Our objectives
are to meet the principles laid out in the Caldicott
Report.
Doctor Murray is
the Caldicott Guardian for Small
Heath Medical Practice
The Guardian oversees
the protocols of our practice that governs the disclosure of
patient-identifiable information to other organisations, the Guardian is also
responsible for ensuring that all routine flows of patient-identifiable
information to and from organisations have been identified, mapped and proven
necessary.
Dr Murray is
responsible for ensuring that the use of patient identifiable information is
effectively governed by appropriate national and locally agreed protocols on
patient confidentiality.
Every GP Practice
in
Principle 1 - Justify purposes(s) – Individuals, departments and organisations must justify the
purpose(s) for which information is required.
This includes justifying the purposes to the public for specific
patients as well as to the Caldicott Guardians within
each organisation. Every proposed use or
transfer of patient-identifiable information within or from an organisation
should be clearly defined and scrutinised, with continuing uses regularly
reviewed by an appropriate guardian within the practice.
Principle 2 - Don’t use patient-Identifiable information unless it is
absolutely necessary This means
assessing information flows and uses and ensuring that patient identifiable
information is removed unless a genuine case can be made for its inclusion and
there is no alternative.
Principle 3 – Use the minimum necessary patient-identifiable information
Where use of patient-identifiable information is
considered to be essential, each individual item of information should be
justified with the aim of reducing identifiability. This includes the use of the NHS number
rather than any other identifier where possible.
Principle 4 - Access to patient-identifiable information should be on a
strict need to know basis Only those individuals who
need access to patient-identifiable information should have access to it, and
they should only have access to the information items that they need to see.
Principle 5 – Everyone should be aware of their responsibilities Action should be taken to ensure that those handling
patient-identifiable information – both clinical and non-clinical staff are
aware of their responsibilities and obligations to respect patient
confidentiality.
Principle 6 - Understand and comply with the law The most relevant and important of which are the Data Protection
Act 1998, The Access
to Medical Reports Act 1988 and the Police and
Criminal Evidence Act 1984. There
are also other sets of statutory guidance that must be considered such as the NHS IM&T Security Manual
(pdf file) and “For the Record” (which I could find
no internet link for) detailing retention periods for records.
Every
use of patient-identifiable information must be lawful.