New Year; new focus on IG
Towards the end of 2016 it was necessary to review and reconfirm some of our processes following a serious IG breach. All staff, but in particular Clinical Staff, should note it is their responsibility to make sure they are 'IG safe'. Why not start 2017 with a renewed effort to be IG aware and to ensure you are following the best practices as advised here?
All staff are responsible for ensuring that:
- Sensitive information and equipment is:
- Locked away when not being used
- Kept out of sight eg in the locked boot of the car when transported
- Not left unattended eg not left in the car boot overnight.
- Laptops, memory sticks and other mobile devices containing personal information must be encrypted
- Day diaries must not be traceable back to the patient or patient’s home/address
- Security codes such as key safe numbers used for home visits should be held securely and not kept with the addresses of patients
For ICS staff the standard operating procedure for storage of patient identifiable information and key safe details is:
* Staff using SystmOne
Staff who use SystmOne must not write any patient information in paper diaries or print any lists from SystmOne as this information is available in both the live and mobile working modules.
Key safe numbers must be saved by staff as ‘reminders’ in SystmOne which are visible in both modules.
* DCHS staff who are not yet using SystmOne
Staff who have a DCHS smartphone should save information on patient names, addresses and keysafe numbers in their smartphone by emailing themselves the appointment list to your NHSmail account so that the information is available on their emails within the smartphone.
Staff who have a standard DCHS mobile (i.e. not a smartphone) should save keysafe numbers for that day on their work mobile within the contacts next to the patient initials/first name.
* Agency Staff (who cannot access SystmOne)
Agency staff should use a team phone to store the patient key safe numbers and (if it is a smartphone) also the names and addresses of patients to avoid the need for a paper list.
If a team phone is not available then the agency staff should ensure that the key safe numbers are not written down in a way that can link them to the patient names and addresses. This may require two separate documents being taken out which are carried separately by the agency worker.
ALL staff are reminded that:
Paper diaries that are no longer in use, as they have been replaced by SystmOne or are for a previous year, should be archived securely following DCHS’s archiving processes (see the Information Lifecycle and Records Management Policy on Sharepoint).
Please ensure the archive boxes are clearly labelled, including the addition of a destruction date. A list of the contents of the box should be placed inside the box and a copy of the contents list also retained locally by the manager. Paper diaries should be kept for two years after the end of the year to which they relate. The national guidance also states that “Diaries of clinical activity & visits must be written up and transferred to the main patient file. If the information is not transferred the diary must be kept for 8 years.”