Our documents are as follows:
We have a Policy which recognises our legal obligations in respect to the collecting, holding, maintaining and accessing data for a lawful purpose and in a secure environment.
The Policy assures that such activities will keep the Data secure and only accessed for the proper purpose by the proper Users. The Data will not be retained for ever – only as long as required.
Data Subjects have Rights in respect to the collection and use (etc) of their Data – the Policy indicates how we will respect those Rights.
We have a Policy which confirms the various activities we undertake in order to ensure the security of the personal Data of our Patients and our Team held by us.
Confidentiality obligations are reinforced in the terms of our Team’s individual contract, access is monitored to ensure it is only ‘need to know’. Content is kept up to date. Unneeded Data deleted securely. Our Caldicott Guardian oversees that all aspects of confidentiality are followed.
Security of Data stored physically and electronically (or removed) is the responsibility of our Senior Information Risk Officer.
Any breaches or incidents affecting Data are reported immediately to our Data Protection Officer and dealt with swiftly
Our Privacy Notices provide a comprehensive statement to a Data Subject of what the Policies mentioned here means, when it comes to us having and using their Data.
It also reminds them of their Rights in respect to their Data. It also confirms how those Rights can be exercised and what we do in response to a request to do so.
The process available if you are not satisfied with our response is also set out
Even before someone becomes a Patient, or joins our Team, they are provided with a copy of the current Notice for their assurance and information.
You can read the Policies by clicking:
Data Protection Impact Assessments (DPIA)
Our approach to Data Protection is just like having good oral hygiene – “prevention is better than cure”.
When we are considering implementing a new System or process which will change the way we process your Data we will undertake a DPIA.
That will allow us to identify whether the change creates any risks to the safety or security of your Data. Then we can either proceed with confidence, or ensure changes are made to avoid those risks (or maybe even not proceed with implementation and find a different approach.