Information Governance

Transcription

1 Information Governance Safe Haven Procedures; Guidance for all BHR CCG Staff Fax Machines Postage Telephone Conversations

2 Fax Machines Confidential information faxed in emergency situations only Person Identifiable information (PID) is confidential Always double check the number with the recipient Always use pre-programmed numbers to avoid misdialling Contact the recipient informing them you will be sending them a Fax Ask the recipient to confirm safe receipt of information sent Chase receipt if necessary you must obtain assurance Personal details should be always be faxed separately from any clinical details. Fax Header must always be used Marked Private and Confidential, recipients name and the amount of pages you are transmitting in the fax

3 NHSmail to NHSmail is the only approved method for communicating confidential information by in the NHS The following domains only are secure when sending from NHS.net; NHS (*.nhs.net), GSi (*.gsi.gov.uk), CJX (*.police.uk or.pnn.police.uk) GSE (*.gse.gov.uk), GSX (*.gsx.gov.uk), GCSX (*.gcsx.gov.uk) HSCIC.gov (*hscic.gov), SCN (*scn.gov.uk), CJSM (*cjsm.net), HSCIC (*>hscic.uk) are secure domains that can also be used NHS.net to (e.g. is not secure If you require an NHS.Mail account, these can be provided by contacting GP IT support on floor 2 at Becketts House Confirm the address with the other party then double check for accuracy Don t forget to request a read or delivery receipt when sending the

4 Postage If you need to send hard-copy of PID, sensitive or confidential information Please ensure that: Envelopes are sealed, clearly and accurately addressed and marked Private and Confidential and Addressee Only Sign with your signature across the flap of the envelope then apply sello-tape for extra security (this will inform recipient if it has been tampered with during transit A reliable and approved courier service is to be used, however if courier service is missed; If using the post, use a service that has tracking only (Royal Mail Special Recorded delivery) Request that the recipient confirms they have received the information by adding a compliments slip asking for confirmation Recipients should ensure that any information (incoming mail) received has been delivered correctly For any transfer of Bulk person identifiable information (21 individuals or more contact IG Consultant for help, guidance and support

5 Telephone If request is from someone unknown - Confirm the name, job title, department and organisation Confirm the reason for the information request Take a contact telephone number e.g. main switchboard never a direct dial or mobile telephone number This helps to confirm identity. Check whether the information can be provided if unsure contact Caldicott Guardian If OK - Provide the information to the person who has requested it, recording what information was disclosed, to whom, time and date and justification for providing Never leave messages on answer machines detailing any person identifiable information Simply leave Name, time and a number for you to be contacted on a brief description for the purpose of your call

6 When it goes wrong ICO British Pregnancy Advice Service 7 March 2014 British Pregnancy Advice Service fined 200,000. Hacker threatened to publish thousands of names of people who sought advice on abortion, pregnancy and contraception. View a PDF of the British Pregnancy Advice Service monetary penalty notice North Staffordshire Combined Healthcare NHS Trust 13 June 2013 A monetary penalty notice has been served to North Staffordshire Combined Healthcare NHS Trust, after several faxes containing sensitive personal data were sent to a member of the public in error. View a PDF of the North Staffordshire Combined Healthcare monetary penalty notice

7 When it goes wrong ICO NHS Surrey 12 July 2013 A monetary penalty notice has been served on NHS Surrey following the discovery of sensitive personal data belonging to thousands of patients on hard drives sold on an online auction site. Whilst NHS Surrey has now been dissolved outstanding issues are now being dealt with by the Department of Health. View a PDF of the NHS Surrey monetary penalty notice Brighton and Sussex University Hospitals NHS Trust 1 June 2012 A monetary penalty notice for 325,000 has been served on Brighton and Sussex University Hospitals NHS Trust following the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff including some relating to HIV and Genito Urinary Medicine patients on hard drives sold on an Internet auction site in October and November View a PDF of the Brighton and Sussex University Hospitals NHS Trust monetary penalty notice

8 What Next? Do ensure that you annually update IG Training MANDATORY FOR ALL Do ensure you read key IG policies and all other policies relevant to your role Do not take any unnecessary risks with information if in any doubt ASK! Do report all IG IS incidents and near misses Don t be afraid to ask for help if required