INTRODUCTION TO OUR DATA PROTECTION POLICY
The Data Protection Act 1998 (DPA) requires a clear direction on Policy for security of information within the practice. The policy will provide direction on security against unauthorised access, unlawful processing, and loss or destruction of personal information. The following is a Statement of Policy which will apply.
- The practice is committed to security of patient and staff records.
- The practice will display a poster in the waiting room explaining to patients the practice policy
- The practice will take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally compliant. This will include training on Confidentiality issues, DPA principles, working security procedures, and the application of Best practice in the workplace.
- The practice will undertake prudence in the use of, and testing of, arrangements for the backup and recovery of data in the event of an adverse event.
- The practice will maintain a system of “Significant Event Reporting” through a no-blame culture to capture and address incidents which threaten compliance.
- DPA issues will form part of the practice general procedures for the management of Risk.
- Specific instructions will be documented within confidentiality and security instructions and will be promoted to all staff.
Dr Dan Lane
FREEDOM of INFORMATION POLICY
· The practice will comply with the FoI Act and sees it as an opportunity to enhance public trust and confidence in the practice
· The practice will maintain a comprehensive 'Publication Scheme' that provides information which is readily accessible without the need for a formal FoI Act request.
· The practice will seek to satisfy all FoI Act requests promptly and within 20 working days. However, if necessary we will extend this timescale to give full consideration to a Public Interest test. If we do not expect to meet the deadline, we will inform the requester as soon as possible of the reasons for the delay and when we expect to have made a decision
· The practice will continue to protect the personal data entrusted to us, by disclosing it only in accordance with the Data Protection Act 1998
· The practice will provide advice and assistance to requesters to facilitate their use of FoI Act. We will publish our procedures and assist requesters to clarify their requests so that they can obtain the information that they require.
· The practice will work with Lincolnshire Primary Care Trust and other bodies with whom we work to ensure that we can meet our FoI Act obligations, including the disclosure of any information that they hold on our behalf.
· The practice will apply the exemptions provided in the FoI Act and, where qualified exemptions exist, the practice will disclose the information unless the balance of public interest lies in withholding it.
· The practice will consult with third parties before disclosing information that could affect their rights and interests. However, according to the FoI Act, the practice must take the final decision on disclosure
· The practice will charge for information requests in line with the FoI Act Fees Regulations or other applicable regulations, including the Data Protection Act 1998
· The practice will record all FoI Act requests and our responses and will monitor our performance in handling requests and complaints
· The practice will ensure that all staff are aware of their obligations under FoI Act and will include FoI Act education in the induction of all new staff
Dr Dan Lane