1. Relevant To
1.1 This policy is relevant to all employees of Littledown Surgery, including staff on honorary contracts, volunteers and third party contractors who process person identifiable information.
2. Introduction
2.1 This Policy is required in order to inform on the lawfulness and security of personal information, in line with the General Data Protection Regulation 2016, the Data Protection Act 2018 and Common Law Duty of Confidentiality.
2.2 This Policy provides staff with guidance on processing information in accordance with the principles and legal obligations of the Data Protection Act 2018, Confidentiality NHS Code of Practice, Caldicott Report 1997, Caldicott Review 2013 and National Data Guardian’s Review on Data Security, Consent and Opt-Outs.
2.3 This Policy also encompasses the Records Management Code of Practice for Health and Social Care 2016, which sets out the legal and professional responsibility of all staff in relation to the creation, use, storage and disposal of records in the performance of their duties.
2.4 Staff should be aware that all records are public records, including email and may be subject to Subject Access Requests and Freedom of Information requests.
3. Scope
3.1 This policy aims to inform staff of appropriate use of personal information and their reponsibilities.
4. Purpose
4.1 The purpose of this policy is to:
- promote best practice in the processing of personal identifiable data;
- ensure that all staff are appropriately trained in the management of personal identifiable data;
- outline the procedure for reporting and investigating suspected breaches of confidentiality and/or loss or theft of personal data;
- provide assurance to patients, staff and general public that personal identifiable data is processed lawfully and held securely.
Please download the full document here: Data Protection / Confidentiality