QUICK REFERENCE TO CALDICOTT & THE DATA PROTECTION ACT 1998 PRINCIPLES

Similar documents
CLINICAL SERVICES POLICY & PROCEDURE (CSPP No. 25) Clinical Photography Policy in the Pre-Hospital Setting. January 2017

DATA PROTECTION POLICY

Standard Operating Procedures (SOP) Research and Development Office

DATA PROTECTION POLICY

Information Governance: The Refresher Module (Revision and Update)

STEP BY STEP SCHOOL. Data Protection Policy and Privacy Notice

Diploma Unit 9 Unit code: HSC 028 Technical Certificate Unit 9 Unit code: Y/602/3118. Unit Information

Sample. Information Governance. Copyright Notice. This booklet remains the intellectual property of Redcrier Publications L td

I SBN Crown copyright Astron B31267

Working with Information Governance INFORMATION GOVERNANCE REFRESHER TRAINING WORK BOOK

Research Code of Practice

Principles of Data Sharing for GPs and LMCs

Personal Identifiable Information Policy

GPs as data controllers under the General Data Protection Regulation

Handle Information in Health and Social Care Settings

Scottish Clinical Trials Research Unit (SCTRU) Data Protection Notice

How we use your information. Information for patients and service users

Frequently Asked Questions (FAQs) About Sharing Information for Patients

SOP 5 PRIVACY and DATA PROTECTION

Occupational Health Privacy Notice

JOB DESCRIPTION. Service Manager AMH Inpatient Services. Enhanced CRB with Both Barred List Check

THE PRIVACY ACT AND THE AUSTRALIAN PRIVACY PRINCIPLES FREQUENTLY ASKED QUESTIONS

Data Protection Privacy Notice

Contract of Employment

EAST CALDER & RATHO MEDICAL PRACTICE YOUR INFORMATION

Fair Processing Notice or Privacy Notice

Deputise and take charge of the given area regularly in the absence of the clinical team leader who has 24 hour accountability and responsibility.

Promote good practice in handling information in health and social care settings

SM-PGN 01- Security Management Practice Guidance Note Closed Circuit Television (CCTV)-V03

Information Governance Management Framework

Policies, Procedures, Guidelines and Protocols

Clinical Lead. Contract of Employment

Scottish Infection Research Network - Chief Scientist Office. Doctoral Fellowship in Healthcare Associated Infection

Education and Training Committee, 5 June 2014

NHS England Complaints Policy

Social care guideline Published: 14 March 2014 nice.org.uk/guidance/sc1

Guidance on the provision of pharmacy services affected by religious and moral beliefs

Briefing: Quality governance for housing associations

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT

Standards for pharmacy professionals. May 2017

NHS CHOICES COMPLAINTS POLICY

Council, 25 September 2014

JOB DESCRIPTION. As specified in the job advertisement and the Contract of. Lead Practice Teacher & Clinical Team Leader

Policy Management of Patient Care Reports. National Ambulance Service (NAS)

A protocol for using electronic notes in psychological therapies (talking treatments)

NCCP Guidance on the Retention and Disposal of Systemic Anti-Cancer Therapy (SACT) prescriptions and compounding worksheets.

REVIEWED BY Leadership & Privacy Officer Medical Staff Board of Trust. Signed Administrative Approval On File

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

Ministry of Social Affairs and Health, Finland N.B. Unofficial translation. Legally valid only in Finnish and Swedish

SPECIFIC PRIVACY STATEMENT ERCEA ERC- Proposals Evaluation, Grants Management and Follow-up

Implied Consent Model and Permission to View

Employment Services & Financial Incentives

Performance and Quality Committee

Your NHS number and how we use your information in the NHS

Nursing Documentation 101

ERASMUS MUNDUS Frequently-asked questions ACTION 2: Questions from higher education institutions Latest update: January 2011

INFORMATION TECHNOLOGY, MOBILES DIGITAL MEDIA POLICY AND PROCEDURES

This policy sets out the framework of good practice and the principles underpinning this when conducting Clinical Audit

Your health, your rights The Charter of Patient Rights and Responsibilities. Everyone who uses the NHS in Scotland has rights and responsibilities

How your health information is used in Lambeth

Guidelines on the Keeping of Records in Respect of Medicinal Products when Conducting a Retail Pharmacy Business

Quality Standards CLINICAL AND QUALITY GOVERNANCE. Version 1.2

1. THE PROTECTION OF VULNERABLE GROUPS SCHEME (PVG)

Managing medicines in care homes

Privacy and Management of Health Information

Patient Alert. Target Audience. Who Should Read This Policy. All Staff

TARGET AUDIENCE This policy and its associated procedures are mandatory for all Western District Health Service departments and employees.

Foundation Pharmacy Framework

How NICE clinical guidelines are developed

INTRODUCTION TO THE UK PUBLIC HEALTH REGISTER ROUTE TO REGISTRATION FOR PUBLIC HEALTH PRACTITIONERS

This template is provided by PSNC and NHS Employers, who have developed it to assist PCTs and pharmacy contractors.

Medical Records Ch. 13. Dr. Thorson

GDPR Records Management Policy

Compliance Program And Code of Conduct. United Regional Health Care System

Towards Quality Care for Patients. National Core Standards for Health Establishments in South Africa Abridged version

White Rose Surgery. How we collect, look after and use your data.

CODE OF CONDUCT CODE OF ACCOUNTABILITY IN THE NHS

WARD MANAGER. Ward Manager/Specialty Sister

21 March NHS Providers ON THE DAY BRIEFING Page 1

NHS Dorset Clinical Commissioning Group Deprivation of Liberty Safeguards Guidance for Managing Authorities

Guidance for the Tripartite model Clinical Investigation Agreement for Medical Technology Industry sponsored research in NHS Hospitals managed by

Response to the Department of Health consultation on a draft health information policy framework

Rights and Responsibilities. A guide for patients, carers and families

Walsall Healthcare NHS Trust School Nursing Service

The Code Standards of conduct, performance and ethics for nurses and midwives

PART II: GENERAL CONDITIONS APPLICCABLE TO GRANTS FROM THE NORWEGIAN MINISTRY OF FOREIGN AFFAIRS

Privacy Code for Consumer, Customer, Supplier and Business Partner Data

Compliance with Personal Health Information Protection Act

SOMERSET INFORMATION SHARING PROTOCOL

Participant Information Sheet Main Trial. ATAFUTI A Trial Investigating Alternative Treatments for Adult Female Urinary Tract Infection

2011 Call for proposals Non-State Actors in Development. Delegation of the European Union to Russia

EU-Serbia Explanatory Screening Meeting EURES. European Commission DG Employment, Social Affairs and Inclusion Unit C3. 23 rd January 2014

Internal Audit. Cardiac Perfusion Services. August 2015

Policy on Sponsorship and Joint Working with the Pharmaceutical Industry and other Commercial Organisations

Acute Medical Unit (AMU)

Patient Advice and Liaison Service (PALS) policy

PRIVACY AND NATURAL MEDICINE PRACTITIONERS

Evaluation ethics Evaluation resources from Wilder Research

Record Keeping - Legal and Ethical Core CPD

Call: Graduate school in energy systems

Transcription:

QUICK REFERENCE TO CALDICOTT & THE DATA PROTECTION ACT 1998 PRINCIPLES

What is Caldicott? The term Caldicott refers to a review commissioned by the Chief Medical Officer. A review committee, under the chairmanship of Dame Fiona Caldicott, investigated ways in which patient information is used in the NHS. The review committee also made a number of recommendations aimed at improving the way the NHS handles and protects patient information. These are summarised by: Six Information Management Principles

The Six Caldicott Principles 1. Justify the purpose(s) of using confidential information 2. Only use it when absolutely necessary 3. Use the minimum that is required 4. Access should be on a strict need-to-know basis 5. Everyone must understand his or her responsibilities 6. Understand and comply with the law

What is the Data Protection Act 1998? The Data Protection Act 1998 became law in March 2000. It sets standards which must be satisfied when obtaining, recording, holding, using or disposing of personal data. These are summarised by 8 Data Protection Principles As well as information held on computers, the Data Protection Act 1998 also covers most manual records e.g. Health Finance Personnel Suppliers Occupational Health Contractors Volunteers Card Indices

Data Protection Principles Personal data must be: 1 Processed fairly and lawfully 2 Processed for specified purposes 3 Adequate, relevant and not excessive 4 Accurate and kept up-to-date 5 Not kept for longer than necessary 6 Processed in accordance with the rights of data subjects 7 Protected by appropriate security (practical and organisational) 8 Not transferred outside the EEA without adequate protection

Principle 1 Processed fairly and lawfully There should be no surprises, so... inform data subjects why you are collecting their information, what you are going to do with it and who you may share it with... for example: When formulating a research project remember to be open and transparent about what you will be doing with the information. When working in a team, ensure that the patient/client is aware of who the members of the team are, and that all those involved with their care may need to see their notes. Be open, honest and clear

Principle 2 Processed only for specified purposes Only use personal information for the purpose(s) for which it was obtained. eg personal information on a Patient Administration System must only be used for healthcare purposes - not for looking up friends addresses or birthdays. Only share information outside your practice, team, home, ward, department or service if you are certain it is appropriate and necessary to do so. If in doubt, check first!

Principle 3 Adequate, relevant and not excessive Only collect and keep the information you require. It is not acceptable to hold information unless you have a view as to how it will be used. Do not collect information just in case it might be useful one day! eg taking both daytime and evening telephone numbers if you know you will only call in the day. Explain all abbreviations Use clear legible writing Stick to the facts - avoid personal opinions and comments

Principle 4 Accurate and kept up-to-date Take care inputting information to ensure accuracy. How do you know the information is up-to-date? What mechanisms do you have for checking information is accurate and up-to-date? For example: each time a patient attends a clinic, they should be asked to confirm that their details are correct - address, telephone number etc. Check existing records thoroughly before creating new records Avoid creating duplicate records

Principle 5 Not kept for longer than necessary Follow retention guidelines in the Records Management: NHS Code of Practice Ensure regular housekeeping/spring cleaning of your information Check your organisation s retention policy Do not keep just in case it might be useful one day! Check your organisation s disposal policy and dispose of your information correctly

Principle 6 Processed in accordance with the rights of data subjects Subject access Prevention of processing Prevent processing for direct marketing -an end to junk mail and faxes! Automated decision taking Compensation Rectification/blocking/erasure Request an assessment

Principle 7 (Practical) Protected by appropriate security Ensure security of confidential faxes by using safe haven/secure faxes ALWAYS keep confidential papers locked away Do you have a clear desk policy? Ensure confidential conversations cannot be overheard Keep your password secret Ensure information is transported securely

Principle 7 (Organisational) Protected by appropriate security Your organisation should have... Good information management practices Guidelines on IT security Staff training Confidentiality clause in employment contracts Procedure for access to personal data Disposal policy/procedure for confidential information Confidentiality contracts with third parties eg archiving companies, cleaners, temporary staff, outside contractors

Principle 8 Not transferred outside the European Economic Area (EEA) without adequate protection If sending personal information outside the EEA ensure consent is obtained and it is adequately protected Be careful about putting personal information on websites: gain consent first Check where your information is going eg where are your suppliers based? The EEA comprises: EU Member States plus Iceland, Liechtenstein and Norway

To sum up, remember that information must be: Held securely and confidentially Obtained fairly and efficiently Recorded accurately and reliably Used effectively and ethically Shared appropriately and lawfully

For further information contact: Your Data Protection Officer Your Caldicott Guardian The Information Commissioner s website: www.ico.gov.uk The Caldicott website: www.connectingforhealth.nhs.uk/systemsandserv ices/infogov/caldicott Reproduced with the kind permission of Surrey Health Community

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback