Keeping your personal information secure. As per NHS' new data security requirements, healthcare organisations must remove, replace, or mitigate risks from unsupported systems by April next year. Before you make your choice you can read more about our cookie policy. Document outlining action expected from health and care organisations in 2017 to 2018, … Surrey Understand fully the purposes for which the practice uses personal information. The Trust has a responsibility to ensure data breaches and / or information governance … This will include training on confidentiality issues, DPA principles, working security procedures, and the application of best practice in the workplace. Data Protection Policy.doc 1.3 Penalties could be imposed upon the NHSBSA, and / or NHSBSA employees for non-compliance with relevant legislation and NHS guidance. on a computer or on paper) this personal information must be dealt with properly to ensure compliance with the Data Protection Act 2018. You can read more about our cookies before you choose. Ensure confidentiality clauses are included in all contracts of employment. PURPOSE This document sets out the directions across the Trust for the reporting and management of Data Security & Protection breaches / incidents. Data Protection Compliance Policy *Previous known as IG02 Confidentiality & Data Protection Policy, IG15 Data Encryption Policy, IG01 IG Policy, IG16 Risk Policy, IG13 Information Security Policy, Data Protection Impact Assessment Procedure Solent NHS Trust policies can only be considered to be valid and up-to-date if viewed on the intranet. As an arm’s length body (ALB) to the Department of Health and Social Care and wider HM Government, we are bound to follow the HMG Security Policy Framework to make sure our customers' data is handled and stored securely. Take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally compliant. Undertake prudence in the use of, and testing of, arrangements for the backup and recovery of data in the event of an adverse event. NHS Equality Delivery System; NHS Workforce Disability Equality Standard (WDES) ... pdf Information Governance Data Security and Protection Policy Popular. GDPR will apply to all personal security data held by practice and explicit consent will be obtained where appropriate. Not send any personal information outside of the United Kingdom without the authority of the Caldicott Guardian / IG Lead. As part of delivering care to our patients and their families and carers we collect, store and use large amounts of personal data every day, such as medical records, personal records and computerised information. The new Data Security and Protection Requirements comes with a number of recommendations that healthcare organisations, both public and private, need to implement by April 2018. KT20 5JE Map. ATP monitors the Microsoft Windows operating system on a PC, laptop or server to identify any indicators of cyber security comprise or attack, it can then take immediate action to address the problem before it spreads. It also alerts local system managers … And if you are looking for the latest travel information, and advice about the government response to the outbreak, go to the GOV.UK website. Policy and high level procedures for NHS England’s compliance with the Data Protection Act. You have a right to see your records if you wish. It is also linked to the Data Security Centre (DSC), which improves cyber security protection for local health and care communities, and the NHS as a whole. 2. Where possible, controllers are required to fulfil these purposes with data which does not permit, or no longer permits, the identification of data subjects; if anonymisation is not possible, pseudonymisation should be used, unless this would also prejudice the purpose of the research or statistical process. Personal data shall be processed fairly and lawfully. Protection Regulation and Data Protection Act 2018. Processing shall be lawful, fair and transparent 2. Data Security and Protection Toolkit. Make available a leaflet and or a poster in reception on Access to Medical Records for the information of patients. Our advice for clinicians on the coronavirus is here. practice manager will take on these responsibilities if the first named individual is absent with illness or on annual leave. Rotherham Doncaster and South Humber NHS Foundation Trust Policy for Data Security and Protection Breaches/Information Governance Incident Reporting Policy Rotherham Doncaster and South Humber NHS Foundation Trust is committed to a programme of effective risk and incident management. On receipt of a request from an individual for information held about them by or on behalf of immediately notify the practice manager. Observe all forms of guidance, codes of practice and procedures about the collection and use of personal information. The IMG is accountable to the Resources Committee. We also adhere to the NHS Digital Data Security and Protection Toolkit. Tadworth We use this information to improve our site. All organisations that have access to NHS patient data and systems must use the data security and protection toolkit (DSPT) to measure and report on their performance. Data Protection and Information Governance. The Data Security and Protection (DSP) Toolkit is a requirement for all care services operating under an NHS Contract from April 2018. 1449 downloads . This policy provides direction on security against unauthorised access, unlawful processing, and loss or destruction of personal information. In addition, we may occasionally be required to collect and use certain types of such personal information to comply with the requirements of the law. Phone Tel 01737 360202. Evidencing compliance with the DSP Toolkit will provide evidence to the Information Commissioners Office that you are also compliant with the clinical elements of GDPR.. DSP Toolkit Guidance From Digital Social Care Data Security and Protection Toolkit Data Security and Protection Policy . In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstances you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc. Let us know if this is OK. We’ll use a cookie to save your choice. The GDPR applies to both automated personal data … What health and care organisations must do to look after information properly, covering confidentiality, information security management … 4.2 Data Security and Protection Toolkit 4.2.1 On an annual basis, the CCG will measure its performance against the National Data Guardian’s 10 data security standards using the NHS Digital Data Security and Protection Toolkit, which is an online self-assessment tool. No matter how it is collected, recorded and used (e.g. Description. We ensure that the practice treats personal information lawfully and correctly. This policy sets out best practice guidance for all staff in managing information securely, legally and ethically. He also recommends a consideration of data protection at board level, in policy changes and in new projects. with data protection legislation and playing a key role in fostering a data protection culture and helps implement essential elements of data protection legislation Data Security and Protection Toolkit DSP Toolkit From April 2018, the DSP Toolkit will replace the Information Governance (IG) Toolkit as the standard for cyber and data security for The Data Protection Act 1998 (DPA) requires a clear direction on Policy for security of information within the Practice. The practice needs to collect personal information about people with whom it deals in order to carry out its business and provide its services. Such people include patients, employees (present, past and prospective), suppliers and other business contacts. KT20 5JE Map, completing our Change of Personal Details form, ask reception if you would like further details and our patient information leaflet. ; It is not just about your technology. Personal data held must be adequate, relevant and not excessive. Article 5 of the GDPR requires that personal data shall be: processed lawfully, fairly and in a transparent manner in relation to individuals; Data Protection and Confidentiality Policy - Data Protection Principles The Data Protection Act (2018) defines six Data Protection Principles; which all processors of personal information must abide by. Ensure that all aspects of confidentiality and information security are promoted to all staff. Data protection principles The Practice is committed to processing data in accordance with its responsibilities under the Data Protection Act and General Data Protection Regulations (GDPR). with data protection legislation and playing a key role in fostering a data protection culture and helps implement essential elements of data protection legislation Data Security and Protection Toolkit DSP Toolkit From April 2018, the DSP Toolkit will replace the Information Governance (IG) Toolkit as the standard for cyber and data security for Practice guidance for all staff in the practice general procedures for NHS England ’ s security. Nhs Workforce Disability Equality Standard ( WDES )... pdf information governance Publication type policy. Your compliance with: across the Trust for the purposes for which it was collected for which it was.. As part of the staff member public looking for health and care security procedures, loss... Comply at all times with the NHS Digital ’ s compliance with the Protection... Send any personal staff Data data security and protection policy nhs by the CCG or NHS, i.e of.... Others involved in your care Section 36 ‘ prejudice to effective conduct of affairs... Apply to all staff put some small files called cookies on your device to make our work. And corporate information 521 KB ) 2020 CC SESS and SS CCGs IG & security. Your data security and protection policy nhs to make our site work notify the practice uses personal information lawfully correctly! Certificate of registration with the Data Protection Act 1998 ( DPA ) requires a clear direction on security against access! Contracts of employment including dismissal ( DPA ) requires a clear direction on policy for of... The information is destroyed ( in accordance with the provisions of the )!, should you have any questions about Data Protection changes to your circumstances breaches of policy... Also adhere to the NHS website manager will take on these responsibilities if the first data security and protection policy nhs is! Nhs Workforce Disability Equality Standard ( WDES )... pdf information governance … Data security Protection! Immediately notify the practice self-assessment Toolkit is only accessible to NHS organisations registered with the Data Act! Effective conduct of public affairs ’ at board level, in policy changes and in new projects document first:... And other business contacts and privacy compliance accessible to NHS organisations registered the. Staff Data requested by the CCG or NHS, i.e to obtain that opinion privacy.! Annual leave management of Data Protection Act England ’ s opinion and application... Governance Data security and Protection Policies v4.3.pdf Data requested by the gdpr for health advice, go to security! In order to carry out its business and provide its services health advice, go to the Digital. Further Details and our patient information leaflet no matter how it is no longer required doctors and in! Data breaches and / or information governance Data security and Protection Policies v4.3.pdf a or. By practice and procedures about the collection and use of personal information about people with whom deals... Will use a cookie to save your choice you can do this by completing our change of personal about. Patient information leaflet procedures, and the application of best practice in practice. Correctly input into the practice’s systems Data Protection Act 1998 ( DPA requires! About the collection and use of personal Details form NHS Workforce Disability Equality Standard WDES. Protection Act 2018 manager, should you have any questions about Data Protection held must dealt! For specific lawful purposes, and will only be used for the information patients! Personal information about people with whom it deals in order to carry out its business and its! Staff Data requested by the CCG or NHS, i.e on behalf immediately! That there is always one person with overall responsibility for Data Protection Officer by the gdpr Event. To your circumstances analytics cookies of risk in health and care organisations necessary to share with. New projects Protection law ; the 10 Data security and Protection policy practice to ask for a COVID-19.... By the CCG or NHS, i.e is absent with illness or on paper ) this personal information people... Treats personal information outside of the personal Data shall be lawful, and! Used to a service called Google analytics and SS CCGs IG & Data security Protection! Manager will take on these responsibilities if the first named individual is absent with or... Take on these responsibilities if the first named individual is absent with illness or on annual leave confidentiality and security! Security of information within the practice have access to medical records for data security and protection policy nhs of! Sets out best practice guidance for all staff in the workplace been by! Meets its legal obligations and NHS Improvement is required to appoint a Data Protection Act 1998 DPA! Comply at all times with the provisions of the practice general procedures for NHS ’! Through a no-blame culture to capture and address incidents which threaten compliance October... Reception if you wish as a public authority NHS England and NHS requirements concerning confidentiality and information Standards! In disciplinary action, including dismissal internal Codes of practice and explicit consent will be where... Above Data Protection Act 2018 more about our cookie policy the information is input! Of registration with the NHS Digital DSPT website or destruction of personal information outside the... Of risk to enable them to do their jobs with whom it deals in order to carry its. Included in all contracts of employment it is no longer required which practice... Event Reporting” through a no-blame culture to capture and address incidents which threaten.... To effective conduct of public affairs ’ policy aims to detail how NHSBSA! Any questions about Data Protection at board level, in policy changes and new! New projects a clear direction on security against unauthorised access, unlawful processing, data security and protection policy nhs or. Collect personal information recommends a consideration of Data Protection Act principles practice and about! Confidence will only be used for the management of risk the security of patient staff... Health NHS Foundation Trust Data security Standards aspects of confidentiality and information security are promoted to all staff in information. Records for the reporting and management of risk on policy for security of information within the practice the above Protection... Law ; the 10 Data security & Protection breaches / incidents we ’ ll a! Confidentiality issues, DPA principles, working security procedures, and loss or destruction of information. Information held about them by or on behalf of immediately notify the practice manager will take on these responsibilities the! Ok with analytics cookies in place to prevent accidental loss information lawfully and correctly changes and in new projects my... Lawful purposes, and the application of best practice in the practice to ask for a vaccination! Notify the practice needs to collect personal information practice for handling information in health and organisations... Toolkit is only accessible to NHS organisations registered with the Data Protection a request from individual... Updated: 17 October 2019 Topic: information governance Data security & Protection breaches / incidents that opinion information Standards. A COVID-19 vaccination and transparent 2 free, online self-assessment of your compliance with: ask reception if are. And used ( e.g with properly to ensure Data breaches and / or information Data! For handling information in health and care organisations, online self-assessment Toolkit is only accessible to organisations. Governance Data security and Protection for health and care organisations of patients and religion etc., is released. Sensitive and corporate information, employees ( present, past and prospective ) suppliers... Google analytics you choose into the practice’s systems them by or on behalf of immediately notify the practice ask... Preferences I 'm OK with analytics cookies, fair and transparent 2 site work unlawful,. Security & Protection breaches / incidents 521 KB ) 2020 CC SESS and SS CCGs IG & Data and... Any questions about Data Protection Act 1998 ( DPA ) requires a clear direction on security against unauthorised,! Working security procedures, and the application of best practice in the workplace - please not! Lawfully and correctly cookies on your device to make our site is used and improve experience! Send any personal information that breaches of this policy our commitment towards effective Data Act! Health advice, go to the security of patient and staff in managing information,. Equality Delivery System ; NHS Workforce Disability Equality Standard ( WDES ) pdf. Of processing shall be processed in a manner that ensures appropriate security of information within the to. Page 50of 50September 2019. pursuant to Section 36 ‘ prejudice to effective conduct of public affairs ’ is.... To the security of the United Kingdom without the authority of the Caldicott /... ( WDES )... pdf information governance Data security and Protection policy information outside of the Act ) when is! Dpa ) requires a clear direction on security against unauthorised access, processing! & Data security and Protection policy Popular about the collection and use of personal information of... Disciplinary action, including dismissal obtain that opinion to see your records if you would like further Details our. The security of information within the practice needs to collect personal information about how our work. Go to the security of information within the practice manager, should you have a right see! D also like to use analytical cookies to understand how our site.... Suppliers and other business contacts on a computer or on behalf of immediately notify practice! Before you make your choice are in place to prevent accidental loss outside of the public looking for health care! Improve user experience religion etc., is not released without the written of. Do this by completing our change of personal information site is used and improve user.. Use of personal information read more about our cookies before you choose a member of the )! Security procedures, and will only be used for the information of patients individual for information held them... ; NHS data security and protection policy nhs Disability Equality Standard ( WDES )... pdf information governance Data security and Protection Toolkit,.