Confidentiality

 Home -> Company -> Confidentiality

 

QMS adheres to the Department of Health Confidentiality NHS Code of Practice (November 2003)

We will adhere to The Caldicott Principles, as detailed in the above, namely the principles of data collection are:

  • Justify the purpose
  • Don't use the patient identifiable information unless it is absolutely necessary
  • Use the minimum necessary patient identifiable information
  • Access to patient identifiable information should be on a strict need to know basis
  • Everyone should be aware of their responsibilities
  • Understand and comply with the law

QMS Staff will occasionally be in contact with confidential and sensitive information including individual's health care records. All confidential data needs to be handled according to any applicable legal requirements and according to this policy.

Please note the following key points

  • No data must be removed from GP practices. Where data is removed from the practice with the practice's permission it must be protected with a strong password. Confidential data should not normally be removed from QMS premises. If necessary to store confidential information on a laptop it must be encrypted as well as protected with a strong password
  • Confidential information must never be disclosed to any third party without explicit authorisation
  • No confidential data must be ever be sent by unencrypted email or post
  • When extracting data for PCT use, QMS adheres to the ' PCT data collection agreement'. PCTs are expected to have their own agreements in place with practices.
  • When contracted directly to work with practices, QMS adheres to the ' Confidentiality Statement between QMS and named general practice. Practices and QMS will sign this agreement prior to commencing work.
  • QMS employees will be trained in confidentiality and are obliged to comply with this policy
  • When viewing patient identifiable data, QMS staff should be supervised on site by a member of the practice staff.
  • When QMS have access to sensitive, or patient identifiable data, we will not add, amend or delete any data
  • QMS staff should have their own log-in and password if accessing patient data, to allow tracking of actions in the computer audit trail
  • If we receive confidential data in error we will notify the person who sent the data immediately and destroy the data
  • Where QMS has access to patient identifiable data, we will not reveal any of this information to a third party, except where we are required to do so by law or where patient safety is compromised

Security Policy

  • Computer screens with access to sensitive data should be locked when unattended
  • Any room where access to sensitive data is possible must be locked when unattended
  • Sensitive data must not be left on desks, and should be kept in a lockable storage area. Confidential paper waste should be shredded
  • Sensitive data will be kept in a separate data area on the shared drive
  • If patient identifiable data is kept temporarily on QMS computers, it will be securely encrypted
  • Data saved during backup procedures will be encrypted
  • If sensitive data is transported (for example on laptops or memory sticks), it will always be encrypted
  • QMS employees will adhere to the 'Secure Remote Access Policy'
  • QMS requires all computer users to use strong passwords
  • Where practices allow QMS to use a remote log in for customer support, they should read and agree with the 'QMS Secure Remote Login Overview' confidentiality statement
  • QMS will not keep sensitive data any longer than is required and will disposed of such data securely. In particular, sensitive data including anonymised patient data will be shredded
  • QMS will ensure the secure disposal of any redundant hardware and software to ensure data can never be read and is permanently deleted
  • QMS adheres to a secure ' Wireless use policy'
  • Visitors to the QMS office will be required to see and agree to our confidentiality policy
  • QMS has a business continuity plan to ensure secure backing up of data off site and allow it to continue its business in the event of data loss from the main site
  • QMS keeps copies of Insurance policy documents off site as well as in the office

Data protection - QMS complies with the requirements of the Data Protection Act