Get Adobe Flash player

Storage of Personal Information

Beehive Solutions Policy & Procedures on

Storage and Transfer of Personal and Sensitive Information


All organisations have a common-law duty as well as a specific requirement under the Data Protection Act 1998 to ensure that all transfers of personal and sensitive information (correspondence, faxes, email, telephone messages, transfer of patient records and other communications containing personal or sensitive information) are conducted in a secure and confidential manner. This is to ensure that information is not disclosed inappropriately, either by accident or design, whilst it is being transferred or communicated to, within or outside of the organisation.

The loss of personal information will result in adverse incident reports which will not only affect the reputation of this organisation but, in the case of disclosing personal information intentionally or recklessly, is also a criminal offence.

Personal Information. This relates to information about a person which would enable that person’s identity to be established by one means or another. This might be fairly explicit such as an unusual surname or isolated postcode or items of different information which if taken together could allow the person to be identified. All information that relates to an attribute of an individual should be considered as potentially capable of identifying them to a greater or lesser extent.

Sensitive Information. This can be broadly defined as that which if lost or compromised could affect individuals, organisations or the wider community. This is wider than, but includes, information defined as sensitive under the Data Protection Act 1998, eg an individual’s bank account details are likely to be deemed ‘sensitive’, as are financial and security information about an organisation.


At Beehive Solutions we have strict guidelines on how staff record, store and transfer personal information; whether this represents information relates to; patients we scan with in our various NHS Ultrasound services, customers obtaining goods through our healthcare consumables and equipment websites or material obtained through any other means.

Our procedures are designed to meet the requirements of the Data Protection Act, NHS Code of the Practice - Confidentiality, and the NHS Care Record Guarantee forEngland.

All staff are taught to work in accordance with the Caldicott Principles

Table 1: The Caldicott Principles:

   *             Principle 1: Justify the purpose for using the information

   *             Principle 2: Only use identifiable information if absolutely necessary

   *             Principle 3: Use the minimum that is required

   *             Principle 4: Access should be on a strict need to know basis

   *             Principle 5: Everyone must understand their responsibilities

   *             Principle 6: Understand and comply with the law


Patient Records:

Hard copy patient information (other than appointment letters) is not posted in the general post and appointment letters do not include any Sensitive information. Examination reports are handed direct to the patient and/or sent via surgery drop numbers.

When a patient record has to be faxed to a GP Surgery, for instance when an urgent examination report is requested, they are only faxed to the surgery fax number provided by the Clinical Commissioning Group and the fax number is confirmed by two members of staff to avoid issues as a result of input errors.

With in theAcuteHospitalsetting, Beehive Solutions complies with the local rules of the Trust to ensure all records are handled correctly and in strict compliance with the NHS Care Record Guarantee forEngland.

Email is not a secure system. All staff using email have been made aware of this during their induction training. Therefore, patient identifiable and other sensitive information is not sent by email unless it has been encrypted to standards approved by the NHS. NHSmail accounts are encrypted to NHS-approved standards and may be used for sending patient identifiable information to recipients that also have an NHSmail account.

Appointment lists are held on computer, but recorded details are limited to the patient name so that the patient can be identified on arrival. No other identifiable information is held.

Electronic Information related to patient examinations and other health records is held on a hard-drive completely isolated from the internet and without WiFi capabilities. The drive is password protected to the highest standard and kept in a locked location with restricted access. A back-up copy is maintained in similar circumstances in a geographically different location.


Customer Records:

Customer Payment card details are not recorded by the company and in the case of a telephone order such details are typed directly into our Payment Provider facility with no copy being retained by the company.

Customer records are maintained on our website under password protection, but customers are informed of the retention of their contact details, have the option of removing their records at any time, and have the company assurance that their records will be used for no other purpose than to allow us to facilitate repeat orders more efficiently by avoiding the need for them to re-input delivery address etc.  Payment mechanisms are not recorded.

 

Office Records:

All paper waste is shredded (cross-shredder) prior to being disposed of.

All websites, computers and Servers are password protected and have the latest antiviral software incorporated (with updates when available). Both incoming and outgoing emails are vetted through “MessageLabs” to ensure malicious content is neither received nor propagated.

 

Download a pdf of Beehive Healthcare Solutions Policy and Procedure on the Storage and Transfer of personal and Sensitive Information

 

As well as ensuring the accuracy and security of personal & sensitive information, we recognise our patients Rights to see the information we retain on them. in line with NHS guidance, we have therefore created policies and procedures to provide such access free of charge to our patients.

In providing such access, we would remind all patients that the information held by Beehive Solutions is only a very small section of their health record; that relating just to their Ultrasound Scan; and seen in isolation such information may lead to incorrect conclusions. It is therefore better for the patient to request access to their entire health record through the NHS, which will also provide an opportunity for the records to be fully explained by qualified personnel.

Download a pdf of Beehive Healthcare Solutions Policy and Procedure on the Use and Access to personal and Sensitive Information

 

Continue here to read about Beehive Healthcare Solutions other policies on Accountability

 


Search
Associated Websites

Laser Onychomychosis treatment

Our Sister Companies

Beehive Medical Solutions
 
 
 
Sonographers Medical