Confidentiality&

Records Management

What is Information Governance?

What is Records Management?

Horror Stories!

Data Protection Act 1998

8 Principles

1. Fairness and legality2. Permission3. Adequacy /Relevant, not

Excessive4. Accuracy5. Length of use6. Access rights7. Security8. Transfer outside EEA

Caldicott Report 1998

6 Principles for use and sharing

1. Justify the purpose2. Use only when necessary3. Use minimum necessary4. Access – strict need to know

basis5. Individual responsibility6. Comply with the law7. Duty to share and protect

Personal Information can be accessed from:

• The patient

• The health record

• Colleagues

• Personnel files/HR/Payroll

• Electronically processed data

• Stored images

• Knowledge held by employee

• Telephones

• Fax machines – ‘Safe Haven’

• Pieces of paper

• Verbally

Confidentiality and Information SecurityTo obtain information without consent….• Is unlawful• Is a breach of the DPA, HRA and if obtained via Hospital systems, a breach of the Computer Misuse Act.May/will result in….• Disciplinary action • Dismissal• Civil action for damages• Custodial sentence• Unlimited fineRCHT monitors access to all systems. All breaches will be dealt with

in accordance with the Trust’s disciplinary procedure

Do Not………

• Leave your PC logged on

• Access information on PAS inappropriately

• Leave your office unlocked

• Include patient identifiable information in the subject of an email

• Send personal data outside the Trust without permission

• Share Passwords

Top TipsDo………

• Respect confidentiality

• Direct Police – they do not have an automatic right to information

• Direct general enquiries

• Check identity – this includes staff

• Report incidents –don’t ignore them (Datix)

Handling the media

?Records ManagementWho is responsible? • Chief Executive• Senior Managers• You

What must I do?• Identify and Maintain Records• Read and implement the policies, especially …

Document naming (Version Control)Store appropriately

Retention Schedule Disposal (record destruction)

… to enable FoI, DPA and EIR compliance

Legalrequirements

Informationsharing

Protection - organisation - individual

Evidence(Audit)

More effectiveworking

Support for patientCare etc.

Records Management – the benefits

Record Keeping Standards

Safer Environment

Aide mémoire

Patients

Clinical Coding

Staff

Complaints

Litigation

Audit/Research

Decisions and Evidence

Leads to

Clear and concise

Dated and Signed

Legible

Structured

Available

Complete/Accurate

In records