Blossomfeild
Complete Dental Care Information Governance
policy
Introduction
Information is a vital asset, both in terms of the
clinical management of individual patients and the efficient management of
services and resources. It plays a key part in clinical governance, service
planning and performance management. It is therefore of paramount importance
that information is efficiently managed, and that appropriate policies,
procedures, management accountability and structures provide a robust
governance framework for information management.
1. Purpose
of the policy
This Information Governance policy provides an
overview of the practice's approach to information governance; a guide to the
procedures in use; and details about the IG management structures within the
dental practice.
2. The
practice's approach to Information Governance
Blossomfield Complete Dental Care undertakes to
implement information governance effectively and will ensure the following:
- Information will be protected against unauthorised
access;
- Confidentiality of information will be assured;
- Integrity of information will be maintained;
- Information will be supported by the highest
quality data;
- Regulatory and legislative requirements will be
met;
- Business continuity plans will be produced, maintained
and tested;
- Information governance training will be available
to all staff as necessary to their role;
- All breaches of confidentiality and information
security, actual or suspected, will be reported and investigated.
3. Procedures
in use in the practice
This Information Governance policy is underpinned
by the following procedures:
- Records
management procedure that set outs how patient dental
records will be created, used, stored and disposed of;
- Access control
procedure that sets
out procedures for the management of access to computer-based information
systems;
- Information
handling procedure that sets out procedures around the transfer of confidential
information;
- Incident
management procedure that sets out the procedures for managing and
reporting information incidents;
- Business
continuity plan that sets out the procedures in the event of a
security failure or disaster affecting computer systems;
4. Staff
guidance in use in the practice
Staff compliance with the procedures is supported by
the following guidance material:
- Records
management: guidelines on good record keeping;
- Staff confidentiality
code of conduct: sets out the required standards to maintain the
confidentiality of patient information; obligations around the disclosure of
information and appropriately obtaining patient consent;
- Access control: guidelines on the appropriate use of computer systems;
- Information
handling: guidelines on the secure use of patient
information;
- Using mobile
computing devices: guidelines on maintaining confidentiality and
security when working with portable or removable computer equipment;
- Information
incidents: guidelines on identifying and reporting information incidents.
5. Responsibilities
and accountabilities
The designated Information
Governance lead for the practice is Sara Skalka
The key responsibilities of the lead
are:
- Developing
and implementing IG procedures and processes for the practice;
- Raising
awareness and providing advice and guidelines about IG to all staff;
- Ensuring that any training made available is taken
up;
- Coordinating the activities of any
other practice staff given data protection, confidentiality, information
quality, records management and Freedom of Information responsibilities;
- Ensuring that patient data is kept
secure and that all data flows, internal and external are periodically checked
against the Caldicott Principles;
- Monitoring
information handling in the practice to ensure compliance with law,
guidance and practice procedures;
- Ensuring
patients are appropriately informed about the practice's information
handling activities.
The day to day responsibilities for providing guidance to
staff will be undertaken by Sara Skalka
The partners of the practice are responsible for ensuring that sufficient resources are provided
to support the effective implementation of IG in order to ensure compliance
with the law, professional codes of conduct and the NHS information governance
assurance framework.
All staff,
whether permanent, temporary or contracted, and contractors are responsible for
ensuring that they are aware of and comply with the requirements of this policy
and the procedures and guidelines produced to support it.
Blossomfield
Complete Dental Care Data Protection Policy Statement
General
We shall collect, hold and process personal
data in accordance with the provisions of the Data Protection Act 1998. These
provisions apply to personal data held on an employee's personal file or on any
associated or computerised record.
Key Principles
Where data is held under the provisions of the
Data Protection Act 1998, we will ensure that personal data is:
- Fairly and lawfully
processed;
- Processed for specified
purposes;
- Adequate, relevant and not
excessive;
- Accurate;
- Not kept for longer than is
necessary;
- Processed in accordance with
individuals rights;
- Secure;
- Not transferred to countries
without adequate protection.
Your Rights
- Where consent is required,
we will obtain your consent before processing data that relates to you.
- You are entitled, upon
request, to be informed whether personal data about you is being processed, and
to be provided with a description of the data, any information available as to
its source (if known), the purposes for which it is being processed, and
details of the recipients to whom it is being disclosed. We will provide this
information upon request although we reserve the right to make a charge for
providing this information. In certain circumstances and upon request, we will
stop processing personal data about you if it is likely to cause substantial
damage or distress to you or someone else. Any requests relating to the above
should be made in writing to our Data Protection Officer Mr Marek Skalka or Mr
John Newland.
- We will endeavour not to make
any decisions that significantly affect you which are based solely on automatic
processing of personal data. However, where such a decision is made, you will
be informed of the way in which the decision was made and be given an
opportunity to make representations to challenge the decision. In such
circumstances, we will consider your representations and review the decision
with a view to ensuring that a correct and fair decision is made.
Your Obligations
- You are required to make
yourself familiar with and follow our Data Protection Policy and Code of
Practice, which sets out the way in which we require personal data to be
treated in order to comply with the law. Our Data Protection Policy and Code of
Practice are available on the Intranet and copies can be obtained from our Data
Protection Officer.
- Personal data is
confidential and is held solely for the purpose of carrying out company
business. Breach of our Data Protection Policy or Code of Practice may amount
to misconduct and result in disciplinary action. Persistent breaches or a
serious breach may result in your dismissal.
Security.
We will ensure that appropriate measures are
adopted to guard against unauthorised and unlawful processing, or the
accidental loss, destruction of or damage to data.
Assistance
The subject of data protection is a
complicated one. If you require guidance or assistance you should contact our
Data Protection Officer who will be pleased to help you and answer any queries
that you may have.
Blossomfield Complete Dental Care Data Protection Code of Practice for Patients.
Keeping your records
This
practice complies with the 1998 Data Protection Act and this policy describes
our procedures for ensuring that personal information about patients is
processed fairly and lawfully.
What personal
data do we hold?
In order to provide you with a high
standard of dental care and attention, we need to hold personal information
about you. This personal data comprises:
- your past and current medical and
dental condition; personal details such as your age, national insurance
number/NHS number, address, telephone number and your general medical
practitioner
- radiographs, clinical photographs
and study models
- information about the treatment
that we have provided or propose to provide and its cost
- notes of conversations/incidents
that might occur for which a record needs to be kept
- records of consent to treatment
- any correspondence relating to
you with other health care professionals, for example in the hospital or
community services.
Why do we hold
information about you?
We need to keep comprehensive and
accurate personal data about our patients in order to provide them with safe
and appropriate dental care. We also
need to process personal data about you in order to provide care under NHS
arrangements and to ensure the proper management and administration of the
NHS.
How we process
the data
We will process personal data that we
hold about you in the following way:
Retaining information
We will retain your dental records while
you are a practice patient and after you cease to be a patient, for at least
eleven years or for children until age 25, whichever is the longer.
Security of information
Personal data about you is held in the
practice's computer system and/or in a manual filing system. The information is not accessible to the
public and only authorised members of staff have access to it. Our computer system has secure audit trails
and we back up information routinely.
Disclosure of information
In order to provide proper and safe
dental care, we may need to disclose personal information about you to:
- your general medical practitioner
- the hospital or community dental
services
- other health professionals caring
for you
- NHS payment authorities
- the Inland Revenue
- private dental schemes of which
you are a member.
Disclosure will take place on a
‘need-to-know' basis, so that only those individuals/organisations who need to
know in order to provide care to you and for the proper administration of
Government (whose personnel are covered by strict confidentiality rules) will
be given the information. Only that
information that the recipient needs to know will be disclosed.
In very limited circumstances or when
required by law or a court order, personal data may have to be disclosed to a
third party not connected with your health care. In all other situations,
disclosure that is not covered by this Code of Practice will only occur when we
have your specific consent.
Where possible you will be informed of
these requests for disclosure.
Access
You have the right of access to the data
that we hold about you and to receive a copy.
Access may be obtained by making a request in writing .We will provide a
copy of the record within 40 days of receipt of the request.
If you do not agree;
If you do not wish personal data that we
hold about you to be disclosed or used in the way that is described in this
Code of Practice, please discuss the matter with your dentist. You have the
right to object, but this may affect our ability to provide you with dental
care.
Blossomfield Complete Dental Care Confidentiality Policy.
Confidentiality
is a professional requirement imposed on us by the General Dental Council
(GDC). The relationship between dentist and patient is based on the
understanding that any information revealed by the patient will not be divulged
without the patient's consent. Only in exceptional circumstances ( e.g. where a
major crime is being investigated, or to comply with specific laws such as Road
Traffic Acts or terrorism) are we allowed to divulge any information about
patients without their specific consent.
Under the
Freedom of Information Act 2002, we have a "publication scheme" where we are
obliged to supply to any interested party any information we may hold on them.
Under the Data Protection Acts 1984 and 1998 we are obliged to safeguard the
holding of personal data of our patients.
This practice has adopted the following three
principles of confidentiality:
1.
Personal information about a
patient is confidential to those providing healthcare.
2.
It should only be provided to
those who would be unable to provide effective care without that information
(Need-to-know)
3.
Information should not be
disclosed to third parties without consent of the patient except in the
circumstances set out in the first paragraph.
What this means to you:
§
Records should be kept secure and
in a location that prevents other individuals from reading them.
§ When
talking to a patient on the telephone or in a public area care should be taken
to ensure that sensitive information is not overheard by other patients.
§ Details
of names, addresses, telephone numbers, attendance or financial record,
treatment histories or plans, medical history or information about other family
members should not be divulged.
§ Messages
regarding patient care should not be left on answer machines. A message to call
the practice is all that can be left.
§ Disclosure
of appointment book information should not be made to third parties without
first referring to Mr Skalka or Mr Newland.
§ Discussions
being conducted within hearing of any patient should be on strictly
professional matters, never discussing a patient by name.
§ Conversations
on non-professional matters should be reserved for the staff room.
§ Any
member of staff who breaks these rules will be liable for summary dismissal.
§ All
data processed at this practice must remain confidential even if your
employment has terminated. (it is an offence under the Data Protection Act 1998
to disclose such information)
Blossomfield Complete Dental Care, 284/286 Blossomfield Rd,Solihull,B91 1TH.
Tel; 0121 711 6939 Fax; 0121 705 9355 www.blossomfielddental.co.uk
| 
