How care homes can ensure the security and privacy of residents’ personal information

Posted on 13th February 2012

For a care home, keeping residents’ personal and medical information confidential is not only ethically right but also a requirement under law. The Data Protection Act stipulates exactly what can and cannot be done with private data.

A care home keeps a multitude of personal information, ranging from names, previous addresses, clients’ financial details and medical records. It’s much more data than you might imagine.

The Department of Health produces the following information in relation to the scope of the Data Protection Act:

The Act defines personal data as that which relates to a living individual who can be identified:
- from that data or
- from that data and any other information which is in the possession of, or likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any intentions of the data controller or any other person in respect of the individual.

Data is defined as information which is:
- processed automatically or recorded with the intention to process automatically or
- recorded as, or with the intention that it be, part of a manual “relevant filing system” which is further defined in the Act or
- contained in a health, educational or social services record.

A health record for the purposes of the Act is one which relates to the physical or mental health of an individual which has been made by or on behalf of a health professional in connection with the care of that individual.

Thus with the exception of anonymised information most if not all NHS information concerning patients, whether held electronically or on paper, will fall within the scope of the Act. The inclusion of manual or paper based records within the scope of the Act is one of the major changes from the 1984 Act.

As you can see, this covers just about all aspects of a care home’s client base.

It pays to be secure – or more pointedly, it costs to be lax

The penalties for not adhering to the Data Protection Act are severe. Companies are supposed to keep their clients’ data secure but if they fail to do so, they are hit hard financially. Fines of between £80-120K are not in anyway unusual. What is more, it is not difficult to break the act. In the healthcare field, one prosecution followed from an employee looking at her sister-in-law’s medical record to see what medication was being supplied.

Just imagine that this was your care home. You keep your records in a filing cabinet or on a shared access file on a computer server and one of the employees – with best intentions – divulges something they shouldn’t. It’s easy to do and extremely costly financially and in terms of the reputation of a nursing home.

What can you do to ensure you’re being compliant?

Using a document management system is the answer. You control the data, you control the security access and you can safely manage the risk. A document management system will let you relax and remain comfortably within the law. All access to the system has electronic signatures. This not only verifies the authenticity of the document, but will also only allow the user to get the information they are cleared to get. Only certain members of staff that you authorise will be able to print documents, leaving you safe in the knowledge that inappropriate documents that should remain confidential won’t be left lying around to be read by relatives, or worse, by people not related to the client. Not only would that be embarrassing, it would be a breach of the Data Protection Act, so could prove very costly to your business.

There are other major advantages to this system in that document management software enables you to manage your business-critical information. You can search, retrieve, view and distribute documents instantly. You can capture, organise and access any content and design automated workflows that will streamline your business. So your data will be secured and accessed as it should, and, additionally, you will be more efficient.

So the choice is obvious. Using a document management system complies with both the letter and spirit of data protection. It gives you the control you need to ensure your staff aren’t leaving you liable as a result of their actions, no matter how well intentioned. And if you think it won’t happen to you, just check out the prosecutions and lists of fines on the Information Commissioner’s Office website:

http://www.ico.gov.uk/what_we_cover/taking_action/dp_pecr.aspx.

You’ll soon see how much not implementing a secure document management system this will cost and just how easy it is to fail to comply.

71- to 80-ppm Accounts payable a high-quality colour TFT touch screen Autonomy iManage WorkSite canon Canon Printer computers convert PDF files copiers Disaster Recovery DMS Document Management Document Security duplicating eCopy PDF Pro Office EDM electronic document management Embed Flash Embed Microsoft Silverlight extraordinary reliability follow me printing imageRUNNER ADVANCE 6055 imageRUNNER ADVANCE 6055i imageRUNNER ADVANCE 6075 imageRUNNER ADVANCE 6075i imageRUNNER ADVANCE C2020 imageRUNNER ADVANCE C2030 Invoice Processing Ledger Monochrome MFP Microsoft SharePoint Multifunctional Embedded Application Platform office equipment OpenText DocsOpen paper PDF print printer printing scan secure print staff telephones typewriters uniFLOW V5 Version check PDF