All staff employment contracts contain a confidentiality clause. Access to personal data is on a “need to know” basis only.
Access to information is monitored and Nigel Jones will deal with breaches of security swiftly. We have procedures in place to ensure the personal data is regularly reviewed, updated and deleted in a confidential manner when no longer required.
For example we normally keep records for 11 years or till the patient is aged 25 – whichever is longer.
Physical security measures
Personal data is only taken away from the practice premises in exceptional circumstances and when authorised by Nigel Jones.
If personal data is taken from the premises it must never be left unattended in a car or a public place.
Records are kept in a filling room, which is kept locked when not in use.
Efforts have been made to secure the practice against theft by, for example the use of intruder alarms lockable windows and doors.
The practice has in place a business continuity plan in case of disaster. This includes procedures set out by protecting personal data.
Information held on a computer
Passwords are only known by those who require access to the information, are not written down or kept near the computer.
Staff using computerised data are trained as to ensure unintentional deletion or corruption. Regular back ups of computerised records are taken and stored off site.
Precautions are taken to avoid loss of data through the introduction of computer viruses.