Part 1: Background & Legislation
Understanding Your Responsibilities
To ensure we all play our part in safeguarding data and information, it’s crucial for every staff member to be aware of their responsibilities under data protection legislation. This legislation governs how we handle and protect data, and how individuals can exercise their rights.
Data protection legislation can seem complex, but we can break it down as follows:
- Data Protection Act 2018 (DPA 2018)
- Records Management Code of Practice for Health and Social Care 2016
Additionally, BrisDoc must consider the following legislation:
- Freedom of Information Act 2000
- Environmental Information Regulations
- INSPIRE Regulations
- Health and Social Care Act 2012
- Access to Health Records Act 1990
- Public Records Act 1958
- Mental Capacity Act 2005
- Computer Misuse Act 1990
- Copyright, Designs, and Patents Act 1988
At BrisDoc, we have a range of Information Governance policies, processes, and procedures accessible on Radar (BrisDoc’s Intranet) or local Service shared drives. For practical implementation, there are additional Standard Operating Procedures (SOPs) that provide detailed guidance. Familiarising yourself with these SOPs and adhering to the principles of Information Governance supports compliance with the law and best practices.
By embracing Information Governance, we instill trust in our services among patients, service users, and the general public, fostering effective collaboration with partner organisations.
If you have any questions or uncertainties, don’t hesitate to reach out to your line manager. Together, we can uphold our commitment to safeguarding information and ensure that everyone benefits from the transparency and care it brings.
Roles within the Organisation:
To ensure the proper handling of information at BrisDoc, we have several key roles dedicated to information governance, including:
- Senior Information Risk Officer: Jonathan Pearce
- Caldicott Guardian: Dr. Kathy Ryan
- Data Protection Officer: Affinity Resolutions (external)
- Information Security Manager: Debs Lowndes
They receive support from Heads of Service and Corporate Leads, such as Practice Managers, the Head of Workforce, and the Head of Integrated Urgent Care. Together, they form the Information Governance Board, convening quarterly to oversee these crucial matters.
All Staff: Every staff member plays a vital role in preserving confidentiality and security. It is their legal duty to maintain the privacy of confidential data and refrain from disclosing information, whether inadvertently or intentionally.
Key Responsibilities:
To fulfill their responsibilities, staff must:
- Avoid discussing confidential matters in public spaces or where they can be overheard.
- Never leave assets containing personal, commercially confidential, or special categories of personal data unattended. This includes telephone messages, computer printouts, faxes, and other documents.
- Ensure they log out of computer systems where sensitive information can be accessed or viewed by unauthorised individuals.
- Access healthcare records only when relevant to their role. Unauthorised access will be considered a severe breach of confidentiality, leading to action under BrisDoc’s Disciplinary policy, which may result in dismissal.
- Never use someone else’s password to access data, as this is a serious breach under the Computer Misuse Act 1990 and a violation of Service IT policies. Such actions constitute a disciplinary offense and could be considered gross misconduct, leading to dismissal.
We are committed to fostering a culture of responsibility and trust at BrisDoc. By adhering to these guidelines and embracing the principles of information governance, each staff member contributes to the security and confidentiality of our data, ultimately benefiting our patients and the community we serve. If you ever need further guidance or have any questions, don’t hesitate to reach out. Together, we ensure that our practices align with the highest standards of information governance.