your hospitals, your health, our priority STANDARD OPERATING PROCEDURE: Safe Haven Procedure TW SOP 3 SOP NO: VERSION NO:

Transcription

1 STANDARD OPERATING PROCEDURE: Safe Haven Procedure SOP NO: VERSION NO: APPROVING COMMITTEE: DATE THIS VERSION APPROVED: TW SOP 3 3 Information Governance Committee July 2013 RATIFYING COMMITTEE: DATE THIS VERSION RATIFIED: July 2013 PARC (Policy Approval and Ratification Committee) AUTHOR(S) (JOB TITLE) DIVISION/DIRECTORATE Information Governance IM&T TRUST WIDE SOP (YES/NO) LINKS TO OTHER POLICIES, SOP S, STRATEGIES ETC: Yes TW Information Governance Policy Date(s) previous version(s) approved (if known): Version:2 Date: April 2011 DATE OF NEXT REVIEW: July 2016 Manager responsible for review (Job title) N.B. This should be the Author s line manager Head of Information Governance your hospitals, your health, our priority

2 AT ALL TIMES, STAFF MUST TREAT EVERY INDIVIDUAL WITH RESPECT AND UPHOLD THEIR RIGHT TO PRIVACY AND DIGNITY Contents Page No. 1. Introduction 2 2. Definitions Safe Haven Personal Information Sensitive Information Bulk / Batch Data 3 3 Physical Security 4 4. Transfer of information by post Receiving confidential post Sending mail externally Sending mail internally 5 5. Transfer of information by fax 6 6. Transfer of information by Sending personal / sensitive information by Transfer of data using NHS Secure File Transfer Service 7 8. Transfer of information to supplier / third party 7 9. Transfer of information via telephone Transfer of information verbally via face to face conversation Transfer of information via notice boards / whiteboards Transfer of paper health records / casenotes Electronic information Disposal of sensitive / personal / confidential waste Incident Reporting Human Rights Act Accessibility Statement Audit Monitoring and Review Equality & Diversity 11 Appendices App 1: Staff Guidance regarding Clear Desk / Screen 12 App 2. Monitoring and Review Template 13 1

3 1. Introduction 1.1 Everyday the Trust collects vast amounts of personal and sensitive information about patients and staff. This information is not the property of the Trust; it belongs to the people who we collected it from and we are the data custodians of this data. We are responsible for the safe keeping and security of all information that we process. 1.2 As a data collector and information user, you are responsible for ensuring that you process this information with care and respect. If is your responsibility to protect this information from those who are not authorised to use it or view it. You must ensure that whilst in your care and when transporting this information to somebody else it is done so securely with an associated information risk assessment (if necessary) in order to comply with the Data Protection Act 1998 and Caldicott principles. 1.3 Therefore, all NHS organisations require safe haven procedures to maintain the privacy and confidentiality of the personal and sensitive information they process. The implementation of these processes facilitates compliance with legal requirements placed upon the Trust. 1.4 This procedure provides you with advice and guidance on how to transport personal and sensitive information securely using safe haven processes. It sits under the Information Governance Policy.If you require further advice and guidance, please contact the Information Governance Department. 1.5 The principles for transporting / transferring information are: 1. Information should only be transferred for a justifiable purpose 2. The transfer should only take place when absolutely necessary 3. Only the minimum amount of information necessary must be transferred 4. The information transferred should be on a need to know basis 2. Definitions 2.1 Safe Haven The term Safe Haven is a location (or in some case a piece of equipment) situated on Trust premises where security arrangements are in place to ensure personal and sensitive information can be transported securely. 2.2 Personal Information This is data falling into one or both of the categories below. 2

4 A. Any information that links one or more identifiable living persons with information about them whose release would put them at significant risk of harm or distress. 1. one or more of the pieces of information which can be used along with public domain information to identify an individual Name / addresses (home or business or both) / postcode / / telephone numbers / driving licence number / date of birth [Note that driving licence number is included in this list because it directly yields date of birth and first part of surname] combined with 2. information about that individual whose release is likely to cause harm or distress Sensitive personal data as defined by s2 of the Data protection Act, including records relating to the criminal justice system, and group membership DNA or finger prints / bank, financial or credit card details / mother s maiden name / National Insurance number / Tax, benefit or pension records / health records / employment record / school attendance or records / material relating to social services including child protection and housing 3 These are not exhaustive lists. Departments should determine whether other information they hold should be included in either category. B. Any source of information about 51or more identifiable individuals, other than information sourced from the public domain. This could be a database with multiple entries containing facts mentioned in box 1, or an electronic folder, disc, or paper records containing 51 or more records about individuals. Again, this is a minimum standard. Information on smaller numbers of individuals may warrant protection because of the nature of the individuals, nature or source of the information, or extent of information. 2.3 Sensitive information Sensitive information is classed as follows: 1. Health or physical condition (this is the main type of information the Trust processes 2. Sexual life 3. Ethnic origin 4. Religious beliefs 5. Political views 6. Criminal convictions This type of information requires further protection than personal information. 2.4 Bulk data / batch data Bulk data or batch data is personal and / or sensitive information relating to 50 or more individuals. 3 Physical Security 3.1 Door and windows should be locked when the room is unattended and external protection should be considered for windows, particularly at ground level. 3.2 Manual paper records (including casenotes) which contain personal and sensitive information and business confidential information must be locked in cabinets / cupboards / offices when not in use to prevent unauthorised access. They must not be left in areas

5 4 Safe Haven Procedure TW10 /110 SOP 3 where unauthorised access could occur, for example, hospital corridors, ward areas where access to notes is easily obtainable 3.3 Computer / laptop screens must not be left unlocked or left with personal / sensitive information on view. You must use a secure screen saver function / log off or close down if no longer in use. 3.4 Restrict and secure access to rooms / offices where personal and sensitive information is left unattended. If a room can be locked which does not compromise patient care then lock it. In areas where access cannot be restricted, for example, reception desks, patient information must not be left on view. If you have concerns about this, please complete an information risk assessment. 3.5 Only have the minimum amount of information necessary on your desk for you to carry out your work particularly in shared office spaces, ward areas (usually known as Clear Desk/Clear Screen See Appendix 1). All information containing personal / sensitive or business confidential information must be securely locked away when not in use. Access codes and keys must also be stored securely which allow access to this information. 3.6 Do not walk away from a computer / laptop or device leaving personal / sensitive information exposed. 3.7 Do not use insecure postal box locations / pigeonholes ensure post is delivered and collected from secure areas 3.8 If documents containing personal / sensitive information come into your possession and you are not the intended recipient, you must inform the intended recipient immediately informing them it was sent in error. Please report this incident on DatixWeb. Await instructions from the IG Department before sending the information back. 4 Transfer of information by post The Trust is moving towards paper-lite and paper-less methods of processing personal / sensitive information. However, a vast majority of personal / sensitive information is still sent via internal and external post. External mail / post / parcels this is paper mail / packages / post sent or received from outside the Trust via Royal Mail or specified courier Internal mail / post / parcels this is paper mail / post / packages sent internally across the Trust sites. 4.1 Receiving confidential post Confidential information mail is to be opened away from public areas and by addressee or designated personnel only. Envelopes marked Private and Confidential and / or Confidential should be opened by the named staff member or department (if no staff member is named) who has a need to know. Where information needs to be restricted to a named individual, for example, human resource information, the envelope must be addressed Private and Confidential to be opened by the recipient only. 4.2 Sending mail externally Sending mail to patients post that is sent out to patient should be addressed clearly and marked Private and Confidential. The patient s name and correct address with postcode must be stated. Sending mail to staff in another organisation All post must be addressed clearly by ensuring the recipient s name is stated, their job title and the address where the

6 correspondence is being sent. When sending out information in the post where the recipient might not be clear as to the identity of the sender, staff should ensure that either a compliment slip is included or that the enclosure / letter clearly states the name, title and contact details of the sender. Please note ensure the following must be adhered to when sending personal / sensitive information: 1. Ensure the seal of the envelope / package is tamper proof. For example, a piece of sellotape / sticky tape over the seal rather than using the seal itself to close the envelope. A return label over the seal is also good practice. This informs the receiver (who is not the correct recipient) who to send it back to and acts as a tamper seal. Self seals often come unstuck and loss of data can occur. 2. Record what you have sent so you can track and remember when you sent it, in case of loss or queries. 3. For batches / bulks of personal / sensitive data use recorded delivery and / or courier. Always get confirmation of receipt. As the Trust is moving toward using Paper-lite methodologies, consider using electronic methods to securely transport the information rather than using paper methods. 4.3 Sending mail internally Internal mail envelopes are normally used to transport mail internally from one department to another. Before using internal envelopes to send personal and sensitive data on paper, please consider using electronic methods to send this securely. However, if you are using internal mail to send personal / sensitive information, please ensure the envelope is clearly labelled with the recipient s name, job title, department and base. Please use a blank envelope and not the internal envelopes used which have printed squares on as often mail is lost using these envelopes. These envelopes are not ideal as you are instructed to tuck the lip of the envelope into the envelope and not to seal. Please do not follow these instructions and ensure envelopes are always securely sealed and clearly labelled. It is also good practice to use 2 envelopes when sending personal / sensitive information via internal mail. 5. Transfer of information by fax 5.1 Faxes are commonly used to send / receive personal / sensitive information however this is one of the highest risks regarding breaching patient confidentiality and the Information Commissioners Officer (ICO) have served monetary penalties to organisations who have sent faxes to an incorrect numbers. Therefore, you must ensure electronic methods are used as a first priority to send personal / sensitive information rather than faxing this information. To add, the Trust are phasing out the use of fax machines in order to support the paper lite initiative. 5.2 Faxing personal and sensitive information must only be used when patient safety or their care and treatment is jeopardised and no other method of communication will suffice. This must be risk assessed in all cases. If you require further information, please contact the Information Governance Department. 5.3 Please also refer to the Faxing What to do guidance document that is associated with this procedure. 5

7 6. Transfer of information by Please refer to the IT Acceptable Use Policy for further information about the use of at the Trust. 6.1 Sending personal / sensitive information by Transfer of personal / sensitive information by must be avoided unless the is encrypted. You can use NHSmail or the Trust encrypted service for external recipients. Sending s internally is secure but if you are sending personal / sensitive data, please put this information into an attachment (for example, excel spreadsheet or word document), password protect this attachment and then send to the recipient. To find out more how to use the Trust encrypted service please visit the IT Training pages. Before you send personal / sensitive information using an encrypted , you must: 1. Double check that you have the correct recipient(s) before pressing Send secure. s containing personal and sensitive data sent to wrong recipient even if this is WWL member of staff are a breach of confidentiality if the other member of staff did not need to see the personal / sensitive information. 2. Mark the message confidential and request a read receipt. 3. Be aware that your can be forwarded by the initial recipient to third parties. Inform them if they are not to disclose the information further. 4. Use the minimum amount of personal information, particularly in subject titles and document names. 5. Any attachments containing personal / sensitive data must be password protected. Do not include the password for the attachment in the same as the attachment. Send a second with the password in or telephone / use communicator to inform the recipient of the password. 6. When in receipt of personal / sensitive information, remove it from your system as soon as possible and file it in a network folder if required. 7. Do not keep personal / sensitive data on for longer than is necessary 8. If you allow delegate access to other people to your inbox, consider whether they need to see any personal / sensitive data you receive. 9. Anonymised information can be sent via outside the Trust 7. Transfer of data using NHS Secure File Transfer Service The Secure File Transfer (SFT)isprovided by the NHS to allow members of the NHS to securely exchange patient identifiable data or NHS business information between nhs.net (NHSmail) addresses. Usage must be in accordance with Caldicott guidelines and patient consent must be sought where appropriate. All files sent via this utility are held encrypted on a database for a maximum of 3 days, after which they are purged to release space on the server. For added security, users must register their address prior to using this utility to either download or upload files. To obtain an NHSmail (@nhs.net) address, staff will be required to contact the IT Department to request one. The Secure File Transfer service can be used to transfer files up to 1GB in size. For additional information, please visit the Secure File Transfer online help page. 8. Transfer of information to suppliers / third parties Transfer of personal, sensitive or confidential business information must be duly authorised. It is now a mandated requirement that all NHS organisations are required to ensure there are no transfers of unencrypted personal / sensitive or business critical information. If you need to transfer information to and from a third party which contains personal / sensitive or business confidential information, there are 3 authorised Trust methods of transfer. You must complete a Data Transfer Request From (Appendix 1) 6

8 7 which will need to be authorised. 8.1 Data Transfer Options Option 1 Transfer via secure (256 Bit AES encryption with 64 character high strength password) ZIP file over unsecure Internet to supplier s unsecure FTP server Option 2 Transfer via secure (256 Bit AES encryption with 64 character high strength password) ZIP file over unsecure N3 to another NHS Organisation on N Option 3 Transfer using a secure courier service (using the process as described in Appendix 1 via secure (256 Bit AES encryption with 64 character high strength password) ZIP file stored on a: USB Encrypted Memory Stick Hard Disk Encrypted Compact Disc Media Digital Versatile Disc Tape Media The Transfer of patient/clinical data must be authorised by: The Information Asset Owner The Caldicott Guardian Information Security Manager and / or Information Governance Department The Transfer of business data must be authorised by: The Information Asset Owner The Senior Information Risk Owner Information Security Manager and / or Information Governance Department If you do not obtain authorisation from the above regarding the data transfer then the process will not be undertaken. Please contact IT Services who will advise you of the best method of transfer the data. 9 Transfer of information via telephone Please follow the guidelines below when discussing confidential information on the telephone. What information can be provided to relatives / legal representatives? 1. Check the identity of the caller and the patient s full name who they are enquiring about. Ask if you can call them back to confirm their identity. 2. Ask the patient if you can provide information to callers and check which callers you can provide information to if they telephone asking for information. If you are unable to seek consent from the patient then please seek the advice from a senior member of staff regarding whether information can be disclosed in the patients best interests. You may also what to set up a password system that only callers who know the patient know and inform you off when they telephone.

9 8 3. If you ever unsure, do not disclose the information and contact the Information Governance Department for advice and guidance. What information can you give to the police? 1. Always refer the request to the Access to Health Records Department / Information Governance Department or a senior clinician in charge when police ask for information about a patient. If you have the patients consent and this is documented, you can release. However, the police do try to obtain information by not following the correct process under the Data Protection Act Always seek advice. What information can you provide to other NHS staff? 1. First of all are they a member of staff check their identity so name, department and nature of the enquiry and telephone them back. If you are unsure of the caller s identity, contact the Information Governance Department. 2. Second, ask why they need the information. If they are providing patient s care and treatment then information can be shared with them as long as the patient has been informed. If not, do they need to know the information and have a justified reason for asking for the information remember the Caldicott principles. 3. If there is a genuine need for clinical information to be released be aware of others who may be listening. Ensure you cannot be overheard. What information can be provided to patient s employers? 1. No information can be provided to the patient s employers without the explicit consent of the patient concerned. Please contact the Information Governance Department for advice and guidance. 9.1 Answer phone / Voice mail messages If you are required to contact a patient by telephone, obtain consent from the patient in advance to establish whether they are happy for you to leave a message. If you are required to leave a message on a patient s answer phone or voic without prior consent, for example the cancellation of an appointment at short notice, do not disclose any clinical / sensitive information. Only leave contact details and a brief message to call you back on the required telephone number. Do not leave messages for patients if there is any doubt regarding the validity of the telephone number. The information risks of leaving messages are: 1. Who might hear the message? 2. Are you sure that you have telephoned the correct number? 3. Will the recipient fully understand the content of the message? 4. Can you be certain the message has been received by the patient? 5. You may inadvertently breach patient confidentiality because the patient s friends or relatives may not know the patient is receiving health care. 10. Transfer of information verbally via face to face conversations When patients are registering for a service at a reception desk and are required to give personal information verbally ensure this cannot be overheard by others. In some areas this is more difficult, for example, A&E reception. Therefore in areas such as this where staff are faced with other risks to their health and safety, this risk is balanced against the risk of breaching confidentiality in the patients and staffs best interest. During ward rounds

10 9 Safe Haven Procedure TW10 /110 SOP 3 when patient s details are being discussed, staff should bear in mind that they might be overheard by other patients, staff, visitors etc in the area. Whilst it is appreciated that it is difficult to manage confidentiality in situations like these, staff are expected to be aware of the possible information risks and do all they can to respect confidentiality. It is not appropriate to discuss personal information in corridors, stairways and when using Trust transport facilities (staff minibus) Face to face requests for personal information You may be asked the whereabouts of a patient, e.g. if you are working on a reception area. You must ensure that the enquirer has a right to see the patient and undertake some checks to verify this as follows: Ask the enquirer regarding details about the patient such as name, relationship with the patient, location of patient Contact the relevant ward / area and confirm whether the enquirer can visit the patient (this may be via telephone / face to face) by asking the patient and obtaining consent. If consent cannot be obtained, speak to a senior member of the team on the ward / area who will then make decision whether visitor can see the patient. 11. Transfer of information via notice board / white boards 11.1 White boards and notice boards above patient s beds and in other patient areas should only display patient information when the patient has consented to this and not because staff require this information to be displayed. Other alternatives than using whiteboard / notice boards must be used such as electronic methods / systems to check status of patients on a ward. You must use confidential methods of communicating information about patients with each other If a patient has consented for their information to be displayed then the minimum amount of personal identifiers must be used, for example, initials instead of patient full name and surname. If a patient insists that they do not want this information displayed, this wish must be respected and not overruled by Trust staff. No other personal identifiable information is to be displayed on white board which is unnecessary such as address, date of birth and / or sensitive clinical details. White boards must be located in areas where unauthorised viewing cannot occur (even other members of staff do not need to see this information). They should be located in offices / rooms with a locked door / key coded access. 12. Transfer of health records / casenotes Paper health records / casenotes must be transported securely across the Trust at all times whether this be via the transport system or if they are sent with a patient to another department /ward/ They must not be sent without being securely wrapped or being placed in an securely sealed envelope. The wrapping or envelope must be securely sealed and correctly addressed with the full address of the destination they are going to. The notes must be tracked. You are encouraged to use electronic systems for the care / treatment of patients rather than using the paper notes. If they are needed, please inform the relevant department not to send them to you. For further information, please see the Health Records Policies and Procedures and the Clinical Record Keeping Policy. 13. Electronic information For advice and guidance regarding use of information systems and technology, please see the IT Acceptable Use Policy. Please adhere to the following: 1. Ensure portable equipment and media is securely locked away when not in use

11 2. Keep your passwords confidential at all times. Never disclose to anyone. Never disclose to colleagues who use the same system as you because they need access to. They must apply for access following Trust procedures. This can lead to disciplinary action. 3. Use strong passwords with a minimum of 6 characters and a mix of upper and lower case letters, numbers and characters / symbols. 4. Position computer screens / laptop screens so they cannot be viewed by unauthorised persons. 5. Always exit applications / systems when you have finished with them and always shut down fully at the end of the session / day. 6. Computer / laptops screens must be locked when you are away from your workstation / desk. To lock the screen press ctrl, alt and delete and then click lock computer or windows symbol and c and the screen will be locked. To unlock, press ctril, alt and delete and then type in your password and the screen will re-appear immediately. You do not have to wait for the computer to restart. 14. Disposal of personal / sensitive information / confidential waste 14.1 When disposing of confidential waste / paper information containing personal / sensitive or business confidential information, there are only 2 secure methods which are: Use a Shred-IT console each department is responsible to procure a console and have regular collections Use a cross cut shredder (not a single cut shredder as the strips can be stuck together to view the information which was on the paper). The cross cut paper can then be recycled or disposed off via the general waste disposal processes Never put confidential information whether this be on paper or electronic media into a general waste bin (black bags) Never put confidential waste into a bag (whether this be a green, black or blue bag) and never label the bag Confidential Waste. You are advertising the bag contains confidential waste and you must not use bags anyway to dispose of confidential waste All removable media which contains personal and sensitive information must be disposed of in a confidential manner. For further information, please see the IT Acceptable Use Policy and / or contact the Information Security Manager / IG Department For the disposal of health records, please refer to the Health Records policies and procedures (located on the policy library on the intranet) Ensure that records whether they are clinical or non clinical are kept for the minimum recommended length of time according to the Department of Health s Records Management: NHS Code of Practice (available via the Information Governance intranet pages). 15 Incident Reporting Please ensure that information governance / information security incidents are reported as soon as possible using DatixWeb. If any of the processes as highlighted in this procedure are not followed and / or breached, this is an information governance incident and must be reported immediately. For further information about reporting information governance incidents, please see the Information Governance Incident Reporting Procedure on the Trust policy library on the intranet. 10

12 16 Human Rights Act Implications of the Human Rights Act have been taken into account in the formulation of this policy and they have, where appropriate, been fully reflected in its wording. 17 Accessibility Statement This document can be made available in a range of alternative formats e.g. large print, Braille and audiocassette. For more details, please contact the HR Department on (3766)or equalityanddiversity@ 18. Audit, Monitoring and Review The processes contained within this SOP will be; audited, monitored and reviewed in line with the audit and monitoring template. 19. Equality and Diversity Assessment The completed assessment is contained within the associated Information Governance Policy TW

13 Staff Guidance regarding Clear Desk / Clear Screen Policy APPENDIX 1 The term clear desk / screen is used to ensure that when paper documents or electronic equipment / systems are used which hold personal / sensitive information these remain secure when not in use or unauthorised access is prevented. This assists to adhere to principle 7 of the Data Protection Act Clear Desk Clear Screen Outside working hours and when an area or office containing personal / sensitive and / or business confidential information is not being used or is left unattended, the information must be locked away securely either in locked cupboard / cabinet, drawers, safes or if not available the office itself must be locked to prevent unauthorised access Removable media and portable IT equipment must be securely locked away when not in use. Printers must be checked to ensure that no personal and sensitive information is left on the printer double check before you leave the area Before a patient enters a consulting room, all evidence of the previous patients information must be removed from view (medical records, test papers, samples etc) Publically accessible areas must be kept as clear as possible at all times; in particular medical records must not be left in public corridors or left in areas / stations which can be easily viewed by others / stolen or accessed. This is a breach of confidentiality and the information must be moved to a secure area. Outside working hours, users must log off and switch off computers / laptops During working hours, computers / laptops unattended for short periods of time must be screen locked ( Ctrl, Alt and Delete activates the password protected screensaver). During working hours, screens which show personal / sensitive information must be shielded from public view and other staff who do not need to see the information. 12

14 NAME OF POLICY: Safe Haven Procedure POLICY MONITORING AND REVIEW ARRANGEMENTS Para Audit / Monitoring requirement Method of Audit / Monitoring Responsible person All 1. All procedure sections 1. IGTK evidence IG Dpt 2. IG Incidents and IG Dpt Complaints Logbook 3. Confidentiality Audits IG Dpt 4. Personal Data Flow IG Dpt Mapping Analysis 5. DATIX RFI Module IG Dpt 6. IG Training Compliance IG Dpt Statistics Report 7. IG Staff Survey IG Dpt 8. IG Patient Survey IG Dpt Frequency of Audit Annually Ongoing Annually Annually Ongoing Monthly Annually Annually Monitoring committee IG Committee for all Evidence IGTK evidence Logbook Conf Audit Rpt Report IG KPI Report IG KPI Report Report Report Location IG Dpt / IG TK website Logbook IG Comm Ag & Mins IGTK website / IG Com Datix IG Comm / Trust Board IG Comm IG Comm