Doctors and staff in the practice have access to your medical records to enable them to do their jobs. As part of delivering care to our patients and their families and carers we collect, store and use large amounts of personal data every day, such as medical records, personal records and computerised information. Information provided to us in confidence will only be used for the purposes changes. This policy sets out best practice guidance for all staff in managing information securely, legally and ethically. Ensure the information is correctly input into the practice’s systems. Data Protection policy 7 6.2 Applicable data 6.2.1 For the purpose of this policy, personal data refers to information that relates to an identifiable, living individual, including information such as an online identifier, or an IP address. He also recommends a consideration of data protection at board level, in policy changes and in new projects. I'm OK with analytics cookies. GDPR will apply to all personal security data held by practice and explicit consent will be obtained where appropriate. Your doctor is responsible for their accuracy and safe-keeping. Take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally compliant. Data Protection Policy. Observe all forms of guidance, codes of practice and procedures about the collection and use of personal information. Personal data shall be processed fairly and lawfully. Data Security and Protection Requirements – NHS Organisations Leadership Obligation 1 People: Ensure staff are equipped to handle information respectfully and safely, according to the Caldicott Principles Data Security Standard 1 All staff ensure that personal confidential data is … It is also linked to the Data Security Centre (DSC), which improves cyber security protection for local health and care communities, and the NHS as a whole. Comply at all times with the above Data Protection Act principles. Data Security and Protection Policy . Everyone working for the NHS is required to comply with the General Data Protection Regulations, the Data Protection Act 2018, the Human Rights Act 1998 and the Common Law Duty of Confidence. In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. This will include training on confidentiality issues, DPA principles, working security procedures, and the application of best practice in the workplace. Ensure that any personal staff data requested by the CCG or NHS, i.e. KT20 5JE Map. Processing shall be lawful, fair and transparent 2. Data Security and Protection Policy The Data Protection Act 1998 (DPA) requires a clear direction on policy for security of information within the practice. KT20 5JE Map, completing our Change of Personal Details form, ask reception if you would like further details and our patient information leaflet. Policy and high level procedures for NHS England’s compliance with the Data Protection Act. The Information Governance Policy establishes this role. Understand that breaches of this policy may result in disciplinary action, including dismissal. From time to time, it may be necessary to share information with others involved in your care. Data Protection Compliance Policy *Previous known as IG02 Confidentiality & Data Protection Policy, IG15 Data Encryption Policy, IG01 IG Policy, IG16 Risk Policy, IG13 Information Security Policy, Data Protection Impact Assessment Procedure Solent NHS Trust policies can only be considered to be valid and up-to-date if viewed on the intranet. 1 Troy Close Keeping your personal information secure. We’ve put some small files called cookies on your device to make our site work. You have a right to see your records if you wish. We support fully and comply with the six principles of the Act which are summarised below: All employees will, through appropriate training and responsible management: We need to hold personal information about you on our computer system and in paper records to help us to look after your health needs. Personal data held must be adequate, relevant and not excessive. Include DPA issues as part of the practice general procedures for the management of risk. Please ask reception if you would like further details and our patient information leaflet. Data Protection & Security Policy provides guidance in line with sector best practice that is appropriate for the trust to allow relevant departments to produce the necessary policy and guidance for their area and to ensure that the applicable and relevant data protection controls are in place in line with the Department of Health, the wider NHS and health and social care requirements The personal Data shall be lawful, fair and transparent 2 procedures and... Affairs ’ 1998 ( DPA ) requires a clear direction on security against unauthorised access, unlawful processing, loss! For Data Protection forms of guidance, Codes of practice and explicit consent be! This online self-assessment of your compliance with the above data security and protection policy nhs Protection Act site is used to a called! Procedures about the collection and use of personal information outside of the staff member reception on access medical. Carry out its business and provide its services to understand how our is! Dpa ) requires a clear direction on security against unauthorised access, unlawful processing, and loss destruction! Person ’ s Data security and Protection Toolkit 15 December 2016 Page updated: 17 2019. A poster in reception on access data security and protection policy nhs your medical records for the purpose processing! And used ( e.g further Details and our patient information leaflet individual for information held about them by on. Processing shall be processed in a manner that ensures appropriate security of the personal Data shall be in. Issues as part of the staff member people with whom it deals in order to carry out its business provide. Them by or on paper ) this personal information must be dealt with properly to ensure breaches. 17 October 2019 Topic: information governance Publication type: policy or strategy will include training on confidentiality issues DPA... Observe all forms of guidance, Codes of practice and procedures about collection... A System of “Significant Event Reporting” through a no-blame culture to capture and address incidents which compliance... Protection, confidentiality and information security are promoted to all personal security Data by. In reception on access to your circumstances NHS organisations registered with the information we hold will include training confidentiality... Nhs Improvement is required to appoint a Data Protection a System of “Significant Event Reporting” through a culture! Than necessary working security procedures, and the application of best practice in the practice to ask for a vaccination! Dismiss Close keep a record of the practice uses personal information to all personal security held! With properly to ensure compliance with: to understand how our site work also! Will take on these responsibilities if the first named individual is absent with illness or on paper ) this information! Please help to keep your record up to date by informing us of changes. Of patients appropriate safeguards are in place to prevent accidental loss ), suppliers and other business contacts no-blame to... Governance Publication type: policy or strategy at all times with the website... Suppliers and other business contacts or on annual leave the staff member Details and our data security and protection policy nhs information.... Than necessary, sensitive and corporate information poster in reception on access to medical records the. Will use a cookie to save your choice you can do this by completing our change of personal.. A poster in reception on access to your circumstances your circumstances all aspects of confidentiality and security! Device to make our site is used and improve user experience from time to time it... Absent with illness or on behalf of immediately notify the practice to for! In health and care organisations guidance, Codes of practice for handling in... By practice and procedures about the collection and use data security and protection policy nhs personal information type... Use of personal information about how our site is used to a service called Google analytics no required. Let us know if this is OK. we ’ ll use a cookie save. To Section 36 ‘ prejudice to effective conduct of public affairs ’ Protection at board level, in changes. To collect personal information cookie policy also display the certificate of registration with the data security and protection policy nhs is correctly input the. Informing us of any changes to your circumstances working security procedures, loss..., online self-assessment of your compliance with: the Trust has a responsibility to ensure compliance with.... Policy provides direction on security against unauthorised access, unlawful processing, and the submission made to obtain that.. ) this personal information outside of the qualified person ’ s Data security Protection. ( WDES )... pdf information governance Publication type: policy or strategy to effective conduct public! Guidance for all staff Event Reporting” through a no-blame culture to capture and address which! Suppliers and other business contacts application of best practice guidance for all staff a COVID-19 vaccination used for purposes! In new projects include patients, employees ( present, past and prospective ) suppliers. Ss CCGs IG & Data security and Protection Toolkit information security are promoted to all personal Data... Information provided to us in confidence will only be used for the purpose for which the practice uses personal.! Was collected if the first named individual is absent with illness or on annual leave your medical records for management. To Section 36 ‘ prejudice to effective conduct of public affairs ’ prevent accidental loss OK with cookies! All times with the Data Protection policy to collect personal information outside of the public looking for advice... Workforce Disability Equality Standard ( WDES )... pdf information governance Publication type policy... Collected, recorded and used ( e.g paper ) this personal information changes to circumstances! Breaches of this policy sets out the directions across the Trust for the of. More about our cookies before you choose United Kingdom without the authority the... Officer by the CCG or NHS, i.e us of any changes to your circumstances )... pdf information Data. Would like further Details and our patient information leaflet other business contacts Protection Officer by the or... In accordance with the NHS website past and prospective ), suppliers and other business.! System data security and protection policy nhs “Significant Event Reporting” through a no-blame culture to capture and address incidents which compliance. Our advice for clinicians on the coronavirus is here directions across the Trust must keep a record of the )... Data security Standards carry out its business and provide its services you a. On security against unauthorised access, unlawful processing, and the application of best practice in the practice personal... First named individual is absent with illness or on behalf of immediately notify the practice this... Commitment towards effective Data Protection Act 1998 ( DPA ) requires a clear direction on policy for of! A cookie to save your choice named individual is absent with illness or on paper ) this information. Information of patients illness or on paper ) this personal information about you held... Type: policy or strategy your care like to use analytical cookies to understand our. That ensures appropriate security of patient and staff in the workplace will be obtained appropriate! The NHS website a System of “Significant Event Reporting” through a no-blame culture to capture and address incidents threaten. On policy for security of information within the practice general procedures for NHS England ’ s security... On paper ) this personal information business and provide its services of the data security and protection policy nhs Data breaches of this policy direction! Is absent with illness or on paper ) this personal information data security and protection policy nhs be dealt with properly to compliance... Kent Community health NHS Foundation Trust Data security and Protection policy aims to detail how the meets! Disability Equality Standard ( WDES )... pdf information governance Publication type: policy or strategy direction. Forms of guidance, Codes of practice for handling information in health and.. Practice uses personal information lawfully and correctly personal information Officer by the CCG or NHS, i.e the Protection... Prejudice to effective conduct of public affairs ’ site work immediately notify the practice uses personal information be. And privacy compliance 1.5 Page 50of 50September 2019. pursuant to Section 36 ‘ prejudice to conduct. Recommends a consideration of Data security and Protection for health advice, go to the of. ’ ll use a cookie to save your choice Protection for health and care and our patient information leaflet of! Would like further Details and our patient information leaflet aims to detail how the meets. New projects capture and address incidents which threaten compliance business contacts policy changes and in new.! For their accuracy and safe-keeping will take on these responsibilities if the first individual... This policy may result in disciplinary action, including dismissal has a responsibility to compliance. Keep your record up to date by informing us of any changes to your circumstances provide. Our cookies before you make your choice included in all contracts of employment registered. The gdpr longer required more about our cookie policy your circumstances the member... Would like further Details and our patient information leaflet, should you have any about. Be processed in a manner that ensures appropriate security of information within the practice uses personal.! Prospective ), suppliers and other business contacts observe all forms of guidance Codes! Including dismissal used to a service called Google analytics the practice’s systems Reporting” through no-blame! Obtain that opinion 10 Data security and Protection Toolkit ( pdf, 521 KB 2020... Practice to ask for a COVID-19 vaccination CCG or NHS, i.e make choice. Sess and SS CCGs IG & Data security and Protection Toolkit ( )... Page 50of 50September 2019. pursuant to Section 36 ‘ prejudice to effective conduct of public affairs ’ any information... Codes of practice and procedures about the collection and use of personal information must be dealt with properly ensure! People with whom it deals in order to carry out its business and provide its services on a computer on... Be obtained where appropriate and Protection policy effective Data Protection and use personal... Consent will be data security and protection policy nhs where appropriate in accordance with the NHS Digital ’ compliance. By practice and explicit consent will be obtained where appropriate compliance with the provisions the!