In order to ensure confidentiality, we take the following measures:
- All staff employment contracts contain a confidentiality clause.
- Access to personal data is on a “need to know” basis only. Access to information is monitored and breaches of security will be dealt with swiftly by the Practice Director, Mr Phillips.
- We ensure that personal data is regularly reviewed, updated and deleted in a confidential manner when no longer required. Where a person ceases to be a patient of the practice, we keep patient records for at least 11 years or until the patient is aged 25 – whichever is the longer. We will retain them for no longer than 30 years, in accordance with current Department of Health guidance on records management – Code of Practice Part 2, Annex D1 2009 (policy updated 16.9.2016).
For further information, please refer to our Confidentiality Policy.
physical security measures
In order to ensure that data we hold (whether on paper records or on computer) remains physically secure, we observe the following rules:
Personal data may only be taken away from the practice premises at Malt Mill Lane in exceptional circumstances and with authorisation from the Practice Director, Neil Phillips. If personal data is ever taken off practice premises, it must never be left unattended in a car or public place.
Patient records are now stored on computer. The only patient information retained on paper are the medical history forms, which are retained to allow re-signing on subsequent visits, and original incoming correspondence (eg letters), which must be retained for medico-legal reasons notwithstanding that this is also scanned into the computerised records. Lockable cabinets are provided in reception to store these. Correspondence and patient information in the office is stored in a locked filing cabinet out of office hours. Archived records are stored in the practice loft, which is only accessible by ladder through the office, which is itself kept locked when not in use. This makes our remaining paper records inaccessible to patients or other visitors to the practice premises.
- The computer screen at reception has been fitted with a special polarised privacy filter that makes it impossible for anyone to see what is displayed on the screen unless they are positioned directly in front of it (like the operator/receptionist). This means that patients cannot see others’ information by leaning over the desk.
The practice premises are secured when not in use. All doors have at least two locks or bolts. Locks are re-keyed at regular intervals following changes of keyholder staff. The practice windows also have security locks. The practice also has a comprehensive 10-zone security and fire alarm system, which is linked to a remote monitoring service that automatically summons keyholders, the police or the fire brigade, as appropriate, in the event of an intrusion or fire.
The practice has a business continuity plan in place which will be implemented in case of a disaster (eg fire, flood, earthquake, tsunami, hurricane), which includes procedures for protecting and restoring personal data.
When physical patient records are destroyed, this is done in a secure fashion: written records, correspondence, photographs, x-ray films and mounts are shredded using a cross-cut shredder for maximum security. This may also be sub-contracted to a suitable confidential waste contractor such as Devon Contract Waste.
information held on computer
Information held on computer requires particular precautions. We follow these procedures to protect it:
The practice uses passwords to protect computerised records. These are known only to the people who require access to the information. Staff are instructed never to write down passwords.
Team members using computers are given training in how to avoid unintentional deletion or corruption of information.
Computer system users are granted access to system functions only where they are strictly necessary to perform the particular functions of their job. Administrative functions are reserved to the Practice Director only, reducing the risk of accidental alterations to system settings that may result in data corruption.
Specialist dental computer software used for maintaining clinical records has a full audit trail facility to prevent the overwriting or erasure of data. The software records details of any amendments made to data, who made them and when.
The practice computer system is protected by antivirus/anti-malware, boundary firewall and individual machine firewall systems in order to minimise the risk of unauthorised access, data corruption or data loss. These are updated automatically in real time and are also checked on a monthly basis by our IT support company to ensure the software and the definitions it uses are the most recent versions (refer to Testing, Maintenance, Audit & Compliance Schedule).
The practice computers’ operating system software is updated in real time and double-checked every month by our IT support company (refer to Testing, Maintenance, Audit & Compliance Schedule) so as to minimise system vulnerability to viruses, trojans and other malware and to reduce the risk of unauthorised access, data corruption or data loss.
We operate several systems of backups and redundancy to ensure that data is not lost: (i) the server operates mirrored hard-drives so that all data is simultaneously stored in real time on two separate hard drive units in case one should fail; (ii) the server contains a third hard drive that automatically makes a daily cumulative backup of all clinical data; (iii) all clinical data stored on the server is copied to the office computer every night using a network backup system; (iv) we operate an automated, encrypted daily “cloud” backup that copies all critical data (both patient and administrative records) to a remote server which is located in London.
- We have an agreement in place with our cloud backup services provider to ensure that all our obligations in this policy are fulfilled and that all information is secure.
Loss of information
Any loss, damage to or unauthorised disclosure of information must be reported immediately to the Practice Director, Neil Phillips.
Web version 7: 23.5.2018 (reviewed 11.11.2018)
Previous web versions: 31.12.2010 (reviewed 25.1.2012); 15.3.2012; 12.3.2013; 19.6.2014 (reviewed 5.6.2015); 3.8.2016; 1.9.2017