Patient-identifiable information takes many forms.
It can be stored on computers, transmitted across networks, printed or stored on paper, spoken or recorded.
The Practice will take all necessary steps to safeguard the integrity, confidentiality, and availability of sensitive information.
No staff member employed by the Practice (including temporary or agency staff) is allowed to share any patient-identifiable information unless it has been authorised by the Practice’s Caldicott Guardian.
Dr Ruth Crowley (GP) is the Caldicott Guardian at Avon Road Surgery
It is unlikely that any authorisation to share patient-identifiable data will be granted unless the access is on a need to know basis and justifiable against the Caldicott principles.
The Caldicott standard is based on the following six principles:
- Justify the purpose(s) – Every proposed use or transfer of patient-identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed by an appropriate guardian.
- Don’t use patient-identifiable information unless it is absolutely necessary – patient-identifiable information items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).
- Use the minimum necessary patient-identifiable information – Where use of patient-identifiable information is considered to be essential, the inclusion of each individual item of information should be considered and justified so that the minimum amount of identifiable information is transferred or accessible as is necessary for a given function to be carried out.
- Access to patient-identifiable information should be on a strict need-to-know basis – Only those individuals who need access to patient-identifiable information should have access to it, and they should only have access to the information items that they need to see. This may mean introducing access controls or splitting information flows where one information flow is used for several purposes.
- Everyone with access to patient-identifiable information should be aware of their responsibilities – Action should be taken to ensure that those handling patient-identifiable information – both clinical and non-clinical staff – are made fully aware of their responsibilities and obligations to respect patient confidentiality.
- Understand and comply with the law – Every use of patient-identifiable information must be lawful. Someone in each organisation handling patient information should be responsible for ensuring that the organisation complies with legal requirements.
Training, Policies and Procedures
Avon Road Surgery takes their responsibilities for the security and protection of all patient-identifiable information very seriously.
All Practice staff have responsibility for compliance with the Caldicott standards.
To this end the Practice has:
- Confidentiality clauses in each employee’s employment contract;
- An Employee Handbook (outlining employee responsibilities);
- Policies, procedures and agreements to ensure any transfer of patient-identifiable information is compliant.