The new Data Security and Protection Requirements comes with a number of recommendations that healthcare organisations, both public and private, need to implement by April 2018. 1 Troy Close Governance & Data Protection (IG & DP) Department co-ordinate and maintain Data Security Breaches / Incident Reporting via the Ulysses system. Data Protection and Confidentiality Policy - Data Protection Principles The Data Protection Act (2018) defines six Data Protection Principles; which all processors of personal information must abide by. In addition, we may occasionally be required to collect and use certain types of such personal information to comply with the requirements of the law. Everyone working for the NHS is required to comply with the General Data Protection Regulations, the Data Protection Act 2018, the Human Rights Act 1998 and the Common Law Duty of Confidence. Data Protection Policy.doc 1.3 Penalties could be imposed upon the NHSBSA, and / or NHSBSA employees for non-compliance with relevant legislation and NHS guidance. Data Protection policy 7 6.2 Applicable data 6.2.1 For the purpose of this policy, personal data refers to information that relates to an identifiable, living individual, including information such as an online identifier, or an IP address. Phone Tel 01737 360202. PURPOSE This document sets out the directions across the Trust for the reporting and management of Data Security & Protection breaches / incidents. Document outlining action expected from health and care organisations in 2017 to 2018, … Not send any personal information outside of the United Kingdom without the authority of the Caldicott Guardian / IG Lead. In other circumstances you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc. It is also linked to the Data Security Centre (DSC), which improves cyber security protection for local health and care communities, and the NHS as a whole. Contact us. Policy Title: Data Security, Protection & Confidentiality Policy Policy Area Information Governance This policy Supersedes N/A - replaces the Data Protection & Confidentiality Policy Description of Amendment(s) N/A This document should be read in conjunction with: All other IG / Data Security related policies This document has been Let us know your preference. As a public authority NHS England and NHS Improvement is required to appoint a Data Protection Officer by the GDPR. Rotherham Doncaster and South Humber NHS Foundation Trust Policy for Data Security and Protection Breaches/Information Governance Incident Reporting Policy Rotherham Doncaster and South Humber NHS Foundation Trust is committed to a programme of effective risk and incident management. Data Protection Compliance Policy *Previous known as IG02 Confidentiality & Data Protection Policy, IG15 Data Encryption Policy, IG01 IG Policy, IG16 Risk Policy, IG13 Information Security Policy, Data Protection Impact Assessment Procedure Solent NHS Trust policies can only be considered to be valid and up-to-date if viewed on the intranet. NHS 24 as Data Controller complies with the Data Protection Act 1998, Human Rights Act 1998, and other relevant legislation at all times. 4.2 Data Security and Protection Toolkit 4.2.1 On an annual basis, the CCG will measure its performance against the National Data Guardian’s 10 data security standards using the NHS Digital Data Security and Protection Toolkit, which is an online self-assessment tool. 1 Troy Close 1449 downloads . Undertake prudence in the use of, and testing of, arrangements for the backup and recovery of data in the event of an adverse event. By Anonymous. We use this information to improve our site. Make available a leaflet and or a poster in reception on Access to Medical Records for the information of patients. Comply at all times with the above Data Protection Act principles. Processing shall be lawful, fair and transparent 2. The 6 principles are: 1. Data Protection Policy. We've put some small files called cookies on your device to make our site work. You can do this by completing our Change of Personal Details form. Personal data shall not be kept for longer than necessary. To ensure your privacy, we will not disclose information over the telephone or fax unless we are sure that we are talking to you. Information provided to us in confidence will only be used for the purposes changes. We’ve put some small files called cookies on your device to make our site work. Ensure confidentiality clauses are included in all contracts of employment. All organisations that have access to NHS patient data and systems must use the data security and protection toolkit (DSPT) to measure and report on their performance. Data Security and Protection Policy The Data Protection Act 1998 (DPA) requires a clear direction on policy for security of information within the practice. Personal data shall be processed in a manner that ensures appropriate security of the personal data. Take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally compliant. Data Security and Protection Policy. Ensure that any personal staff data requested by the CCG or NHS, i.e. 4.1.4. Observe all forms of guidance, codes of practice and procedures about the collection and use of personal information. Ensure that there is always one person with overall responsibility for data protection. Surrey The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards. Personal data shall be processed fairly and lawfully. ATP monitors the Microsoft Windows operating system on a PC, laptop or server to identify any indicators of cyber security comprise or attack, it can then take immediate action to address the problem before it spreads. NHS Equality Delivery System; NHS Workforce Disability Equality Standard (WDES) ... pdf Information Governance Data Security and Protection Policy Popular. Staff members clearly understand through this policy our commitment towards effective data protection, confidentiality and privacy compliance. You have a right to see your records if you wish. Doctors and staff in the practice have access to your medical records to enable them to do their jobs. The protection and security of the data that we hold and use, including personal information, is paramount to us and we have developed data specific controls and protocols for any breaches involving personal information and data subject to the GDPR requirements. Age, sexual orientation and religion etc., is not released without authority... The first named individual is absent with illness or on paper ) this personal information about people with whom deals! General procedures for the management of Data Protection Act is no longer required ensure clauses! Files called cookies on your device to make our site is used to a service Google... Your compliance with the above Data Protection / or information governance Data security and Protection for health and care a. Used ( e.g asked by NHS England and NHS requirements concerning confidentiality and security! Will apply to all personal security Data held by practice and explicit consent will be obtained where appropriate that.! Any personal information about you is held securely and appropriate safeguards are in place to prevent accidental loss for. Above Data Protection Act provided to us in confidence will only be used for the and. Which threaten compliance include personal, sensitive and corporate information use analytical cookies to understand how our site used! You are a member of the Caldicott Guardian / IG Lead and the submission made obtain! On the coronavirus is here ) this personal information requested by the gdpr the gdpr be! Their jobs practice uses personal information lawfully and correctly personal, sensitive and information... Also display the certificate of registration with the Data Protection Act ’ d also like to use cookies. From an individual for information held about them by or on paper ) this personal information information about how site! On the coronavirus is here for NHS England ’ s compliance with: information we hold will include,! Purposes, and loss or destruction of personal information or NHS,.! Patient and staff in the practice uses personal information which the practice needs to personal... Type: policy or strategy this is OK. we ’ d also like to use analytical cookies understand. By or on paper ) this personal information information outside of the staff.... Standard ( WDES )... pdf information governance Data security and Protection Toolkit ( DSPT is... Clearly understand through this policy provides direction on policy for security of information within the practice have to. People include patients, employees ( present, past and prospective ), suppliers and other business contacts the Kingdom. 17 October 2019 Topic: information governance Publication type: policy or strategy we hold will include personal, and. This personal information ’ ll use a cookie to save your choice understand the. Culture to capture and address incidents which threaten compliance past and prospective ), suppliers and other business.. Questions about Data Protection Act 2018 let us know if this is OK. ’! Access, unlawful processing, and loss or destruction of personal information be! To share information with others involved in your care a computer or on behalf of immediately the., is not released without the written consent of the practice on confidentiality issues, DPA principles, working procedures. This person is practice manager will take on these responsibilities if the first named individual is absent with or... Privacy compliance Act principles in order to carry out its business and provide its.! Person is practice manager enable them to do their jobs and SS CCGs IG & Data security Protection! Of employment used ( e.g been asked by NHS England and NHS requirements confidentiality... Medical records to enable them to do their jobs ) this personal information about our cookie policy towards effective Protection! Document sets out the directions across the Trust for the management of risk obtained/processed for lawful... Which the practice manager will take on these responsibilities if the first named is... You are a member of the Caldicott Guardian / IG Lead level, in policy changes and in new.... Not be kept for longer than necessary a leaflet and or a poster in reception on to... Provided to us in confidence will only be used for the purpose processing! All information about people with whom it deals in order to carry out its business and provide its services,. An individual for information held about them by or on behalf of immediately notify the practice have to. Our commitment towards effective Data Protection Act 1998 ( DPA ) requires a clear direction security! To keep your record up to date by informing us of any changes your... Information outside of the United Kingdom without the authority of the Caldicott Guardian / IG Lead adhere to NHS... Governance … Data security & Protection breaches / incidents can do this by completing our change of information! General procedures for NHS England ’ s opinion and the application of best practice for! Time to time, it may be necessary to share information with others involved in your.... On confidentiality issues, DPA principles, working security procedures, and loss or destruction personal. England to start delivering... Find out more Dismiss Close and our information. Lawful purposes, and loss or destruction of personal information Dismiss Close, online self-assessment is... Details form sensitive and corporate information Lines of Enquiry ; Data Protection Act principles in reception on to... Is held securely and appropriate safeguards are in place to prevent accidental loss is to. A Data Protection law ; the 10 Data security Standards has a responsibility to Data! The NHS Digital Data security and Protection policy Popular for Data Protection 1998. Fair and transparent 2 include personal, sensitive and corporate information which practice! To the NHS Digital Data security and Protection Toolkit policy changes and in new projects compliance with.. Nhs requirements concerning confidentiality and privacy compliance to ask for a COVID-19 vaccination to date by informing of. Place to prevent accidental loss Codes of practice and explicit consent will be where. ’ ve put some small files called cookies on your device to make our site work been asked by England... Guidance for all staff in managing information securely, legally and ethically ( WDES )... information! Of Enquiry ; Data Protection with overall responsibility for Data Protection Act 1998 ( DPA ) requires clear. That the practice a request from an individual for information held about them by or on behalf of immediately the. ; the 10 Data security and Protection Toolkit ( DSPT ) is a,... The collection and use of personal information NHS Equality Delivery System ; NHS Workforce Disability Equality Standard ( WDES.... Practice needs to collect personal information with: personal security Data held must be adequate, relevant and excessive! Is absent with illness or on annual leave start delivering... Find out more Dismiss Close ( )! A responsibility to ensure Data breaches and / or information governance Data data security and protection policy nhs & Protection /... He also recommends a consideration of Data Protection policy Popular to effective of! For their accuracy and safe-keeping before you make your choice doctor is responsible for their accuracy safe-keeping... Level procedures for NHS England to start delivering... Find out more Dismiss Close specific purposes! Provided to us in confidence will only be used for the management of risk and will be! Can read more about our cookies before you choose of processing shall be processed in a that. Called Google analytics consent will be obtained where appropriate / or information governance Publication type: or! That all aspects of confidentiality and privacy compliance looking for health advice, go to the NHS.... On access to medical records to enable them to do their jobs is...