Data Security and Protection Policy

Introduction

The Data Protection Act 1998 (DPA) requires a clear direction on Policy for security of information within the practice.

The policy provides direction on security against unauthorised access, unlawful processing, and loss or destruction of personal information.

The following is a Statement of Policy which will apply.

The Policy

  • The practice is committed to security of patient and staff records.
  • The practice will display a poster in the waiting room, explaining the practice policy to patients.
  • The practice will make available a brochure on Access to Medical Records and Data Protection for the information of patients.
  • The practice will take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally compliant. This will include training on Confidentiality issues, DPA principles, working security procedures, and the application of Best Practice in the workplace.
  • The practice will undertake prudence in the use of, and testing of, arrangements for the backup and recovery of data in the event of an adverse event.
  • The practice will maintain a system of “Significant Event Reporting” through a no-blame culture to capture and address incidents which threaten compliance.
  • DPA issues will form part of the practice general procedures for the Management of Risk.
  • Specific instructions will be documented within confidentiality and security instructions and will be promoted to all staff.

Data Protection Act – Patient Information

We need to hold personal information about you on our computer system and in paper records to help us to look after your health needs.

Please help to keep your record up to date by informing us of any changes to your circumstances.

Doctors and staff in the practice have access to your medical records to enable them to do their jobs. Your doctor is responsible for their accuracy and safe-keeping.

From time to time, it may be necessary to share information with others involved in your care. Anyone with access to your record is properly trained in confidentiality issues and is governed by both a legal and contractual duty to keep your details private.

All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.

In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstances you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.

To ensure your privacy, we will not disclose information over the telephone or fax unless we are sure that we are talking to you.

Information will not be disclosed to family, friends, or spouses unless we have prior written consent, and we do not leave messages with others.

You have a right to see your records if you wish. Please contact reception if you would like further details and our patient information leaflet. An appointment will be required. In some circumstances a fee may be payable.