We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Data Security and Protection Policy
Introduction
The Data Protection Act 1998 (DPA) requires a clear direction on Policy for security of information within the Practice. The policy provides direction on security against unauthorised access, unlawful processing, and loss or destruction of personal information.
The following is a Statement of Policy which will apply:
The Policy
- The Practice is committed to security of patient and staff records.
- The Practice will display a poster in the waiting room, explaining the practice policy to patients.
- The Practice will make available a practice leaflet on Access to Medical Records and Data Protection for the information of patients.
- The Practice will take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally compliant.
This will include training on Confidentiality issues, DPA principles, working security procedures, and the application of Best Practice in the workplace.
- The Practice will undertake prudence in the use of, and testing of, arrangements for the backup and recovery of data in the event of an adverse event.
- The Practice will maintain a system of “Significant Event Reporting” through a no-blame culture to capture and address incidents which threaten compliance.
- DPA issues will form part of the Practice general procedures for the Management of Risk.
- Specific instructions will be documented within confidentiality and security instructions and will be promoted to all staff
Data Protection Officer
Paul Couldrey
PCIG Consulting Limited
7 Westacre Drive
Quarry Bank
West Midlands
DY5 2EE