A Framework for the Safe and Secure Use & Management of Community Pharmacy NHSmail including Generic Mailboxes

Transcription

1 A Framework for the Safe and Secure Use & Management of Community Pharmacy NHSmail including Generic Mailboxes

2 Contents 1 Introduction 3 2 NHSmail Acceptable Use Policy 3 3 Objectives 4 4 General Principles 4 5 Caldicott Principles 5 6 Format for 5 7 Roles and Responsibilities 6 8 Relevant Documentation 10 9 Standard Operating Procedure (SOP) Development 10 2

3 1 Introduction NHSmail is a national and directory service, provided free of charge for NHS staff and developed specifically to meet BMA requirements for clinical between NHS organisations. In addition to having all of the facilities associated with a professionally managed local service, it has the facility of Generic Mailboxes, which for clinical services, supports patient identifiable data flows, and for non-clinical departments supports the transfer of sensitive information. The establishment of a secure service through NHSmail gives us the opportunity to use this service to send any sensitive information to other NHS colleagues. The NHSmail service uses encryption and other security measures to ensure that the information is protected in transmission, from the sender pressing the "send" button to the recipient opening the mail. The transmission of the information is only one part of the process, the steps taken before and after the transmission have to be clear and people's responsibilities have to be established to ensure that the security of this sensitive information is maintained throughout the process. All users agree to the terms and conditions of the Acceptable Use Policy upon registering their NHSmail account 2 NHSmail Acceptable Use Policy As part of the registration you must explicitly agree to abide by the Acceptable Use Policy (AUP). If you do not abide by the AUP then you may have your account suspended or closed. The NHSmail Team reserve the right to update the Acceptable Use Policy document as necessary. The Acceptable Use Policy can be accessed from within the NHSmail website by means of a link at the bottom of every page within the Tools view and the Folders view. A current copy is enclosed. Processes must be in place within the pharmacy to ensure that any changes made as detailed above are identified, communicated appropriately and acted upon when necessary. 3

4 3 Objectives The objectives of this document are to; 1. Define the purpose of sending sensitive information by 2. Define the roles and responsibilities of those involved 3. Provide a framework, which will ensure that the confidentiality of patient information is maintained. 4 General Principles The general principles which underpin the use of NHSmail are as follows: 1. The information will only be accessed by a restricted number of staff who have been made aware of the confidential nature of the data. 2. The staff will be given access to a minimum of information containing only information agreed in this document. 3. Patient identifiable information will be considered as strictly confidential. 4. Breaches of confidentiality will be considered as contravention of Caldicott Guidelines and the Data Protection Act There must be a Standard Operating Procedure (SOP) in place to cover all aspects of the management and use of with particular reference to maintenance of confidentiality. The maintenance of this SOP will be the responsibility of named Generic Mailbox Owner(s). 4

5 5 Caldicott Principles The following Caldicott Principles must be adhered to when handling patient identifiable and confidential information: Justify the purpose: every proposed use or transfer of patient identifiable information within or from another organisation should be clearly defined Do not use patient identifiable information unless it is absolutely necessary: patient identifiable information items should not be used unless there is no alternative. Use the minimum necessary patient identifiable information: where use of patient identifiable information is considered to be essential each individual item of information should be justified with the aim of reducing identification. Access to patient identifiable information should be restricted on a strict need to know basis: only those individuals who need access to patient identifiable information should have access to it and they should only have access to the information items they need to see. Everyone should be aware of their responsibilities: action should be taken to ensure that all staff are aware of their responsibilities and obligations to respect patient confidentiality. Understand and comply with the law: collection and every use of patient identifiable information must be lawful. 6 Format for The message must be identifiable for what it is, so that the recipient can identify it easily and take subsequent action. Sending Party: Message Title: Message Body: Attached Documents: All sending accounts used in community pharmacy must Specify a title to help identification e.g. " Prescriptions for collection from ABC Medical practice" Specify the purpose of the message and fully identify the sender name and contact details by means of an added standard signature. Describe the documentation that will be sent specifying the title and format of the documents to help identification e.g. "NHS Lothian ABC 5

6 7 Roles & Responsibilities 7.1 Personnel details/generic Mailbox (GM) access changes Those communicating and administering clinical workflows must have valid up-to-date directory entries that clearly describe role and function within the pharmacy. When the pharmacy GM was initially created, the details of all staff members authorised to have access was uploaded to the national NHSmail Directory. To enable updating of the NHSmail directory entries and to ensure pharmacy confidentiality, it is vital that any change to staff GM access is recorded and reported promptly. When a new member of staff joins the pharmacy they may require an NHSmail account and access to the pharmacy Generic Mailbox. When an existing member of staff leaves the pharmacy their access to the GM must be removed It is the responsibility of the GM owner to inform the health board LOA (Local Area Administrator) of all changes in a timely manner. Should there be changes to the GM owner it is the responsibility of the current GM owner to initiate all the changes required. The GM owner should contact NHS Lothian Local Authority Administrator (LOA) by directory.services@nhslothian.scot.nhs.uk and provide the following information New Member of Staff Full Name(including any middle initials) Job title - Position in Pharmacy Contractor Code Pharmacy Name Previous Contractor Code (if applicable) Previous Pharmacy name (if applicable) Staff member leaving Full Name(including any middle initials) Job title - Position in Pharmacy Contractor Code Pharmacy Name Remove from pharmacy GM Remove from Lothian directory (if applicable) Directory services operating hours are Monday Friday Changes will be processed the same day if received before noon and the next working day if received in the afternoon. 6

7 7.2 Access responsibility It is essential that all communications, including electronic mail in the pharmacy Generic Mailbox, are dealt with in a timely manner and acted upon as required. For this reason the GM must be checked at least three times daily spread across the working day. Nominated member(s) of staff should be allocated this task and at least one member of staff with this responsibility should be on duty throughout the pharmacy hours of business. NB. Staff authorised to access more than one pharmacy GM (e.g. locums and relief pharmacists), must ensure that they access the correct GM for the pharmacy in which they are working on that day. In extraordinary circumstances e.g. if no nominated member(s) of staff is on the pharmacy premises, clear instructions should be left to allow the Responsible pharmacist on duty to be able to access and use the locum account. The Locum Account log in and password must be stored securely and a documented process should be in place to ensure that if it has been used the NHS Lothian LOA is informed in order that a new password for the Locum account is issued. The LOA should be informed by directory.services@nhslothian.scot.nhs.uk on the next working day. Please provide the following information: Name of Pharmacy Contractor Code Lead Pharmacist Name and Pharmacy Address A letter will then be sent to the Lead Pharmacist/GM owner containing the new account password for the reset Locum account in a sealed envelope to be stored securely ready for use should further extraordinary circumstances occur. 7.3 IT security rules To ensure the security and confidentiality of GM data at all times, NHSmail personal passwords must not be shared. (see NHSmail Acceptable Use Policy. NB The section detail is subject to change therefore always access the most up to date version on-line from within the NHSmail website by means of the link at the bottom of every page within the Tools view and the Folders view.) 7

8 7.4 Sending As a Sender you must have processes to define How the information will be prepared and by whom When the information will be sent To whom the information will be sent How each outcome is dealt with i.e acknowledgement, lack of acknowledgement, incorrect recipient, failure of transmission Arrangements to cover times of absence. For the purposes of audit, it is important that users sending mail from the GM are identified appropriately. A signature including pharmacy address, phone and fax numbers must be included in outgoing messages as standard. The name of the message creator must also be added with Patient Identifiable Information NHSmail encrypts messages in transit, however content could be read by unauthorised personnel, before it is sent and/or after it has arrived at its destination. Procedures must be put in place to ensure the security of information while held on the pharmacy computer systems at both ends of the transmission. When sending patient identifiable information the Caldicott Principles must be considered (See Section 5 of this document) Clinical information should not be sent as an attachment unless a process has been agreed by the sender and the recipient. This process has to be agreed in advance of any communication. 8

9 7.5 Receiving As a Recipient you must have processes to define How acknowledgement of receipt will be done What is to be done with the information on receipt: print, store, copy To whom the information is to be made available following receipt How each outcome is dealt with i.e. need for acknowledgement, lack of receipt, incorrect receipt failure of transmission situations. Arrangements to cover times of absence Mail received into a Generic Mailbox must not remain there indefinitely i.e. opened mail should not be stored in the GM, it must be read and dealt with as appropriate. GM Owners must define a storage policy for mail which needs to be retained e.g. separate folders for different types of mail can be set up and actioned mail stored there. Items no longer required should be deleted, with the Deleted Items folder cleared regularly. All mail held in NHSmail counts towards the allocated storage capacity quota. GMs are allocated a 200Mb quota. Failure to manage this quota will result in inability to send or receive mail. is a method of communication, not a storage facility. NB Documents saved in the My Documents area of a PC are not encrypted therefore business related communication would be at risk in the event of a hard-drive theft Due to lack of encryption, NO patient identifiable or clinical information should be saved into the My Documents area of the PC In the event of a hard-drive failure, all documentation saved in My Documents would be lost if not backed up elsewhere All pharmacies should have a policy for the secure storage of confidential data and the storage of should be within this policy. 9

10 8 Relevant Documentation This framework has been drawn up taking into account the following Guidance documents; Caldicott Report as adopted by NHS Scotland. NHS Scotland Good Practice May Good-Practice-Guide-May-2012.doc.pdf NHS Scotland Information Security Policy %20Policy%20and%20Standards.htm#_Toc Standard Operating Procedure A Standard Operating Procedure (SOP) for the operation and management of the Generic Mailbox must be developed and NHS Lothian PCCO informed that this is in place and is operational. The GM owner has responsibility to ensure that this SOP is maintained and updated when any change is made to NHSmail or to processes within the pharmacy. Useful contacts Connection Issues: A problem with the pharmacy N3 connection will result in an inability to access the NHSmail web address. A check should be made to establish if other web sites can be accessed e.g. BBC, Google. If the pharmacy has lost Internet connection, a call should be raised with the epharmacy Helpdesk on specific issues contact : NHS Lothian ehealth Service Desk on Service-Desk.ehealth@nhslothian.scot.nhs.uk 10