty of confidence 1. Patients entrust us with, or allow us to gather, sensitive information relating to their health and other matters as part of seeking treatment. They do so in confidence and they have the legitimate expectation that staff will respect their privacy and act appropriately. In some circumstances patients may lack the competence to extend this trust or may be unconscious, but this does not diminish the duty of confidence. It is essential, if the legal requirements are to be met and the trust of patients is to be retained, that the NHS provides, and is seen to provide, a confidential service. A duty of confidence arises when one person discloses information to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence. Everyone who works for the NHS has a duty of confidence to patients and to his or her employer. 2. Information that can identify individual patients must not be used or disclosed for purposes other than healthcare without: the explicit consent of the patient some other legal basis where there is a robust public interest or legal justification to do so. 3. In contrast, anonymised information is not confidential and may be used with relatively few constraints. 4. Patient information is generally held under legal and ethical obligations of confidentiality. Information provided in confidence should not be used or disclosed in a form that might identify a patient without his or her consent. However, there are a number of important exceptions to this rule and further guidance can be found in Confidentiality NHS code of Practice - see Appendix 4 Useful Resources & Contacts Disclosing and using patient identifiable information Information may be used for other reasons other then direct care 5. Many current uses of confidential patient information do not contribute to or support the healthcare that a patient directly receives. Very often, these other uses are extremely important and provide benefits to society, e.g. medical research, protecting the health of the public and health service management and financial audit. However, they are not directly associated with the healthcare that patients receive and we cannot assume that patients who seek healthcare are content for their information to be used in these ways. 6. Personal identifiable data used for reporting, audit or analysis purposes which has no direct relationship with the patient pathway must be pseudonymised. This is a process that changes the data so that it becomes incomprehensible to anyone viewing it. The organisation psuedonymising the data will have a process to reverse the process back to its original version if required. Code of Conduct for Handling Personal Identifiable Information July July

6 7. It is also extremely important that patients are made aware of information disclosures that must take place in order to provide them with high quality care. In particular, clinical governance and clinical audits, which are wholly proper components of healthcare provision, might not be obvious to patients and should be drawn to their attention. Similarly, whilst patients may understand that information needs to be shared between members of care teams and between different organisations involved in healthcare provision, this may not be the case and the efforts made to inform them should reflect the breadth of the required disclosure. This is particularly important when the disclosure extends to non-nhs bodies. 8. Patient information may be released in cases where there is a danger to patients or others. If you receive a request from another agency or the police, etc, you should seek advice from your manager, Caldicott Guardian, or Information Governance Lead if you work in general practice. 9. Ensure that you are familiar with the patient information leaflet Protecting Privacy Public Information Leaflet and accompanying posters. All staff that work with patients should proactively ensure that patients receive a copy of the leaflet at their first point of contact. It should not be left to chance that the leaflet has been seen in reception areas and noted. Patient consent to disclosing information Inform patients effectively no surprises 10. Patients generally have the right to object to the use and disclosure of confidential information that identifies them, and they need to be made aware of this right. Sometimes, if patients choose to prohibit information being disclosed to other health professionals involved in providing care, it might mean that the care that can be provided is limited or that it is not possible to offer certain treatment options. Their wishes must be confirmed and recorded in their health record. 11. There are situations where consent cannot be obtained for the use of disclosure of confidential information, yet the public good of this use outweighs issues of privacy. The Ethics and Confidentiality Committee (ECC) has been established to undertake the responsibilities of the National Information Governance Board for Health and Social Care (NIGB) under section 251 of the NHS Act 2006 and to consider and advise on ethical issues relating to the processing of health or social care information as referred to it by the NIGB. 12. Section 251 of the NHS Act 2006 (originally enacted under Section 60 of the Health and Social Care Act 2001), allows the common law duty of confidentiality to be set aside in specific circumstances where anonymised information is not sufficient and where patient consent is not practicable. 13. Applications for approval to use Section 251 support were previously considered by the Patient Information Advisory Group (PIAG) but will now be considered by the ECC. Obligations on individuals working in the NHS Meet the standards and build on good practice 14. All staff should meet the standards outlined in this document, as well as their terms of employment (or other engagement agreements). Much of what is required builds on existing Code of Conduct for Handling Personal Identifiable Information July July

7 best practice. Everyone should make every effort to meet these standards and improve practice. 15. It is clear that staff are constrained from meeting these standards where appropriate organisational systems and processes are not yet in place. In these circumstances, the test must be whether they are working within the spirit of this Code of Conduct and are making every reasonable effort to comply. 16. The need for change may apply to many existing systems and processes. It is important that staff know who should be informed of any specific problems or barriers to change that are noted. 17. Data quality is becoming increasingly important as the NHS moves forward and information sharing becoming more accessible. Inputting data correctly first time, whether in a clinical or non-clinical setting, is part of your job. In a clinical setting, verification that patient details are correct and complete, contribute directly to the care of the patient the affect of incorrect and missing information would be detrimental. In a non-clinical setting, the information you work with is a vital part of the day to day running of your organisation. In both instances, the organisation has to be confident that the information is correct information either becomes part of a patient record or part of the history of the organisation. 18. It is useful to bear in mind that data of any kind, whether in a manual or electronic format, should be: Fit for purpose Accurate Complete Timely Caldicott Now incorporated into the Information Governance Framework 19. The Caldicott Committee: Report on the Review of Patient-identifiable Information, was published in December 1997, and the resulting conclusions in the report formed the basis for changes in the way we protect personal information. The guidelines resulting from the Caldicott report have now been built into the Information Governance framework. 20. The Report made sixteen recommendations and one of the key recommendations was the appointment of a Caldicott Guardian for each organisation. All Wirral statutory health organisations have a Caldicott Guardian who is responsible for agreeing and reviewing protocols that govern the disclosure of personal identifiable information across organisational boundaries. General practices have an Information Governance lead that will be a point of contact within the practice for any issues associated with patient confidentiality. Ensure you know who your Caldicott Guardian or IG Lead is. 21. The Committee also developed a set of 6 general principles (see Appendix 1) for the safe handling of personal identifiable information and these Principles are the guidelines to which the NHS works to help comply with the Data Protection Act. They work hand-in-hand with the Principles of the Data Protection Act 1998 (see Appendix 2), which came into force on Code of Conduct for Handling Personal Identifiable Information July July

8 1 st March 2000, and they both cover information held in whatever format whether electronically, paper, verbal, or visual. The six Caldicott Principles must be adhered to when collecting, storing, holding, disclosing and even destroying personal identifiable information. What is patient identifiable information? It s not just a case of name, address or date of birth 22. The Caldicott Committee concluded all items of information which relate to an attribute of an individual should be treated as potentially capable of identifying patients and hence should be appropriately protected to safeguard confidentiality 23. These items include: Surname Forename Initials Address Postcode Sex NI number NHS Number Ethnic group Date of birth Occupation Other dates, e.g. death, diagnosis Local identifier, e.g. hospital or GP Practice number Who is an unauthorised person? Anyone who doesn t need to know 24. An unauthorised person is anyone who does not need to know the information. Your job role, or level of access to a computer system, provides you with a level of authority to access information. Do not assume that all of your work colleagues are authorised to see the same information that you are. It is important to remember this even if they are in a more senior role to yourself - if they do not need to know the information, they do not need to have it. If you are in doubt as to whether you should share the information with one of your colleagues, seek the advice of your manager, Caldicott Guardian or Information Governance lead. 25. In certain instances, an NHS body or member of staff may have a statutory responsibility to pass on patient information. 26. The NHS has a statutory obligation to notify the government of certain infectious diseases for public health purposes, e.g. measles, mumps, meningitis, tuberculosis, but not HIV/AIDS. Births and deaths must also be notified. 27. A court of law can insist that medical information be disclosed to them. The process for this will be undertaken by a senior manager and you should always obtain advice from your manager under these circumstances. 28. Solicitors sometimes request medical reports but these requests must be accompanied by the signed consent of the patient. Any third party information in the record will be withheld unless the third party has also given written consent. Requests of this sort are very specific, and can only be carried out by designated staff that have been trained appropriately. Make sure that you know who the contact is in your organisation for access to information requests. When in doubt always seek advice from your manager as before. Code of Conduct for Handling Personal Identifiable Information July July

9 29. Limited information needs to be shared with Primary Care Trusts to assist with the organisation of national public health programmes, e.g. breast screening, cervical smear tests, and childhood immunisations. 30. You must only access patient information if it is part of your official duties. It is not acceptable for staff to access either their own records, or to access the records of relatives, friends, or neighbours. This Code of Conduct is against this inappropriate use of any system used to record personal information and misuse of any system used for recording information in confidence will result in disciplinary action. Staff and patients have a right to ask about information that is held about them in their health and employment records. However, this should only be done according to the guidance of the Data Protection Act 1998 (see Appendix 3). The contact for each organisation is listed below. Organisation Contact Person Contact Number The Clatterbridge Cancer Centre NHS Foundation Trust Wirral Community NHS Trust Wirral University Teaching Hospital NHS Foundation Trust Head of IM&T and Information Governance Head of Nursing, Quality & Governance Information Governance Manager or Ext or Ext or Ext Sharing information across organisational boundaries Is there an information sharing agreement in place? 31. Follow any established information sharing protocols or agreements. These documents are known by many different names, for example, Information Sharing Protocols /Data Sharing Agreements/ Information Sharing Arrangements. Wirral health organisations have agreed a three tier system known collectively as the Information Sharing Toolkit. Tier 1 Overarching Information Sharing Framework, which is an agreement, in principle, to share information with partner organisations. Tier 1 documents are approved and signed by the organisational chief accountable officer. The signatories to this document will increase in numbers as more information sharing partners are identified. The Tier 1 document is underpinned by: Tier 2 - Information Community Arrangement (ICA) - A managerial set of ICAs, which define an information community, agree purposes, define lawful authority and purpose focused policies. Tier 2 documents are approved and signed by the Caldicott Guardians. Tier 3 - Operational Arrangement (OA) - A set of specific OAs which defines specific purposes and processes by which information can and will be shared. Tier 3 documents are approved and signed by the Caldicott Guardians. Code of Conduct for Handling Personal Identifiable Information July July

10 32. In addition, the Tiers are supported by extensive appendices, which sets out appropriate legislation, regulations, guidance and standards. Staff should work within these protocols where they exist and within the spirit of the Code of Conduct where they are absent. For advice and guidance on information sharing and producing information sharing agreements you can contact the WHIS Information Governance Facilitator see Appendix 4 - Useful Resources & Contacts. Routine Transfer of information Do you have the authority to do this and does the recipient have the authority to receive? 33. Staff should check that any callers, by telephone or in person, are who they say they are. There can be a significant risk of harm to a patient through impersonation by those seeking information improperly. Seek official identification or check identity by calling them back using the home phone number or the main switchboard number never verify a caller via a mobile phone number. Check also that they have a legitimate right to have access to that information. 34. The transfer of personal identifiable information need not be a complicated process and could be as simple as: taking a document and giving it to a colleague making a telephone call sending a fax passing information held on computer. 35. In all cases, however simple or complicated, the Caldicott Principles must be adhered to, in order to ensure that personal identifiable information is not disclosed inappropriately. Always remember that once confidential information has been passed to you, it is your responsibility to keep it secure. 36. Care must be taken, particularly with confidential clinical information, to ensure that the means of transferring it from one location to another are as secure as it can be. Refer to the Caldicott Principles and Data Protection Principles (Appendices 1 &2) share the minimum necessary to provide safe care or satisfy other purposes. 37. When sending personal identifiable information, ensure CONFIDENTIAL is marked in a prominent place on the front of the envelope. Make sure that the address of the recipient is correct and clearly stated, using the following format: name; designation (job title); department; organisational address; 38. If personal identifiable information is to be sent in carrier (internal) envelopes, the envelope must be sealed and marked CONFIDENTIAL. Internal mail should still be properly named and addressed, for example, not just to Mary from Maternity. Code of Conduct for Handling Personal Identifiable Information July July

11 Transfer between hospital sites. 39. If your organisation has a secure system for transferring patient records between hospital sites, you should always ensure this system is used, referring to any guidance that your organisation issues. 40. Only authorised personnel may assist in the transfer of patient records where an office, department or practice is moving premises from one site to another. This must be done under the guidance of an authorised employee / employees of the relevant organisation. Transfer between departments on site 41. If your organisation has an internal system for transferring confidential information (e.g. routine portering transfer), this system should be used to transport records between departments. Alternatively, appropriate special arrangements may need to be made for information required urgently (e.g. non-routine portering transfer). In either situation, the information must be correctly packaged and labelled as detailed earlier. Depending upon circumstances, it may be more appropriate and expedient to transport the information personally. If this is the preferred option, you must keep the information with you at all times and not leave it unattended during transit. 42. It is not appropriate for unpackaged information to be given to a colleague for delivery. If you have any specific questions regarding transferring patient records, seek further guidance form the Medical Records Department for your organisation. 43. There may be occasions when special arrangements have to be made for transferring personal information and you should ask advice from your organisation as this may include encryption and/or special delivery or courier. Physical and electronic security (general) Access to rooms and work areas 44. Room access - Personal information should not be left unattended. However, where this can be justified, consideration should be given to restricting room access. Staff should wear building passes/id if issued and query the status of strangers. Know who to tell if anything suspicious or worrying is noted. Do not tell unauthorised personnel how the security systems operate. 45. If the room can be locked without compromising patient care (e.g. where the patient information is unlikely to be needed by non key-holders), then it should be locked. Don t forget to shut and/or lock doors and cabinets as required, and report any faulty locks on doors and windows. 46. Work areas Personal information should always be held securely. In any area which is not in itself secure, and which can be accessed by a wide range of people (including possibly the public), such information should be put/locked away immediately after it has been finished with. Where it is impractical for this to be achieved, access to the work area must be restricted. Examples of this latter situation are: In a laboratory working simultaneously on samples from a number of patients, but where only laboratory technical staff may enter. In a reporting/medical office, where at any time reports are dictated on a number of patients seen within a clinic, but where the office is accessed by medical staff only. Code of Conduct for Handling Personal Identifiable Information July July

12 Patients should be discouraged from entering these areas. Safeguarding manual information Don t walk away from your desk and leave your work uncovered 47. Never leave personal identifiable information around for others to find. Try to adopt a clear desk philosophy wherever possible and only work with the information required at that time and put all other related documents away. 48. Avoid taking confidential information away from your work premises wherever possible. Where this is necessary in order to carry out your duties (e.g. home visit to a patient), you must keep the information secure and make every effort to ensure that it does not get misplaced, lost or stolen. Do not leave confidential notes or files in unattended cars or in easily accessible areas. 49. When disposing of paper-based information, ensure that it is shredded. Never put confidential information directly into a general waste paper bin or recycling bin. If your organisation has a designated confidential waste destruction programme, you must follow the requirements of that programme check with your manager if you are unsure of the requirements. 50. Working diaries can hold a great deal of personal information and should be kept secure when not in use. Precautions should be taken when transporting your diary to ensure it is in your care at all times and you should hand it back to your manager if you no longer need them for your job. The minimum retention period for office diaries is 1 year after the end of the calendar year to which they refer. The minimum retention time for health visitor and district nurse diaries is 2 years after end of year to which diary relates. Patient relevant information should be transferred to the patient record. For further information on the retention periods of health records and non-health records can be found in Records Management NHS Code of Practice which can be found on the Department of Health web site (see Appendix 4 Useful Resources). 51. Do not take personal notes or pocket books containing personal identifiable information away from your place of work. If the information is no longer required, it should be disposed of appropriately. If the information is required for an ongoing purpose, it should be locked securely away. All personal notes and pocket books containing personal identifiable information must be handed back to your manager if you no longer need them for your job. 52. If documents containing personal information come into your possession and you are not the intended recipient, you should either forward these to the named person or, if this is not known, seek advice from your manager, Information Governance Lead, or Caldicott Guardian. If you identify any document containing personal information, you should make every effort to decrease the possibility of these being seen by inappropriate persons by obscuring or turning over; case notes or nursing notes left open should be closed. Wherever possible, these documents should be filed and locked away. Safeguarding information on computers Much more than keeping passwords secure 53. The security and confidentiality of information held on computer must be maintained at all times. Code of Conduct for Handling Personal Identifiable Information July July

13 54. Always protect the system (e.g. log off or use password-protected screensaver) when you have finished your work or stop using your computer, and always switch off at the end of the day. Failure to do this not only leads to a risk of unauthorised access to personal information, but you will be held responsible for any actions associated with your sign-on. 55. Do not walk away from your work area and leave your computer turned on and risk personal information being left on your screen and seen by unauthorised persons. If you need to leave your desk, you should protect the system (e.g. log off or use password-protected screensaver). Only save personal information to a secure network drive where it is backed up on a regular basis. Never store personal information on an unprotected drive, e.g. the c drive, as this is not backed up automatically and data could be lost. 56. Do not keep any personal identifiable information longer than necessary. Delete personal files you do not need to keep (except where the data held is original data), for further advice you should see your manager or Information Governance Lead. 57. Windows users should remember that when deleting files they are moved to the recycle bin. Therefore, the recycle bin should be emptied on a regular basis. If in doubt on how to do this, check with the WHIS Service Desk see Useful Resources & Contacts - Appendix 4. Readers should be made aware that this method of deleting data is not secure as it can be recovered using appropriate software. 58. When you log onto a system you are telling the computer it is you. If someone else uses your computer, the computer still thinks it is you and you will be held responsible for any actions associated with your password. Passwords are the keys that provide access to information and you MUST NOT disclose your password to ANYONE under any circumstances and never write your password down as, this could be seen by other users. Always change your password when prompted and never use family or pet names as these can be guessed. Passwords should be a minimum of 6 characters and should be a mixture of letters and numbers, eg using 5 instead of S, 1 instead of I, etc. Some symbols can also be used, for example, $ % & * and you could add these to your password to make it more robust. 59. Managers should not compromise a member of staff by asking for their password for convenience or any other reason. If it is absolutely necessary to access information held by another staff member, for example, to access information when a patient or other person is in danger and the owner of the password cannot be found), contact the WHIS Service Desk. 60. Your computer should be shut down at the end of the working day unless it is needed to work unattended, e.g. for print-outs. 61. Destruction and / or disposal of computers, or parts thereof, must be carried out by Wirral Health Informatics Service (WHIS). This will ensure that all information is stripped from the computer and disposed of using the correct procedures. Staff should not remove or relocate computers without first checking with the WHIS Service Desk. Code of Conduct for Handling Personal Identifiable Information July July

14 Portable Computers 62. Do not leave portable computers unattended in cars or other easily accessible areas. It is your responsibility to make sure that any portable equipment is kept secure and kept under lock and key when not being used. Always ensure that you: have the authority to take equipment off-site have permission to transfer personal identifiable information off-site and that you store back-ups securely and complete them regularly whilst using portables personal information is encrypted all equipment is locked away when not in use every effort is taken to prevent loss or theft of your computer Removable Media Portable devices that plug into your computer 63. Removable media is the term used to describe any kind of portable data storage device that can be connected to your computer. For example, CDs and DVDs, floppy disks, USB flash memory sticks or pens, zip drives, portable hard drives, palmtop computers, cameras, Smartphones and Trust supplied Tablet computers. The first of these to be addressed are memory sticks. Memory Sticks 64. These devices are capable of storing great amounts of information but because they are so small, they can easily be misplaced or lost. Your organisations will provide you with an encrypted memory stick if this is a requirement of your job role. The memory stick will be password protected and therefore minimise the risk of lost memory sticks being accessed. A read only function is available to all non-encrypted memory sticks. 65. Always remember that a memory stick is not meant to be a permanent storage device but a means of transporting data from one place to another, where it should be uploaded and deleted from the stick. Personal Digital Assistants (PDA) / Pocket PC (PPC) Security 66. Placing password protection onto your PDA/PPC will ensure the integrity and confidentiality of its data remains secure. It is easy to set up the password and once set, if required, can be unset. 67. Consideration must be given to any data residing on the devices - first and foremost any confidential data. This can take the form of memo s s, and contacts. Also any documents attached to saved s. If your device is not secured by password protection then any data is on open view. This may lead to the release of confidential data or even identity theft. Code of Conduct for Handling Personal Identifiable Information July July

15 68. PPC PPCs have an option to add a password to lock the device, on later models this option includes various levels of encryption from Lite the loosest level to the extremely robust AES level. 69. PDA Palm security is found on the Main Menu, this generally allows you to mark data such as cendar/ memos as private and hides them. You can also attach a password to the files for extra security. Apart from the password above you can also set an access password which locks the device. Tip Tip Losing your device isn t as difficult as you think, make sure you have your Owner Information details on your device complete, or stick a return address label to the back. That way there is a chance that the device will be returned to the rightful owner. Ensure you synchronise your PDA / PPC to your PC regularly. This will aid any recovery of data if your device is stolen, lost or is broken. Smartphones 70. Smartphones have the capability to act as mass storage devices, able to store Gigabytes of information. Transfer of PID should be facilitated by the use of the Trust supplied encrypted memory sticks as mentioned in section 64. When using a smartphone to access NHSMail please consult with Connecting for Health Guidance to ensure your smartphone model complies with encryption for Data at rest before saving s which contain PID. Tablet Computers 71. Tablet computers (such as ipads) can be provided by WHIS if sanctioned by your Trust. The security around these devices will be applied before you receive the equipment but you still have the responsibility around the physical security of the item. 72. These devices can hold vast amounts of information and if you lose the equipment you will also lose the data it contains. If it s personal data the consequences could be damaging, both to the individuals and the reputation of your organisation. Therefore, this Code of Conduct is against holding unencrypted data on any removable media and your organisation will have a system for encrypting the data stored on these devices. For further information contact the WHIS Information Security Manager See Useful Resources & Contact - Appendix When the information is no longer required the information should be reformatted, erased or destroyed in accordance with the Guidelines for Deleting Data on Electronic Media, available from the WHIS Security website see Appendix 4. Use of the system Ensure that the contents are appropriate, legal, not offensive and secure. 74. You are responsible for the contents or your s. Ensure that the content is not sexually or racially offensive, or otherwise illegal. Do not put anything in an that you could not justify at a later date, or say to someone face to face. Become familiar with your organisation s Internet & Usage Policy so you know what you are allowed to do. Code of Conduct for Handling Personal Identifiable Information July July

16 Sending personal identifiable information in an 75. NHS mail is considered to be a secure system when communicating with other NHS organisations that have NHS connection. The guidance when sending personal information in form is very explicit. The best way to send personal information by is if BOTH the sender and the recipient have an NHS mail account where the address ends address. However, some partner organisations have their own secure accounts that are compatible with NHS mail, for example, the police and local authority, and s can be sent securely from NHS mail see Table on Appendix This does not apply to addresses that end in nhs.uk. However, recent changes mean that it is permissible to send personal information address to address in Wirral only see Table on Appendix 3. Otherwise, the information must be encrypted using the preferred organisational encryption method. Further advice can be sought from the WHIS Information Security Manager or WHIS Information Governance Facilitator see Appendix 4 Useful Resources & Contacts. Remember to follow the Caldicott Principles at all times and only use the minimum personal information necessary. 77. Do not disclose your password to anyone under any circumstances. Remember to log out of the system when you are leaving your computer to avoid information being entered or deleted inappropriately. 78. It is also inappropriate to access the s of anyone who has left their computer logged on and unprotected. 79. Wirral statutory health organisations have an usage policy, which will provide full detailed guidance. You should become familiar with this policy and any changes that are made. 80. The information contained in s may be subject to public disclosure under the Freedom of Information Act Unless the information is legally exempt from disclosure, the confidentiality of s and any replies cannot be guaranteed. Texting to patients Does the phone still belong to the original owner numbers change 81. Whilst there may be benefits to both patients and the organisation from texting appointment reminders to patients, this is not a secure method of communication. It is good practice to ask patients at first point of contact if they agree to receiving texts as appointment reminders (for example) and given the opportunity to decline. Only the minimum information should be used and should not include names, treatments, clinic or anything else that may alert anyone other than the owner to the nature of the text, or anything that may identify the recipient. Texts should include a prompt for the recipient to erase the message when no longer required. NHS mail should be used wherever possible to send texts. Text messages between colleagues that include personal information about patients is discouraged. However, a text system could be tailored to a specific need following advice and guidance from the WHIS Information Security Manager. Code of Conduct for Handling Personal Identifiable Information July July

17 Indiscreet conversations Take care what you say and where you say it no gossiping 82. Always consider your surroundings when discussing personal information, especially when using mobile telephones. It is not appropriate to discuss personal information in public places where you might be overheard. This includes meetings and during informal discussions with colleagues. In these situations, if you do not need to the individual by name - then don t. 83. If your department uses answer-phones that record messages, ensure that they are situated in areas where they cannot be overheard by unauthorised people when they are played back. 84. During ward rounds (or visits to nursing homes) when patient s details are being discussed, staff should bear in mind that they may be overheard by other patients who are in the same room. Whilst it is appreciated that it is difficult to manage confidentiality in situations like these, staff are expected to be aware of the possible problems and do all they can to respect the patient s rights 85. Real patient-identifiable data should not be used in training, testing systems, or demonstrations without explicit consent from the Caldicott Guardian. Consent for this will only be given in exceptional circumstances Social Networking Sites 86. Guidance regarding the use of social networking sites varies within different Wirral organizations so consult with your manager and organizational policies for local guidance. Faxing information Where is the recipient s fax located? 87. When sending faxes that contain personal identifiable information try to use a designated Safe Haven fax wherever possible. A designated Safe Haven is a place where a fax containing confidential information can be sent safely in the knowledge that procedures are in place at the other end to ensure its security. NHS organisations have adopted the principle of Safe Havens, and every effort should be made to use them wherever possible. If you are faxing to a non-safe Haven fax the procedures below should be followed: telephone first to inform the recipient that you are faxing confidential information ask if they could wait by their fax machine whilst you send it:- ask if they could telephone to acknowledge receipt Always double check that you have keyed in the right number before hitting the send key Regularly used numbers should be programmed into your fax machine which would decrease the possibility of keying the wrong number 88. Your organisation may have guidelines for faxing confidential information that will be obtainable from the Information Governance Lead, or you can access a copy of Fax Facts from the Information Governance Facilitator for WHIS see Appendix 4 Useful Resources & Contacts. Code of Conduct for Handling Personal Identifiable Information July July

18 Record keeping best practice Factual, consistent, accurate, relevant and useful 89. Good record keeping is of primary importance and is part of data quality assurance. The familiar term the quality of the data is only as good as the person who inputs it is very relevant. Each Wirral NHS organisation has a detailed records policy that employees must follow, but as a general rule patient records should: Be factual and accurate. Notes should be: written as soon as possible after an event has occurred, providing current information on the care and conditions of the patient; written clearly, legibly and in such a manner that they cannot be erased written in such a manner that any alterations or additions are dated, timed and signed in such a way that the original entry can still be read clearly accurately dated, timed and signed or otherwise identified, with the name of the author being printed alongside the first entry readable on any photocopies written, wherever applicable, with the involvement of the patient or carer clear, unambiguous, (preferably concise) and written in terms that the patient can understand. Abbreviations, if used, should follow common conventions consecutive (for electronic records) use standard coding techniques and protocols written so as to be compliant with the Race Relations Act and the Disability Discrimination Act. Be relevant and useful Identify problems that have arisen and the action taken to rectify them Provide evidence of the care planned, the decisions made, the care delivered and the information shared Provide evidence of actions agreed with the patient (including consent to treatment and / or consent to disclose information And include Medical observations; examinations, tests, diagnoses, prognoses, prescriptions and other treatments Relevant disclosures by the patient pertinent to understanding cause or effecting cure/treatment Facts presented to the patient Correspondence from the patient or other parties Patient records should not include Unnecessary abbreviations or jargon Meaningless phrases, irrelevant speculation or offensive subjective statements Irrelevant personal opinions regarding the patient, relatives or carers Code of Conduct for Handling Personal Identifiable Information July July

19 Security Incident Reporting It s not just for slips, trips and falls. 90. It s important that you report any breach (or near breach) of information security appropriately. Security breach could include any of the following, but the list is not exhaustive and may include other incidences not mentioned. Theft or loss of computer equipment or removable media Unattended or lost confidential documents Loading non-trust software onto computers Sharing passwords Leaving computers logged on and unattended Transferring personal information using an insecure method Patient details being sent to the wrong location. 91. If you are aware of an incident, please complete your Trust Incident Report Form in the same way you would for slips, trips and falls. By reporting information security incidents you are ensuring the Trust provides an up to date secure environment for its information, one which will instil confidence in your organisation s ability to protect the privacy of personal information. Legal implications The laws of the land have to be upheld Common Law Duty of Confidentiality Data Protection Act 1998 Access to Health Records Act 1990 Crime and Disorder Act 1998 Human Rights Act 1998 Public Interest Disclosure Act 1998 Health and Social Care Act 2001 Freedom of Information Act 2000 Computer Misuse Act 2000 Childrens Act 1989 Disability Discrimination Act 1995 Race Relations (amendments) Act 2000 The Data Protection Act 1998 is designed to control the use, storage and processing of personal data in any format - especially where there is a risk to personal privacy. Patients and staff should be aware that their information will be stored and processed either manually or electronically on a computer. Each NHS organisation has an Information Governance Lead and/or a Caldicott Guardian. If you are in doubt regarding the handling of patient-identifiable information, ask the advice of your manager or, if necessary, contact the Information Governance lead or Caldicott Guardian for your organisation to ask for clarification. This policy has been adopted by all NHS organisations in Wirral and forms part of the Contract of Employment. Breaches of this Code of Conduct could be regarded as gross misconduct and may result in serious disciplinary action up to and including dismissal. Code of Conduct for Handling Personal Identifiable Information July July

20 NHS organisations and general practices are registered under the Data Protection Act 1998, and careless or deliberate misuse of personal identifiable information may result in prosecution for that organisation, and in some cases, of the individual concerned. Common Law Duty of Confidentiality All NHS bodies and those carrying out functions on behalf of the NHS have a common law duty to support professional ethical standards of confidentiality. Everyone working for or with the NHS who records, handles, stores or otherwise comes across information that is capable of identifying an individual patient, has a personal common law duty of confidence to patients and to his or her employer. This also includes students, voluntary staff and trainees on placements. It is recommended that such staff sign a confidentiality agreement. Code of Conduct for Handling Personal Identifiable Information July July

21 ACCEPTANCE OF THE GUIDANCE OUTLINED IN THE CODE OF CONDUCT FOR HANDLING PERSONAL IDENTIFIABLE INFORMATION I have read the Code of Conduct for handling personal identifiable information and understand the contents. I agree to abide by the rules outlined in the Code. I understand that if I am guilty of a breach of the Code of Conduct, this could be regarded as Gross Misconduct and may result in serious disciplinary action being taken against me, up to and including dismissal. Please return the signed copy to your Manager Signature: Name: Department: Tel No.: Extension: Date: Code of Conduct for Handling Personal Identifiable Information July July

22 APPENDIX 1 THE 6 CALDICOTT PRINCIPLES FOR HANDLING PERSONAL IDENTIFIABLE INFORMATION 1. Justify the purpose Every proposed use or transfer of personal identifiable information within or from another organisation should be clearly defined (and reviewed if continuing). 2. Do not use personal-identifiable information unless it is absolutely necessary Personal identifiable information items should not be used unless there is no alternative. 3. Use the minimum necessary personal-identifiable information Where use of personal identifiable information is considered to be essential, each individual item of information should be justified with the aim of reducing identification. 4. Access to personal identifiable information should be restricted on a strict need-to-know basis Only those individuals who need access to personal identifiable information should have access to it, and they should only have access to the information items they need to see. 5. Everyone should be aware of their responsibilities Action should be taken to ensure that all staff are aware of their responsibilities and obligation to respect personal confidentiality. 6. Understand and comply with the law Every use of personal identifiable information must be lawful. There is a Caldicott Guardian for each of the following Wirral NHS organisations The Clatterbridge Cancer Centre NHS Foundation Trust Wirral Community NHS Trust Wirral University Teaching Hospital NHS Foundation Trust Code of Conduct for Handling Personal Identifiable Information July July