Objectives
The objectives of this Confidentiality Policy is to lay down the principles that must be observed by all who work within Chase Lodge Hospital (CLH) and have access to person-identifiable information or other confidential information.
All staff need to be aware of their responsibilities for safeguarding confidentiality and preserving information security. All employees working in CLH (whether as an employee, associate or contractor) are bound by a legal duty of confidence to protect personal information they may come into contact with during the course of their work. This is not just a requirement of their contractual responsibilities but also a requirement within the common law duty of confidence and the Data Protection Act 2018.
Although CLH delivers private healthcare, information will, with patient consent, be shared with NHS colleagues. It is a requirement within the NHS Care Record Guarantee, to assure patients regarding the use of their information. It is for this reason that this policy sets out the requirements placed on all staff when sharing information with the NHS and non-NHS organisations.
Definitions
Person-identifiable information is anything that contains the means to identify a person, e.g. name, address, postcode, date of birth, NHS number, National Insurance number etc. Even a visual image (e.g. photograph) is sufficient to identify an individual. Any data or combination of data and other information, which can indirectly identify the person, will also fall into this definition.
Special categories of personal information (previously known as ‘sensitive’ personal data) as defined by the Data Protection Act 2018 refers to personal information about:
Confidential information within healthcare is commonly thought of as health information, including person-identifiable information; however, it can also include information that is private and not public knowledge or information that an individual would not expect to be shared. It can take many forms including patient level health information, employee records, occupational health records, etc. It also includes confidential business information. Information can relate to patients and staff (including temporary staff), however stored. Information may be held on paper, CD/DVD, USB sticks, computer file or printout, laptops, palmtops, mobile phones, digital cameras or even heard by word of mouth.
Roles and Responsibilities
Chief Executive Officer and Company Directors
The CEO and company directors are accountable for ensuring CLH policies comply with all legal, statutory and good practice guidance requirements and appropriate resources are accessible to enable staff to implement them.
The company director is also the Data Protection Officer and represents issues related to information governance at the Board.
Registered Manager / Caldicott Guardian
The RM is accountable for protecting the confidentiality of patient and service user information and enabling appropriate information sharing by providing advice to professionals and staff. They also take accountability for risk based decisions and reviews in regards to the use, disclosure or processing of confidential data in regard to the operating functions of CLH. They will work in collaboration with the DPO to ensure confidentiality issues comply with data protection law.
All Staff including Associates and Consultants with Practising Privileges
Confidentiality is an obligation for all staff.
Staff must complete their mandatory training as required.
Any breach, or potential breach of confidentiality must be reported via the incident reporting process and investigated appropriately.
Inappropriate use of health data, staff records or business sensitive/confidential information, or abuse of computer systems is a disciplinary offence, which could result in dismissal or termination of employment contract.
Consultants and Associate GPs
In addition to the above, Doctors must ensure their ICO certification (Information Commissioner’s Office) remains current and evidence is provided to the Executive PA.
Introduction
Everyone has a duty to maintain patient and business confidentiality at CLH in all interactions and at all times.
Principles of Confidentiality
All staff must ensure that the following principles are adhered to:-
know basis.
Sharing Information
Patient’s constantly share information with staff. Please refer to Appendix A for Confidentiality Do’s and Don’ts. Care must be taken to ensure that this information sharing is done in an appropriate environment for example:
Care must also be taken to ensure both recipient and sender’s details are accurate.
It is important to consider how much confidential information is needed before disclosing it and only the minimal amount necessary is disclosed. Information can be disclosed:
Person-identifiable information, wherever appropriate, in line with the data protection principles must be anonymised by removing as many identifiers as possible whilst not unduly compromising the utility of the data in line with the ICO’s Anonymisation Code of Practice.
Information may be shared:
Care must be taken in transferring information to ensure that the method used is as secure as it can be. Data sharing agreements provide a way to formalise arrangements between organisations.
When transferring patient information or other confidential information by email, services or methods that meet NHS Encryption standards must be used. Emails between NHS Mail accounts meet this requirement (nhs.net to nhs.net). Emails between NHS Mail and other secure government domains also meet this requirement (e.g. nhs.net to gsi.gov.uk).
It is not permitted to include confidential or sensitive information in the body of an email. When e-mailing to addresses other than the secure domains described above the information must be sent as an encrypted attachment with a strong password communicated through a different channel or agreed in advance.
When communicating via the secure domains, to protect against the risk of accidentally sending to an incorrect recipient, the data should be sent in a password protected attachment, again with the password communicated through a different channel or agreed in advance.
Sending information via email to patients is permissible, provided the risks of using unencrypted email have been explained to them, they have given their consent or the information is not person-identifiable or confidential information.
Environment
Access to rooms and offices where terminals are present or person-identifiable or confidential information is stored must be controlled. Doors must be locked with keys, keypads or accessed by swipe card. In mixed office environments measures should be in place to prevent oversight of person-identifiable information by unauthorised parties. All staff should clear their desks at the end of each day. In particular they must keep all records containing person-identifiable or confidential information in recognised filing and storage places that are locked. Unwanted printouts containing person-identifiable or confidential information must be put into a confidential waste bin. Discs, tapes, printouts and fax messages must not be left lying around but be filed and locked away when not in use.
Breaches of Confidentiality
CLH Contract of Employment and Practicing Privileges include a commitment to confidentiality. Appendix B identifies a summary of Legal and NHS Mandated Frameworks.
All breaches or potential breaches of confidentiality must be reported as an incident and the Registered Manager must be made aware without delay.
Breaches of confidentiality could be regarded as gross misconduct and may result in serious disciplinary action up to and including dismissal.
Working Away from CLH Environment
There will be times when staff may need to work from another location or whilst travelling. This means that these staff may need to carry confidential information with them on, for example a laptop, USB stick or paper documents; removing paper documents that contain person-identifiable or confidential information from CLH premises is discouraged.
To ensure safety of confidential information staff must keep them on their person at all times whilst travelling and ensure that they are kept in a secure place if they take them home or to another location. Confidential information must be safeguarded at all times and kept in lockable locations.
Staff must minimise the amount of person-identifiable information that is taken away from CLH premises. If staff need to carry person-identifiable or confidential information they must ensure the following:
If staff need to take person-identifiable or confidential information home they have personal responsibility to ensure the information is kept secure and confidential. This means that other members of their family and/or their friends/colleagues must not be able to see the content or have any access to the information. It is particularly important that confidential information in any form is not left unattended at any time, for example in a car. Staff must NOT forward any person-identifiable or confidential information via email to their home e-mail account. Staff must not use or store person-identifiable or confidential information on a privately-owned computer or device.
Carelessness
All staff have a legal duty of confidence to keep person-identifiable or confidential information private and not to divulge information accidentally. Staff may be held personally liable for a breach of confidence and must not:
Steps must be taken to ensure physical safety and security of person-identifiable or business confidential information held in paper format and on computers. Passwords must be kept secure and must not be disclosed to unauthorised persons. Staff must not use someone else’s password to gain access to information. Action of this kind will be viewed as a serious breach of confidentiality. If you allow another person to use your password to access the network, this could constitute an offence under the Computer Misuse Act 1990.
Abuse of Privilege
It is strictly forbidden for employees to knowingly browse, search for or look at any personal or confidential information about themselves without a legitimate purpose, unless through established self-service mechanisms where such access is permitted. Under no circumstances should employees access records about their own family, friends or other persons without a legitimate purpose. Action of this kind will be viewed as a breach of confidentiality and of the Data Protection Act 2018. When dealing with person-identifiable or confidential information of any nature, staff must be aware of their personal responsibility, contractual obligations and undertake to abide by policies
Evaluation
Good practice requires that all organisations that handle person-identifiable or confidential information put in place processes to highlight actual or potential confidentiality breaches in their systems, and also procedures to evaluate the effectiveness of controls within these systems.
Review
This policy will be reviewed 3 yearly or sooner if there is a change in legislation.
References
NHS England (2018) Confidentiality Policy https://www.england.nhs.uk/wp-content/uploads/2016/12/confidentiality-policy-v4.pdf (Last accessed 01.10.19)
Appendix A: Confidentiality Dos and Don’ts
Do
Don’t
Appendix B: Summary of Legal and NHS Mandated Frameworks
The Data Protection Act (2018) regulates the use of “personal data” and sets out eight principles to ensure that personal data is:
1. Processed lawfully, fairly and in a transparent manner in relation to individuals.
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
4. Accurate and where necessary kept up to date.
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
7. The Caldicott Report (1997) and subsequent Caldicott or National Data Guardian reviews) recommended that a series of principles be applied when considering whether confidential patient-identifiable information should be shared:
Justify the purpose for using patient-identifiable information.
The duty to share information can be as important as the duty to protect patient confidentiality.
Article 8 of the Human Rights Act (1998) refers to an individual’s “right to respect for their private and family life, for their home and for their correspondence”. This means that public authorities should take care that their actions do not interfere with these aspects of an individual’s life.
Click here for an online link to the Human Rights Act 1998
The Computer Misuse Act (1990) makes it illegal to access data or computer programs without authorisation and establishes three offences:
1. Unauthorised access data or programs held on computer e.g. to view test results on a patient whose care you are not directly involved in or to obtain or view information about friends and relatives.
2. Unauthorised access with the intent to commit or facilitate further offences e.g. to commit fraud or blackmail.
3. Unauthorised acts the intent to impair, or with recklessness so as to impair, the operation of a computer e.g. to modify data or programs held on computer without authorisation.
The NHS Confidentiality Code of Practice (2003) outlines four main requirements that must be met in order to provide patients with a confidential service:
Common Law Duty of Confidentiality
Information given in confidence must not be disclosed without consent unless there is a justifiable reason e.g. a requirement of law or there is an overriding public interest to do so.
Administrative Law
Administrative law governs the actions of public authorities. According to well established rules a public authority must possess the power to carry out what it intends to do. If not, its action is “ultra vires”, i.e. beyond its lawful powers.
The NHS Care Record Guarantee
The Care Record Guarantee sets out twelve high-level commitments for protecting and safeguarding patient information, particularly in regard to: patients’ rights to access their information, how information will be shared both within and outside of the NHS and how decisions on sharing information will be made. The most relevant are:
• You ask us to do so.
• We ask and you give us specific permission.
• We have to do this by law.
• We have special permission for health or research purposes; or
• We have special permission because the public good is thought to be of greater importance than your confidentiality, and
• If we share information without your permission, we will make sure that we keep to the Data Protection Act, the NHS Confidentiality Code of Practice and other national guidelines on best practice.