|
|
|
|
Caldicott Home |
|
|
|
|
|
Endorsements |
|
|
|
|
|
Background to
Caldicott |
|
|
|
|
|
Principals of
Caldicott |
|
|
|
|
|
Definitions |
|
|
|
|
|
Ensuring
Confidentiality |
|
|
|
|
|
Disciplinary
Proceedings and the
Law |
|
|
|
|
|
Agreements to be
signed |
|
|
|
|
|
Appx 1 - Data
Protection Principals |
|
|
|
|
|
Appx 2 - Access to
Information |
|
|
|
|
|
|
|
| Code
of Conduct on Confidentiality |
|
| and handling personal identifiable information |
| March 2002 |
| This is a generic
Code of Conduct for all Wirral NHS staff and covers personal
information concerning staff as well as patients. |
 |
| 3.1 |
What is patient-identifiable
information? |
|
"All items
of information which relate to an attribute of an individual
should be treated as potentially capable of identifying patients
and hence should be appropriately protected to safeguard confidentiality"
|
|
|
(Caldicott Committee:
Report on the review of patient-identifiable
information, 1997) |
|
|
Surname |
Forename |
|
Initials |
Address |
|
Date of Birth |
Other dates (e.g.
death, diagnosis) |
|
Postcode |
Occupation |
|
Sex |
NHS Number |
|
National Insurance
Number |
Ethnic Group |
|
Local Identifier
(e.g. Hospital or GP Practice Number) |
| 3.2 |
Who is an unauthorised
person? |
|
An unauthorised
person is anyone who does not need to know the information.
Your job role, or level of access to a computer system, provides
you with a level of authority to access information. Do not
assume that all of your work colleagues are authorised to see
the same information that you are. Even if they are in a more
senior role to yourself - if they do not need to know the information,
they do not need to have it. If you are in doubt as to whether
you should share the information with one of your colleagues,
seek the advice of your manager or the Caldicott Guardian.
In certain instances, an NHS body or member of staff may have
a statutory responsibility to pass on patient information.
The NHS has a statutory obligation to notify the government
of certain infectious diseases for public health purposes, e.g.
measles, mumps, meningitis, tuberculosis, but not HIV/AIDS.
Births and deaths must also be notified.
Limited information is shared with PCTs and Public Health Departments
to assist with the organisation of national public health programmes,
e.g. breast screening, cervical smear tests and childhood immunisation.
A Court of Law can insist that medical information
be disclosed to them. When in doubt, seek advice from your manager.
Solicitors sometimes request medical reports
but these requests must be accompanied by the signed consent
of the patient. Third party information in the record will be
withheld unless the third party has also given written consent.
Again, when in doubt seek advice from your manager.
Do not access patient information for anything
other than your official duties, as misuse of the computer system
will result in disciplinary action. It is not acceptable for
staff to access either their own records, or to access records
on behalf of relatives, friends, or neighbours. This Code of
Conduct is against this inappropriate use of the system. Staff
and patients have rights of access to their own health and personnel
records but this should only be done according to the guidance
of the Data Protection Act 1998 (see Appendix 2). The Health
Records Manager or Practice Manager within each organisation
will be able to provide details. |
| 3.3 |
What is meant by the transfer of personal identifiable
information? |
|
The transfer of personal identifiable
information, by whatever means, can be as simple as: |
|
taking a document
and giving it to a colleague
making a telephone call
sending a fax
passing information held on computer |
|
In all cases, however simple
or complicated, the Caldicott Principles must be adhered to,
in order to ensure that personal identifiable information is
not disclosed inappropriately. |
|
