Personal Data Handling and Sharing Policy



Similar documents
The Leeds Teaching Hospitals NHS Trust. Research & Development Department DATA PROTECTION IN RESEARCH GUIDANCE NOTES FOR RESEARCHERS

Personal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number.

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer:

Safe Haven Procedure for the Secure Transmission of Personally Identifiable Information

Portable Devices and Removable Media Acceptable Use Policy v1.0

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

Human Resources Policy documents. Data Protection Policy

Data Protection Policy

De-identification of Data using Pseudonyms (Pseudonymisation) Policy

Research Governance Standard Operating Procedure

Data Transfer Policy. Data Transfer Policy London Borough of Barnet

X NSW/ACT X NT X QLD X SA X TAS X VIC X WA

INFORMATION GOVERNANCE STAFF HANDBOOK

Personal Identifiable Data Security Policy

How To Share Your Health Records With The National Health Service

Access to Health Records

FISHER & PAYKEL PRIVACY POLICY

Safe and secure use of personal health information

The Care Record Guarantee Our Guarantee for NHS Care Records in England

INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY

Direct Recruitment Privacy Policy

Data Transfer Policy London Borough of Barnet

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Occupational Health Records Management and Retention Operational Policy

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs

Information Security Policy. Appendix B. Secure Transfer of Information

Introduction to the NHS Information Governance Requirements

The Care Record Guarantee Our Guarantee for NHS Care Records in England

Newcastle University Information Security Procedures Version 3

Information Governance Policy

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

Data Protection Policy

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Information Sharing Policy

Version: 2.0. Effective From: 28/11/2014

SECURITY POLICY REMOTE WORKING

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

Name of responsible committee: Information Governance Board Date issued: 15 th April 09 Review date: 14 th April 11 Referenced Documents:

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

RD SOP17 Research data management and security

Data Protection and Data security Policy

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)

Information Governance Policy (incorporating IM&T Security)

The Breastfeeding Network. Information Governance Policy

Scottish Rowing Data Protection Policy

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Accessing Personal Information on Patients and Staff:

How To Protect Decd Information From Harm

Data and Information Security Policy

Policy Document Control Page

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

FDOH Information and Privacy Awareness Training Learner Course Guide

OLD HALL SURGERY COMPLAINTS PROCEDURE (FORM 1)

Information Governance in Dental Practices. Summary of findings from ICO reviews. September 2015

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

Information Governance

NETWORK SECURITY POLICY

INFORMATION SECURITY POLICY

Transcription:

Personal Data Handling and Sharing Policy Originator Richard Gibson Date 20 June 2012 Verifier Lynda Oliver Date 20 June 2012 Reviewed Richard Gibson, Lynda Oliver Date July 2013

Contents Page 1. Introduction 2. Purpose of the Policy 3. Responsibilities 4. Data Gathering 5. Use of Data 6. Patient Rights 7. Sharing of Data 8. Scope 9. Procedures 10. Approval

Personal Data Handling and Sharing Policy 1. Introduction The Outside Clinic has an obligation to define the requirements for how we process data and how it is handled within the organisation structure. 2. Purpose of the Policy The purpose of this Policy is to define why data is collected, how it is used and how data is kept confidential. It also sets out the parameters for all employees of The Outside Clinic who are involved in how to share patient identifiable/sensitive information outside the organisation. 3. Responsibilities The Data Controller is responsible for keeping patient information confidential. The Data Controller is the Head Of Operations. 4. Data Gathering The Outside Clinic keeps records about patient s health and any treatment and care that is provided. These records help to ensure that we deliver the best possible care. The records may be written down (manual records) or held on computer. These records may include: Basic details about the patient such as address, date of birth. Contact we have had with the patient such as eye and hearing examinations. Notes and reports of the patient s health. Details and records about the patient s treatment and care. Some of this information will be held centrally to be used for statistical purposes. In these instances we take strict measures to ensure that individual patients cannot be identified. The information will only be used with their consent, unless the law requires us to pass on this information. 5. Use of Data Patient records are stored so that they can be used to guide and administer the care that is provided to them. Our medical professionals involved in their care has accurate and up-to-date information to assess their health and decide on the most appropriate care for them. Patient concerns will be fully investigated if a complaint is raised. The Outside Clinic will ensure that the appropriate information is available if the patient attends another medical professional or they are referred to a specialist, their GP or another part of the NHS or similar organisation. 6. Patient Rights Patients have a right of access to the information that we hold about them. The information can be provided by the patient making a request in writing to the Data Controller. We are required to respond within 40 days. The patient will need to give The Outside Clinic adequate information to ensure that the patient s identity can be verified.

7. Sharing of Data It is the Policy of The Outside Clinic to share patient information appropriately in order to ensure seamless and appropriate care for patients. Every member of staff has a contractual obligation to pass on or share patient identifiable information safely and securely. The Outside Clinic acknowledges that patients have a right to be aware when their data is being shared. If the sharing does not contribute to, or support the delivery of their care, then it may be that their written consent will be required. The sharing will be carried out in a safe environment and within the constraints of the Data Protection Act 1998, the Data Protection Principles and the Caldicott Principles. 8. Scope This Policy applies to all patient identifiable or The Outside Clinic sensitive information, be it manual or electronic, that is being shared or is planned to be shared with another organisation or individual. 9. Procedures Postal Security Envelopes should be securely sealed, clearly addressed to a known contact and marked confidential and addressee only. A return to sender address should also be marked on the envelope Telephone Security Telephone validation or callback procedures should be followed before disclosing information to someone you do not know to confirm their identity and authorisation. Fax Machine Security All fax machines, which could receive patient information when unsupervised, must be in an area that could be locked so that unauthorised staff or the general public cannot gain access to them. Confidential information should only be sent by fax where absolutely necessary. If you do send information that identifies a patient, always send a cover sheet with the fax, which contains a statement This fax is confidential and is intended for the person whom it is addressed. When faxing patient information, steps must be taken to minimise the risk of miss dialling. Pre-programmed dialling is recommended and you should never dial from memory. Never send a fax to an unsupervised machine, unless it is designated safe haven or secure. Make sure that an appropriate person is available to receive that fax. It is good practice to make sure after sending the fax that the right person has received it. Confidential information sent via fax should be accompanied by a phone call to the recipient. Coded numbers should be used instead of names/address wherever possible. The data should be anonymised where possible and kept to a minimum. Email Security Emailing patient confidential information is only permitted if it is encrypted or where system-to-system networks are known to be secure or by use of an NHS net email address.

Using Anonymised or Pseudonymised Information Anonymising data means to remove factors that would enable an individual to be identified and is the method to be used for the sharing of bulk data. Pseudonymisation is the process of applying a pseudonym to replace person identifiable information and can be used with certain IT programs when transferring information concerning individuals. Encryption All portable media etc (laptops, data sticks) that are to be used for the downloading of patient identifiable/sensitive information must be: o o Manager. Supplied by The Outside Clinic. Encrypted. Any enquiries about encryption should be addressed to the Hardware and Network Data Sharing Examples of data sharing are: Patient data returns to the NHS England and Health Authorities. Communications with GP Practices. Copies of records being supplied to other hospitals taking over the care of the patient because, for example, the patient has moved. Outsourcing initiatives. Clinical audit or research. Patient information being shared with other health care agencies. Staff and Training Reference to Data Sharing is part of Information Governance training that takes place at induction and at mandatory updates. 10. Approval This policy has been approved by the undersigned and will be reviewed on an annual basis. Originator: Richard Gibson Date: 20 June 2012 Verifier: Lynda Oliver Date: 20 June 2012 Authoriser: Richard Gibson Date: 20 June 2012

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information