1 / 16

NHS Cancer Screening Programmes Confidentiality and Disclosure Policy update 2013

NHS Cancer Screening Programmes Confidentiality and Disclosure Policy update 2013. Background/context. NHS Cancer Screening Programmes Confidentiality & Disclosure Policy (August 2011: version 4):

cheche
Download Presentation

NHS Cancer Screening Programmes Confidentiality and Disclosure Policy update 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NHS Cancer Screening Programmes Confidentiality and Disclosure Policy update 2013

  2. Background/context • NHS Cancer Screening Programmes Confidentiality & Disclosure Policy (August 2011: version 4): “sets out the principles and procedures for safeguarding the confidentiality and disclosure of patient information that is actually or potentially identifiable”. • Legal obligation and professional requirement to hold information in confidence • “Patient” covers all individuals whose data are stored or processed by or on behalf of NHS Cancer Screening Programmes, whether or not they are or become the subject of active care or treatment.

  3. Requirements • All staff, including • Permanent • Temporary/Locums • Contractors • Volunteers are required to: • formally declare compliance with this policy • have compliance with the policy checked annually at individual appraisals • comply with this policy as a minimum, in addition to any supporting policies or procedures local to the host organisation and other legal obligations. • Primary care staff are excluded

  4. Requirements cont…. • A named lead at Board level (e.g. the Caldicott Guardian or Senior Information Risk Owner) should be identified by each service within a programme to declare compliance across that programme using the form at Appendix 1. • Failure to comply with this policy may result in disciplinary action being instigated by the host employer and personal liability. • Written local policies and standard operating procedures should be in place to deal with the secure storage and transfer of patient- and staff-related confidential records.

  5. Disclosure • Patient’s Health Records must be: • processed in accordance with Data Protection Act, the common law duty of confidentiality and the Human Rights Act • kept private and physically secure • disclosed only for purposes of healthcare, unless explicit consent from the individual. • Section 251 of The Health and Social Care Act 2008, allows disclosure/use, without individual consent to: • Clinical audit • Call/recall agencies • Cancer registries • QA Reference Centre.

  6. Training • Change to training requirements: • All members of staff must undertake confidentiality training • Annual information governance (NHS Connecting for Health) • Three yearly update on screening-related confidentiality and disclosure • Screening services must keep a register of training undertaken by staff (this will be reviewed at QA visits)

  7. Identifiable Patient Information (IPI) • Includes: • Name • Date of birth • Address • Full postcode • Telephone number • Unique identifier of any health service patient, including: • NHS Number • Screening (Sx) Number (breast screening programme) • Hospital Number • Histology/cytology Number • Any information pertaining to the diagnosis, prognosis or treatment of an individual where this is linked to details that may enable that person to be identified.

  8. Purpose of patient data in screening • to invite people for screening and to record the outcome of the invitation, using information held on the National Health Applications and Infrastructure Services (NHAIS) system • to undertake audits of the screening process • to evaluate NHS Cancer Screening Programmes outcomes, which may require data from a number of sources including the patient’s GP • for the inter-Trust and intra-Trust transfer of data • to identify the outcome of the referral from screening • to assemble a screening history and related material in order to provide the patient with information on past screening management • to carry out failsafe activities • to trace people who may need to be contacted (a) in the event of screening incidents and (b) to provide failsafe • to send data to and receive them from cancer registries in order to validate the completeness of the registries’ records and those of NHS Cancer Screening Programmes • to undertake quality assurance, training and education • to allow external quality assurance (QA) of local screening service activities

  9. Potentially IPI (PIPI) • Includes: • Records of individuals, even if they do not include variables that would make them obviously identifiable (e.g. gender, ethnic group) • Tabular data based on small geographic areas and with low cell counts (e.g. less than 5) • Tabular data containing cells that have underlying population denominators of less than ~1,000 • The disclosure of such information poses a very small risk of identifiability.

  10. Non-routine requests for IPI/PIPI • All non-routine requests for IPI relating to the screening population must be directed to the Director of the service (Breast/Bowel) or the Hospital-based Programme Co-ordinator or Public Health Screening Lead as appropriate to the request (Cervical) in the first instance. • Requests should: • Clearly state and explain the intended use of the data • Show why IPI are required and why anonymised data cannot be used • Provide details on how the data will be kept and confirmation that it will be destroyed after use. • All requests and resulting action should be formally documented. • Decision to release PIPI based on non-routine requests should be guided by the same principles as IPI requests and referred to the Director of the service (Breast/Bowel) or the Hospital-based Programme Co-ordinator or Public Health Screening Lead as appropriate to the request (Cervical) in the first instance

  11. Sending Identifiable Information • By post – See Poster No. 1: • Clearly and accurately labelled with the name and full address of the recipient • Letters should be double wrapped (put in two envelopes) • Addressed ‘Addressee Only’ and marked ‘Private & Confidential’ • Packages containing details of 10 or more patients must be sent using Royal Mail’s Special Delivery (or other secure courier service, as per local arrangements) • Robust mechanisms are required for receipt and dispatch of all materials sent out for reporting (e.g. pathology samples or hard copy screening films) • By email - See Poster No. 2 : • Should be sent from an NHS Mail account (ending @nhs.net) to an NHS Mail account or encrypted (to AES 256-bit standard) • Passwords should be issued separately, preferably via telephone once the data are received

  12. Sending Identifiable Information cont… • By fax - See Poster No. 3: • Must be secure in a ‘safe haven’ area, with immediate collection and receipt confirmed • Care should be taken when entering the number • Include a front cover, marked ‘Addressee Only'. • By telephone - See Poster No. 4 : • Must not be given over the telephone to an unrecognised or unverified person • Requester should always be called back, via a main switchboard to verify details • External requests should be made in writing.

  13. Databases • Staff should have individual logins (e.g. to NBSS, Open Exeter, BCSS), not generic ones • Database demonstrations should make use of fictitious data • When leaving your desk, the computer should be locked, by: • Pressing the Windows logo key + L, or • Pressing Ctrl + Alt + Del and selecting ‘Lock Computer’ You will then need to re-enter your password to unlock.

  14. Storage • Paper records: • Stored in a secure, lockable location. • Electronic data: • Stored on a network server • Laptop or USB memory stick only if encrypted • Details of the specific circumstances in which IPI may be used off site and the procedures governing them must be set out in Standard Operating Procedures and approved by the Caldicott Guardian. • Nationally, there have been recent incidents concerning transporting information to and from mobile units, between hospital sites etc.

  15. Disposal • Data no longer needed must be disposed of securely, in a permanently irretrievable form. • Paper records: • Should be shredded • Should not be used for scrap. • Mammograms: refer to NHSBSP Retention, Storage and Disposal of Mammograms and Screening Records (2001). • Pathology samples: refer to Royal College of Pathology and Recommended Code of Practice for Laboratories Participating in the UK Cervical Screening Programme (2010).

  16. Other relevant documents • The following documents have been supplied: • NHS CSP Confidentiality & Disclosure Policy (2011) • NHS CSP Security Policy (2003) • Appendix 1 form: to declare compliance across the programmes (two copies to be signed - one returned to QARC and one retained for local records) • Five posters: • 1 – Sharing information by fax • 2 – Sharing information by telephone • 3 – Sharing information by post • 4 – Sharing information by email • 5 – Transmitting identifiable information summary

More Related