|
|
|
Confidentiality Policy
QMS adheres to the Department of Health Confidentiality NHS Code of
Practice (November 2003)
We will adhere to The Caldicott Principles, as detailed in the above,
namely the principles of data collection are;
- Justify
the purpose
- Don’t
use patient identifiable information unless it is absolutely necessary
- Use
the minimum necessary patient identifiable information
- Access
to patient identifiable information should be on strict need to know
basis.
- Everyone
should be aware of their responsibilities
- Understand
and comply with the law.
QMS
staff will occasionally be in contact with confidential and sensitive
information including individual’s health care records. All
confidential data needs to be handled according to any applicable legal
requirements and according to this policy.
Note the following key points
- No
data must be removed from GP practices without permission of the
practice. Where data is removed from the practice with the
practice’s permission it must be protected with a strong
password. Confidential data should not normally be removed from
QMS premises. If necessary to store confidential information on a
laptop it must be encrypted as well as protected with a strong password.
- Confidential
information must never be disclosed to any third party without explicit
authorisation.
- No
confidential data must ever be sent by unencrypted email or post.
- When
extracting data for PCT use, QMS adheres to the “PCT data collection
agreement”. PCTs are expected to have their own agreements in place
with practices.
- When
contracted directly to work with practices, QMS adheres to the
“Confidentiality statement between QMS and named general practice”.
Practices and QMS will sign this agreement prior to commencing work.
- QMS
employees will be trained in confidentiality and are obliged to comply
with this policy.
- When
viewing patient identifiable data, QMS staff should be supervised on
site by member of the practice staff.
- When
QMS have access to sensitive, or patient identifiable data, we will not
add, amend or delete any data.
- QMS
staff should have their own log-in and password if accessing patient
data, to allow tracking of actions in the computer audit trail.
- If
we receive confidential data in error we will notify the person who
sent the data immediately and destroy the data.
- Where
QMS has access to patient identifiable data, we will not reveal any of
this information to a third party, except where we are required to do
so by law or where patient safety is compromised.
Security Policy
- Computer
screens with access to sensitive data should be locked when unattended.
- Any
room where access to sensitive data is possible must be locked when
unattended.
- Sensitive
data must not be left on desks, and should be kept in a lockable
storage area. Confidential paper waste should be shredded.
- Sensitive
data will be kept in a separate data area on the shared drive.
- If
patient identifiable data is kept temporarily on QMS computers, it will
be securely encrypted.
- Data
saved during backup procedures will be encrypted.
- If
sensitive data is transported (for example on laptops or memory
sticks), it will always be encrypted. QMS employees will adhere
to the “Secure Remote Access Policy”.
- QMS
requires all computer users to use strong passwords
- Where
practices allow QMS to use a remote log in for customer support, they
should read and agree with the “QMS Secure Remote Login Overview”
confidentiality statement.
- QMS
will not keep sensitive data any longer than is required and will
dispose of such data securely. In particular, sensitive data
including anonymised patient data will be shredded.
- QMS
will ensure the secure disposal of any redundant hardware and software
to ensure data can never be read and is permanently deleted.
- QMS
adheres to a secure “Wireless use policy”
- Visitors
to the QMS office will be required to see and agree to our
confidentiality policy.
- QMS
has a business continuity plan to ensure secure backup of data off
site, and allow it to continue its business in the event of data loss
from the main site.
- QMS
keeps copies of Insurance policy documents off site as well as in
office.
Data protection –
QMS complies with the requirements of the Data Protection Act
|
|
