SOP 5 PRIVACY and DATA PROTECTION

Similar documents
DATA PROTECTION POLICY

Sample. Information Governance. Copyright Notice. This booklet remains the intellectual property of Redcrier Publications L td

CLINICAL SERVICES POLICY & PROCEDURE (CSPP No. 25) Clinical Photography Policy in the Pre-Hospital Setting. January 2017

Standard Operating Procedures (SOP) Research and Development Office

INFORMATION TECHNOLOGY, MOBILES DIGITAL MEDIA POLICY AND PROCEDURES

Diploma Unit 9 Unit code: HSC 028 Technical Certificate Unit 9 Unit code: Y/602/3118. Unit Information

RESEARCH GOVERNANCE POLICY

Contract of Employment

THE CODE. Professional standards of conduct, ethics and performance for pharmacists in Northern Ireland. Effective from 1 March 2016

Clinical Lead. Contract of Employment

Deputise and take charge of the given area regularly in the absence of the clinical team leader who has 24 hour accountability and responsibility.

Privacy Policy - Australian Privacy Principles (APPs)

JOB DESCRIPTION. Service Manager AMH Inpatient Services. Enhanced CRB with Both Barred List Check

Storage and Archiving of Research Documents SOP 6

Information Governance Management Framework

How we use your information. Information for patients and service users

Personal Identifiable Information Policy

Corporate. Research Governance Policy. Document Control Summary

STANDARD OF BEHAVIOUR FOR CERTIFIED INSTRUCTIONAL, FACILITATOR OR LEADER STATUS PERSONNEL

Safeguarding Adults Policy. General Policy GP12

The Code Standards of conduct, performance and ethics for nurses and midwives

Code of professional conduct

PERSONAL HEALTH INFORMATION PROTECTION ACT (PHIPA) Frequently Asked Questions (FAQ s) Office of Access and Privacy

Standards for pharmacy professionals. May 2017

Safeguarding Vulnerable Adults Policy

The code: Standards of conduct, performance and ethics for nurses and midwives

QUICK REFERENCE TO CALDICOTT & THE DATA PROTECTION ACT 1998 PRINCIPLES

The Code Standards of conduct, performance and ethics for chiropractors. Effective from 30 June 2016

The code. Standards of conduct, performance and ethics for nurses and midwives

Institutional Review Board (previously referred to as Human Participants Research Board) Updated January 2004

Document Title: Document Number:

JOB DESCRIPTION. As specified in the job advertisement and the Contract of. Lead Practice Teacher & Clinical Team Leader

Code of Ethics. 1 P a g e

Standards conduct, accountability

Personal Electronic Devices Acceptable Use Policy

Signatures. Signature Name Date Vice-Chancellor, University of Birmingham

Memorandum of Understanding. between. The General Teaching Council for Scotland. and. The Scottish Social Services Council

IVAN FRANKO HOME Пансіон Ім. Івана Франка

Promote good practice in handling information in health and social care settings

Working with Information Governance INFORMATION GOVERNANCE REFRESHER TRAINING WORK BOOK

Sample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital

Hertfordshire Hospitals R&D Consortium Incorporating West Herts Hospitals NHS Trust and East & North Herts NHS Trust

Principles of Data Sharing for GPs and LMCs

JOB DESCRIPTION. Specialist Looked After Children s Nurse

General Procedure - Institutional Review Board

EMPLOYEE HANDBOOK EMPLOYEE HANDBOOK. Code of Conduct

Document Title: Informed Consent for Research Studies

Information Governance: The Refresher Module (Revision and Update)

The NHS Constitution

Research Staff Training

NHS Constitution The NHS belongs to the people. This Constitution principles values rights pledges responsibilities

NHS England Complaints Policy

DATA PROTECTION POLICY

Getting Ready for Ontario s Privacy Legislation GUIDE. Privacy Requirements and Policies for Health Practitioners

Summary guide: Safeguarding Adults: Pan Lancashire and Cumbria Multi Agency Policy and Procedures. For partner agencies staff and volunteers

SAFE HANDLING OF PRESCRIPTION FORMS FOR DOCTORS AND DENTISTS

The Code of Conduct Professional standards for nurses and midwives

Leadership and management for all doctors

Provision of Wigs Policy

JOB DESCRIPTION Patient Safety, Quality and Clinical Governance Advisor

NHS Dorset Clinical Commissioning Group Deprivation of Liberty Safeguards Guidance for Managing Authorities

Localising Patient Information. Documents

Visual Communication Alert Symbols Guidelines for Staff. Version 4.0. All Hospital Staff. Care Quality Commission s fundamental standards

I SBN Crown copyright Astron B31267

Services. This policy should be read in conjunction with the following statement:

COMIC RELIEF AWARDS THE GRANT TO YOU, SUBJECT TO YOUR COMPLYING WITH THE FOLLOWING CONDITIONS:

Standards of Practice for Optometrists and Dispensing Opticians

The Newcastle upon Tyne Hospitals NHS Foundation Trust

Mental Health Promotion Fund Wave Guidance notes

Fair Processing Strategy

Document Number: 006. Version: 1. Date ratified: Name of originator/author: Heidi Saunders, Senior Portfolio Coordinator

STEP BY STEP SCHOOL. Data Protection Policy and Privacy Notice

Code of Professional Conduct and Ethics. Bord Clárchúcháin na dteiripeoirí Urlabhartha agus Teanga. Speech and Language Therapists Registration Board

Document Title: Training Records. Document Number: SOP 004

CL006 Safeguarding Children Policy & Procedure

JOB DESCRIPTION Safeguarding Lead

Standard Operating Procedure Research Governance

Safeguarding & Wellbeing Policy

Research Code of Practice

DISCLOSURE & BARRING SERVICE POLICY AND PROCEDURES

Introduction...2. Purpose...2. Development of the Code of Ethics...2. Core Values...2. Professional Conduct and the Code of Ethics...

JOB DESCRIPTION. Specialist Nurse - Asthma (Paediatrics) Children s Specialist Community Nursing Service (CSCNS)

Access to Health Records Procedure

Document Title: Study Data SOP (CRFs and Source Data)

DOCUMENT CONTROL Title: Use of Mobile Phones and Tablets (by services users & visitors in clinical areas) Policy. Version: Reference Number: CL062

Dignity and Respect Charter for patients. Version 6.0

Code of Conduct. at Stamford Hospital

Choice on Discharge Policy

JOB DESCRIPTION Patient Safety, Quality and Clinical Governance Manager

Policy for Overseas Visitors

MEMORANDUM OF UNDERSTANDING THE CHARITY COMMISSION FOR NORTHERN IRELAND AND THE FUNDRAISING REGULATOR

Consultation on initial education and training standards for pharmacy technicians. December 2016

Low Medium High Critical Business Impact: X Changes are important, but urgent implementation is not required, incorporate into your existing workflow.

Number: Version Number: 4. On: February 2015 Review Date: February 2018 Distribution: Essential Reading for:

JOB DESCRIPTION Paediatric Rapid Assessment Staff Nurse - Urgent Care Centre

Consultation on developing our approach to regulating registered pharmacies

GCP Training for Research Staff. Document Number: 005

JOB DESCRIPTION. The post holder will focus on urgent care but may take responsibility for specialist projects and other services when required.

SAFEGUARDING ADULTS Policy & Procedure

Contribute to society, and. Act as stewards of their professions. As a pharmacist or as a pharmacy technician, I must:

Transcription:

SOP 5 PRIVACY and DATA PROTECTION SOP Title Privacy and Data Protection SOP No. SOP 5 Author Julia Farmery Consulted Departments Lincolnshire Clinical Research Facility, Research and Development, Trust consultants and Research staff. Lead Manager Dr. Tanweer Ahmed Director of LCRF and Sign and Print Name Research and Development Manager Date published 10 th March 2010 Review date of SOP 10 th March 2012 Version 1

EMPLOYEE RECORD OF HAVING READ AND UNDERSTOOD THE SOP POLICY FOR UNITED LINCOLNSHIRE HOSPITALS TRUST PRINT FULL NAME SIGNATURE DATE

Purpose: To ensure all patient s personal information and there data is stored and collected, maintained and treated with the up most confidence and respect. Adhering to patients rights of privacy within the Data Protection Act (1998), the Caldicott guardians and its principles, the Freedom of Information Act 2000 and the Health and Social Care Act 2008. Also adhering to the standards set within the UK Clinical Trial Directives 2004 and its statutory bodies and the regulatory bodies which we as professionals and NHS employees adhere to, within our contract of employment and professional duties. Applies to: All SOPs Relevant SOP Documentation Sop 6 Storage and Archiving Definitions: ULHT United Lincolnshire Hospitals Trust SOP Standard Operating Practices Policy: Human Rights Act 1998 (1998) The Stationary Office : London http://www.hmso.gov.uk/acts/acts1998/19980042.htm Department of Health (1999) Caldicott guardians Department of Health : London (Health service circular : HSC 1999/012

Freedom of Information Act 2000 Freedom of Information. Accessed on 23/11/2009 at www.dh.gov.uk/en/freedomofinformation/dh_4102350 Health and Social Care Act (2008) Department of Health. Accessed on 16/11/2009. Available at http://www.dh.gov.uk/en/publicationsandstatistics/legislation/actsandbills/he althand... NHS Modernisation Agency Essence of Care (2003) Patient focused benchmarks for clinical governance. Accessed on 16/11/2009 at http://intranet/home/homepage.htm Information Governance, Caldicott Data and Information Security ULHT Intranet Site. Accessed 16/11/2009 on intranet.. (http://intranet/applications/documents/) then go Search...Information Governance The UK Clinical Trial Regulations No. 1031, No. 2754, No. 2759, No. 1928, No. 2984, No. 941, No. 1164. Policy for Developing and Implementing Clinical Guidelines United Lincolnshire Hospitals Trust- Intranet website and Trial Master File Code of Good Research Conduct/Misconduct Policy United Lincolnshire Hospitals Trust- Intranet website and Trial Master File Confidentiality Code of Practice for the United Lincolnshire Hospitals Trust United Lincolnshire Hospitals Trust Intranet (http://intranet/applications/documents/) then go to Search..Confidentiality also available in Trial Master File Policy on Fraud, Corruption, Theft and other illegal acts United Lincolnshire Hospitals Trust Intranet (http://intranet/applications/documents/) then go Search..Fraud and misconduct. Guidance on Computer Misuse Act (1990) Information System Services Overview. Lancaster University. Accessed on 18/11/2009 at http://www.lancs.ac.uk/iss/rules/cmissue.htm.

UK CS : UK copy law : A summary. Copyright, Designs and Patents Act (1988). Accessed on 18/11/2009 at http://www.copyrightservice.co.uk/copyright/uk_law_summary Safeguarding Vulnerable Groups Act (2006) Safeguarding Vulnerable Groups Act 2006. Independent Safeguarding Authority Scheme consultation. Department of Health : Home Office. Procedure: 1. Privacy Privacy is covered in the UK Clinical Trial Regulations (2004) as having the right to.. and protection of... For the purpose of this SOP and all procedures involving subjects and/or any data which maybe classified as the following; this SOP applies as guidance for best practice. The Department of Health set out guidance though the NHS Modernisation Agency regarding patient focused bench marks for Privacy and Dignity. It is stated within this document that privacy should be interpreted as meaning being free from intrusion. They conclude that patients benefit from care that is focused upon respect for the individual. They focus on 7 factors as an agreed patient outcome for a gold standard in practice and what we should be adhering to ensure privacy is maintained and upheld with our patients. 1. Attitudes and behaviours Patients feel that they matter all of the time. 2. Personal world and personal Patients experience care in Identity an environment that actively encompasses individual values, beliefs and personal relationships. 3. Personal boundaries and space Patients personal space is actively promoted by all staff 4. Communicating with staff and Communication between Patient s staff and patients takes

place in a manner which respects their individuality 5. Privacy of patient Confidentiality Patient information is shared Of patient information to enable care, with their Consent 6. Privacy, dignity and modesty Patients care actively promotes their privacy and dignity, and protects their modesty. 7. Availability of an area for Patients and or carers can complete privacy access an area that safely provides privacy Privacy = Freedom from intrusion Dignity = Being worthy of respect Essence of Care. Patient focused benchmarks for Clinical Governance. (2003). NHS Modernisation Agency : Department of Health, London. 2. Data Protection Alongside the data protection act is the Caldicott Principles. Each Trust has a Caldicott guardian. The Caldicott guardian works hand in hand with the principles of the Data Protection Act 1998, which came into force on the 1 ST March 2000. The Caldicott guardian ensures six principles are upheld and maintained, covering information held in whatever format. These principles must be adhered to when collecting, transferring or working with any patient information. The six principles are : Justify the purpose of using confidential information Only use when absolutely necessary Not excessive, use minimum required. Access to patient identifiable information should be on a strict need-toknow basis Everyone with access to patient identifiable information should be aware of their responsibilities Understand and comply with the law. Sylvia Knight, Chief Nurse is the Caldicott Guardian for United Lincolnshire Hospitals NHS Trust.

Data Protection Act (1998) states that we must keep all personal/sensitive information/data confidential. If further goes on to state that we must never divulge more information than is required. Furthermore, patient information must only be given to authorised personnel, securely and in an appropriate manner. United Lincolnshire Hospitals NHS Trust has several Information Governance Officers and IT Security and Access Managers/employees to ensure data within the trust is maintained and upheld to these standards. Assistant Director of IT Nigel Gay Ext - 3959 Caldicott Guardian Sylvia Knight Trust HQ x 2831 Security and Access Services Manager Andrew Stocks Lincoln x 3312 Information Governance Officer Vacancy Lincoln x Data Quality Manager Sarah Harley Ext Pilgrim x 01205 445501 IT security and Access Officer Cassie Scullion Lincoln x3431 The main Data Protection points are : 1. Fairly and Lawfully processed 2. Processed for specified purpose 3. Adequate, relevant and not excessive 4. Accurate 5. Not kept longer than necessary 6. Processed in accordance with the data subjects rights 7. Secure 8. Not transferred to countries without adequate protection The rights that patients have under the Data Protection Act (1998) They have a right to know why you want to use their information and that you will use, store and dispose of it responsibly They have a right to see any data held and amend/delete/apply for compensation if any details are not correct, this is called subject access. The (MHRA) Medicine and Healthcare Products Regulation Agency state that the Data Protection Act 1998, Human Rights Act 1998 and the Freedom of Information Act are linked. Moreover they are interned to help maintain an

equal and just balance between the rights and interests of individuals. They further go on to comment that this is particularly apparent between the freedom of processing information, balanced between that of the rights and privacy, that must be maintained. As well as the above acts, the other relevant legislation that runs alongside these policies are : The Health and Social Care Act 2008. The Health and Social Care Act 2008 is split into 4 sections, two which are relevant for this document : Care Quality Commission Professional regulation These are overviewed and regulated within this piece of legislation, to ensure professional regulation and public health protection. 3. The Freedom of Information Act. The Freedom of Information Act (2000) was a response to a white paper Your Right to Know (1997). The Freedom of Information Act applies to a holistic and open approach when managing records. The act has two parts : - Under part 1 of the act, anyone may make a request for information to any authority within the public domain. They have to provide this request in writing, stating their name, address and describe the information that they require. If personal information is required, identity of the enquirer needs to be established in order to consider releasing information of a personal manner. The public authority then has a duty to confirm or deny. They must confirm or deny whether or not they hold this information, and if it does supply it, within 20 working days from the receipt of request. If the authorities are unable to find the information requested, then assistance can be obtained to locate the information requested. However, if the information can subsequently not be found, then the authorities have a duty to inform the enquirer and assistant them in making further applications. If the information is not stipulated what format they require, or what type of information they wish to see, the authority may supply the information to the requester in whatever reasonable means is acceptable. However, if a request is made which is not practical or possible, the authority has to explain why this information can-not be disseminated in this way. Part 2 of the act has 23 exemptions stating the rights to access information. Relating to laws such as data protection, law enforcement and national security. duty to confirm or deny. This statement briefly means whether or not it is in the public s interest in withholding information if the information outweighs the public interest in disclosing it. Certain exemptions have to be considered. There are Absolute exemptions and Qualified Exemptions. In

cases where a requested document contains some exempt information, only those specified exempt pieces of information can be withheld. All authorities need to inform the applicant, if a refusal of a request has been processed within 20 days from receipt of initial request. This decision must specify the exemption and state why it applies. If a decision regarding the release of information has not been clarified, the applicant must be informed of this process and given a completion date. An authority has the right to charge a fee, as per the sliding scale set. Applicant must be informed of this in writing prior to the decision. There is no obligation to supply the information until the fee is paid. If 3months lapses, and no fee the case has ended. Record Management In the act, it integrates existing rights to access public records. Covered under the Public Records Act of 1958 and 1967 with the new wider rights of access to information. Under the Freedom of Information Act (2000); all records become generally available unless specific exemptions can be applied. However, after 30 years, records become historical records and many of the freedom of Information Acts exemptions cease to apply; as to does the duty to confirm or deny rule. Please see Archiving Requirements SOP for more Information on this topic. 4. Responsibilities It is the responsibility of all individuals dealing with patients to ensure their privacy and data is maintained. Ensure it is safe, not used in any other context than its purpose and only held and transferred in methods approved by the trust. All information is to be stored on approved computers on the H drive or shared folders within the secure system set up within ULHT. Any personal information regarding patients and/or their details is to be sent by special delivery and tracked. Details not pertaining to individuals can be sent under recorded delivery.

If any breach of information of privacy is noted, please report to your line managers who will then decide whether to direct it higher. This will be based on the use of relevant SOPs and trust policies in place; dependant on the relevance and nature of the incident depends on the action. It is a responsibility of all to never share passwords and inform IT or the relevant department if you are unable to access a site or require updates. We must all be aware of the data protect policies and how it relates to us, our patients and the information we gather. Similarly, the trust s chief nurse; Sylvia Knight, is the Caldicott Guardian for the trust and the principles she upholds and protects are above. We must all familiarise ourselves with these for means of patient safety and to abide with the Health and Social Care Act 2008. All information can be sourced from either the trust intranet, local department policies, such as SOPs and the relevant personal that is in place within the trust. References: UKC CS UK Copyright law : A summary. The UK Copyright Service. Copyright, Designs and Patents Act 1988. Accessed on 18/11/2009 at http://www.copyrightservice.co.uk/copyright/uk_law_summary. Health and Social Care Act (2008) Health and Social Care Act. Department of Health. Accessed on 16/11/2009 at http://www.dh.gov.uk/en/publicationsandstatistics/legislation/actsandbills/hea lthand... NHS Modernisation Agency Essence of Care (2003) Patient focused benchmarks for clinical governance. Accessed on 16/11/2009 at

http://intranet/home/homepage.htm Information Governance, Caldicott Data and Information Security ULHT Intranet Site. Accessed 16/11/2009 on intranet.. (http://intranet/applications/documents/) then go Search...Information Governance Birmingham Women s NHS Foundation Trust. Caldicott. Accessed on 18/11/2009 at http://www.bwhct.nhs.uk/info-gov-home/info-gov-caldicott.htm Medicines and Healthcare Products Regulatory Agency (2006) Data Protection. Accessed on 16/11/2009 at http://www.mhra.gov.uk/aboutus/freedomofinformationanddataprotection/dat aprote... Freedom of Information Act (2000) Freedom of Information. Accessed on 23/11/2009 at http://www.dh.gov.uk/en/freedomofinformation/dh_4102350 This SOP will be reviewed every two years, a more updated revision of the SOP will be implemented if new local, national or international regulations change. This would therefore replace the existing document. All SOP s can be located on the Research and Development s shared file and a hard copy of all SOP s are kept in the Trial Master File

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback