The health sector handles some of the most sensitive personal data, and patients have the right to expect that information will be looked after.
As part of our role in supporting the sector, the ICO’s good practice team carries out audits and advisory visits across a broad range of health organisations.
The resources below are based on those experiences. They are practical tools that data protection officers, records managers and information governance specialists can use to help educate colleagues on how to ensure they are operating in line with the Data Protection Act.
We’ll be running through several modules over the coming year, each focusing on a different aspect of data protection law.
First up is records management. Whether at large NHS hospitals or small private dentists, we often see ineffective logging, tracking or movement of manual records.
Those breaches can lead to ICO investigations. We have produced a blog which looks at some of the basic records management mistakes we’ve seen, from care home records found in a derelict garage to patient records left behind after a Trust moved premises.
ICO Good Practice Group Manager Leanne Doherty said:
“Unfortunately, our audits showed a worrying trend of health organisations failing to properly manage the records they held.
“The people we speak to want to get this right. We’ve seen first-hand the professionalism and commitment of people working in information governance in this sector, and we know some of the challenges they face. We’ve looked to create resources that offer them practical support and give them the tools to improve people’s approach to records management in their organisations.”
The resources below are focused on addressing the specific shortfalls we’ve seen.
Not sure where to start?
The ICO’s toolkit helps you to assess your compliance with the Data Protection Act and find out what you need to do. There’s a dedicated records management section, with guidance and links to further reading on:
- Developing records management policy and procedures
- Records inventories
- Tracking and off-site storage
- Security and disposal of data
- Business continuity