Confidentiality Policy

1. Policy overview

The reasons for the Policy:

• all information held at the Practice about patients is confidential, whether held electronically or in hard copy.
• other information about the Practice (for example its financial matters) is confidential
• staff will by necessity have access to such confidential information from time to time.

The practice regards the confidentiality of patient and staff information as prime importance.   As part of staff induction, all staff are trained to ensure that Patient information remains within the confines of the Practice premises.  It is important that staff should sign a confidentiality undertaking to ensure the security of patient, practice and personnel information, verbal, written or electronic is protected.

2. Applicability

The policy applies to all employees and Partners, and also applies to other people who work at the Practice e.g. locum GP's, non-employed nursing staff, temporary staff and contractors.

The work of the practice includes access to personal, written and computerised patient information, and at all times this should be treated as confidential and protected from unauthorised disclosure.  It is an express condition of employment that no employee may divulge to a person outside of the Practice such information or/and the outward transmission of any such information or data.

3. Procedure

The terms of the Policy:

• all back-up information, graphics, data, statistics, reports, etc, prepared for or obtained as a result of such work and activity is totally confidential to the Practice and must only be used for it's purpose
• no such information (including Medical Records) may be removed from the Practice premises (other than in the ordinary course of business) without the prior written ( and express) authority of the Practice Manager
• staff must not under any circumstances disclose patient information to anyone outside the Practice, except to other health professionals on a need to know basis, or where the patient has provided written consent
• staff must not under any circumstances disclose other confidential information about the Practice to anyone outside the Practice unless with the express consent of the Practice Manager/Senior Partner
• staff should limit any disclosure about confidential information only to those who need to know within the Practice
• computer and other systems
  • staff must take particular care that confidential information is not transmitted in error by email or over the internet
  • electronic transfer of any confidential information, once approved by the Practice Manager/Senior Partner, must be transmitted via the NHS net
  • employees may only operate within the areas of their specific duties and the security access of that individual must only be used.  Security access used by another employee's access code is strictly forbidden
  • access to a computer system is reserved authorised personnel only
  • in no instance should any computer owned or leased by the Practice be used for any purpose other that the legitimate work of the Practice
• staff must be aware of and conform to the requirements of the Caldicott recommendations
• staff who suspect a breach of confidentiality must inform the Practice Manager/Senior Partner immediately
• any breach of confidentiality will be considered as a serious disciplinary offence and may lead to instant termination of employment.  Accidential breach will also be regarded as a breach of Practice rules and may be subject to disciplinary action
• staff remain bound by the requirement to keep information and confidential even if they are no longer employed at the Practice

Records Management

Records Management will be the responsibility of the Lead GP, delegated to the Practice Manager.Records containing personal or patient identifiable information will be managed in accordance with the principles of the Data Protection Act.  The Practice has a file structure of filing both patient and non patient information.   Paper patient records are filed alphabetically and stored in an appropriate way.  Paper Non patient and business information is stored in either the Practice Manager’s office or in the Practice archive. 

The documents held in the Practice Manager’s office are current documents needed regularly by the Practice Manager or reference information.  The Practice Manager will keep an up to date contents list showing what is in the filing cabinets and where they are stored.  All documents placed in the archive are no longer current, but need to be retained for a period of time.  These documents must be placed in files, in clearly labelled boxes and with destruction dates written on the file and the box where appropriate.  These dates will be in line with the Practice document retention schedule.

Patient electronic records are stored in the Practice clinical system and must be kept tidy.  This involves effective read coding for ease of searching and ensuring that sections such as the problem lists are kept to a minimum.  This is done by checking the list or consultation notes before entering a first instance of a problem.

Non patient electronic records are stored either on the Practice shared drive, or for sensitive business / personnel records on the hard drive of the Practice Managers computer.  The latter is regularly backed up onto a flash drive.

Retention and Destruction of Records

The Practice has a document retention schedule that has been drawn up in line with current NHS Guidelines (Department of Health (Whitehall) guidance, WHC (2000) 71 and HSC/217 1999 and WHC (99) 7.

Both paper and electronic records should be regularly reviewed and obsolete or out of date records should be destroyed in a secure fashion (confidential shredding or permanent deletion from the computer files)

Outcome

• Understanding of the process for information storage and management

Conclusion

Effective storage and management of paper and electronic records is important to ensure that information is easy to locate and access.  Record location lists need to be kept up to date also.  In addition to ensuring information is easily accessible, regular management of information stores helps to ensure they do not become cluttered with information that is no longer relevant.