Solihull Dental Practice

data security policy

 

This dental practice is committed to ensuring the security of personal data held by the practice. This policy is issued to all staff with access to personal data at the practice and will be given to new staff during their induction. If any member of the team has concerns about the security of personal data within the practice they should contact Dr T Nadeem

 

All members of the team must comply with this policy.

Confidentiality

  • All employment contracts and contracts for services contain a confidentiality clause, which includes a commitment to comply with the practice confidentiality policy
  • Access to personal data is on a ‘need to know’ basis only. Access to information is monitored and breaches of security will be dealt with swiftly by Dr T Nadeem
  • We have procedures in place to ensure that personal data is regularly reviewed, updated and, when no longer required, deleted in a confidential manner. For example, we keep patient records for at least 10 years or until the patient is aged 25 – whichever is the longer.

Physical security measures

  • Personal data is only removed from the practice premises in exceptional circumstances and when authorised by Dr T Nadeem . If personal data is taken from the premises it must never be left unattended in a car or in a public place
  • Records are kept in a lockable fireproof cabinet, which is not easily accessible by patients and visitors to the practice
  • Efforts have been made to secure the practice against theft by, for example, the use of intruder alarms, lockable windows and doors
  • The practice has in place a business continuity plan in case of a disaster. This includes procedures for protecting and restoring personal data.

Information held on computer

  • Appropriate software controls are used to protect computerised records, for example the use of passwords, pseudonymisation and encryption. Passwords are only known to those who require access to the information, are changed on a regular basis and are not written down or kept near or on the computer for others to see
  • Daily and weekly back-ups of computerised data are taken and stored in a fireproof container, off-site. Back-ups are also tested at prescribed intervals to ensure that the information being stored is usable should it be needed
  • Staff using practice computers undertake computer training to avoid unintentional deletion or corruption of information
  • Dental computer systems have a full audit trail facility preventing the erasure or overwriting of data. The system records details of any amendments made to data, who made them and when
  • Precautions are taken to avoid loss of data through the introduction of computer viruses.
  • Data stored on cloud computing facilities has in place a rigorous service level agreement with our cloud provider to ensure that all our obligations in this policy are fulfilled and that all information is secure.]

Loss of patient information

  • Any loss, damage to or unauthorised disclosure of patient information must be reported immediately to Dr T Nadeem

 

Data Opt-Out Policy England

How the NHS and care services use your information
Solihull Dental Practice is one of many organisations working in the health and care system to improve care for patients and the public. Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment. The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • Improving the quality and standards of care provided
  • Research into the development of new treatments
  • Preventing illness and diseases
  • Monitoring safety
  • Planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care. To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/(which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know(which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.

Our practice only uses your personal health data to provide individualised care to you and does not disclose your data for any other purposes. The national data opt-out does not apply to our usage of your data and we are compliant with the policy.

Date: 1/4/2020