Confidentiality of Patient Data
Confidentiality of Patient Data Protocol
Document control sheet
Document Title
Confidentiality of Patient Data
Version
04
Status
Final
Reference
Author
Hannah Lawrence
Date
18 April 2016
Document history
Version
Date
Author
Comments
01
18 April 2016
Hannah Lawrence
Review April 17
02
June 2018
Hannah Lawrence
Unchanged Review June 2019
03
10th June 2019
Leah Lawther
Unchanged Review Review June 2020
04
20th December 2021
Leah Lawther
Unchanged Review Review December 2022
05
10th January 2023
Leah Lawther
Unchanged Review Review January 2024
Contact details
Main point of contact
Telephone number
Email address
Postal address
Leah Lawther
01932 875001
3 Bousley Rise
Ottershaw
KT16 0JX
Introduction
This document sets out the arrangements in the practice for the confidentiality of patient data.
The Practice’s Responsibilities
The practice will ensure that employees fully understand all their responsibilities with regard to confidential data, by ensuring employees undertake Information Governance training and sign a written statement of the responsibilities they are undertaking towards the security of all data within the surgery. Competency will be assessed as an ongoing process and as part of the appraisal process.
The practice will continue to complete and submit the IG Toolkit self-assessment on an annual basis.
The practice will also ensure that arrangements are in place for the confidential disposal of any paper waste generated at work.
The practice strictly applies the rules of confidentiality and will not release patient information to a third party (other than those involved in the direct care of a patient) without proper valid and informed consent, unless this is within the statutory exempted categories such as in the public interest, or if required by law, in which case the release of the information and the reasons for it will be individually and specifically documented and authorised by the responsible clinician.
The practice follows the Health and Social Care Information Centre document “A Guide to Confidentiality in Health and Social Care, Sept 2013”.
Leaflet Wording (Patient Information Leaflet or Poster)
All patient information is considered to be confidential and we comply fully with the Data Protection Act 1998 and Caldicott principles. All employees in the practice have access to this information in relation to their role, have confidentiality clauses in their contracts of employment and have signed a confidentiality agreement. All staff members adhere to the Confidentiality: NHS Code of Practice 2003.
Where appropriate, patient information may be shared with other parties within the care team. However, they must be involved in the direct care of patients, based on implied consent. This will be on a “need to know” basis only and in order to ensure the safe, effective care of patients. Where a patient wishes information not to be shared within the team providing direct care, then they must discuss this with their GP.
Patient information will not be shared outside of the direct care team without consent being sought. An individual has the right to refuse to have their information disclosed, although this may have an impact on their care, and their wishes will be complied with.
It is imperative that when it is right to release details to 3rd parties that the information only includes what has been asked for and not necessarily the full record.
There are currently two national data extractions from which patients may wish to “opt out”:
1. Summary Care Record
The SCR enables healthcare staff providing care for patients in an emergency and from anywhere in England to be made aware of any current medications or allergies the patient may suffer from. This information from every patient record is sent electronically up to the Spine in order for this to happen. If patients wish their information to be withheld from the SCR, they can “opt out”. Please ask at reception for the SCR Opt Out Form or download one at:
systems.hscic.gov.uk/scr/library/optout.pdf
2. Care.data programme
In order to improve health services, NHS England has commissioned a modern data service from the Health and Social Care Information Centre (HSCIC) known as the “care.data programme” The aim of the service is to create a complete picture of care provided to patients by social care, GP practices and hospitals, and it will make use of patient information extracted from GP medical records.
Once this information has been linked to the data taken from hospitals, a new record will be created. This new record will not contain information that identifies you. The type of information that is then shared, and how it is shared, is controlled by law and strict confidentiality rules.
If you wish to “opt out” and prevent an extraction of information from your record being taken please ask for further information at reception.
At present, the proposed national roll-out of the care data program has been postponed and, rather than an immediate national roll-out, the HSCIC will be working with a number of “Pathfinder GP practices” that will test, evaluate and refine all aspects of the data collection process before it is applied nationally.
Protection against Viruses
Data is vulnerable to loss or corruption caused by viruses. Viruses may be introduced from floppy discs, CDROM/DVDROM, other storage media and by direct links via e-mail and web browsing.
Precautions to be taken
· Virus protection software is installed on ALL computer equipment.
· The supplier of our clinical software manages the anti-virus software version control and regular updates.
· New programmes should not be downloaded without the permission of the IT or practice manager. This reduces the risk of malware being downloaded and affecting the computer.
· Mobile phones should never be charged using PC USB sockets.