Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

transmitting patient identifiable information

advertisement 
Factsheet
13
West Midlands Cervical Screening Programme
Transmitting Patient Identifiable Information:
West Midlands QA Reference Centre Guidance
Patient identifiable information would be information such as:
 name
 address
 full postcode
Partial identifiers are:
 date of birth
 NHS number / hospital number / radiotherapy number / screening unit number /
lab number
 national GP or consultant code
 detailed visual maps showing location of cases
Information should be regarded as potentially identifiable in cases such as:
 data where the denominator population is less than 1000
 data where the number of cases is less than 5
 individual level data (even if the fields requested are not directly identifiable)
Email
Patient identifiable information can be emailed without encryption or file passwords, as long as
both the sender and recipient(s) have an NHS Mail account (end with @nhs.net). If only one has
an NHS Mail account, the security reassurance is lost.
What people would therefore have to do if using this method is check the contacts within NHS Mail
to determine whether the intended recipient has an existing @nhs.net address. Click on the
‘Contacts’ tab and search the directory on the right. If not, a request would need to be made that
they register themselves for one. If people have been asked to set up an account specifically for
this reason, it should be assumed that they will not check for emails on a daily basis. An email
should therefore be sent to their usual work address, informing them to check their NHS Mail
account.
Any NHS employee can set up an account on NHS Mail.
www.nhs.net
•
•
•
•
•
•
•
•
•
This is done by logging onto
Click ‘Register here’
Agree to the terms & conditions
Search for yourself in the Self Registration section, by entering your last name and first
name
You should hopefully appear as a result, with your organisation listed correctly
Select yourself and click ‘Register Me’
A selection of appropriate email addresses will be displayed. Choose your preferred option
Enter your chosen password
Enter three security questions and answers
Click ‘Register’
Once set up, your username is the part of your email address before @nhs.net
West Midlands Cervical Screening QA Reference Centre
Factsheet13 Transmitting patient identifiable data
Last Updated: 13/07/2009
Page 1 of 4
Passwords need to be changed every 90 days for the account to remain active.
NHS Mail account inboxes can be accessed from anywhere with internet connections. Additional
security questions are asked if connecting from outside of an NHS network.
Recipients should always be asked to acknowledge receipt of the email.
Note: Please ensure that the email address you use when sending information via NHS Mail is
correct and is for the correct person.
Also, the guidance currently is that attachments sent between @nhs.net accounts do not need to
be PGP encrypted. However, this is discretional. You can of course choose to encrypt attached
files should you wish to do so, to add extra security should the email address be incorrect. It may
also be advisable to put any identifiable information in an attachment rather than the main body of
the text, even if this is just a couple of lines.
Access databases can not be sent as an attachment via NHS Mail.
Files can still be emailed either from or to a non NHS Mail account, as long as the data is
encrypted using 256-bit key Advanced Encryption Standard (AES) software such as PGP® (which
stands for Pretty Good Privacy) or Utimaco’s SafeGuard® Private, which is more secure than just
simply password protecting a file. It is however only as good as the password used! Therefore a
passphrase, rather than password, should be used. Passphrases should be at least 10 characters
long and contain a mixture of numbers and letters. An example passphrase would be
myb1gyell0wcat. The text of the email can’t contain any patient identifiable information. All
confidential information must be within an attachment.
Not all NHS Trusts are registered with NHS Mail, so not everyone can have access to an @nhs.net
address.
Note: When a document is PGP encrypted, the file extension becomes .exe which a lot of systems
do not allow to pass through their firewall. The way around this is to change the extension from
.exe to .txt (text). The recipient will then need to change it back to .exe once they have saved the
document onto their network. Should this fail to work, the document cannot be emailed and will
have to be sent through the post (see section on Post).
Post
When distributing identifiable information (directly or partial) by post all files need to be encrypted
using PGP.
Recipients should be asked to call or email the sender on receipt for the passphrase.
passphrase should never be sent in the same package as the file.
The
Where it is required, paper copies of documents containing patient identifiable information can be
sent by post, as long as the package is double wrapped (in two envelopes) with ‘Private &
Confidential’ and ‘Addressee Only’ stamped on the front. It is advisable to request receipt of the
package.
Fax
Faxing confidential information is discouraged, unless the destination fax machine is known to be a
designated safe haven fax (i.e. in a secure location and not accessible to non-authorised
individuals).
Before a fax is sent:
West Midlands Cervical Screening QA Reference Centre
Factsheet13 Transmitting patient identifiable data
Last Updated: 13/07/2009
Page 2 of 4
•
•
•
•
•
the intended recipient should be phoned to inform them that confidential information is on
its way
ask them to acknowledge the receipt of the fax
check the fax number
use pre-programmed fax numbers where possible
use a cover sheet, stating “Private & Confidential”
Patient identifiable data should be saved onto the network and must NEVER be saved onto an
individual PC’s hard drive. Any emailed files should be deleted from the mailboxes as soon as
possible.
REMEMBER:
ONLY GIVE OUT CONFIDENTIAL INFORMATION, IF IT IS REALLY NECESSARY
West Midlands Cervical Screening QA Reference Centre
Factsheet13 Transmitting patient identifiable data
Last Updated: 13/07/2009
Page 3 of 4
PGP
PGP only needs to be installed to encrypt files, you do not need to install if you are receiving files
as it is self decrypting.
To install: (this will need require administrator access)
•
•
•
•
•
•
•
•
•
•
•
•
Download from www.PGP.com/Products/Freeware.html
Save to your PC usually in program files
Open zip file
Open PGP.exe
Accept User Licence
May want to click browse – check where its going suggest program files
Unclick all
Click next
Start
Later
Cancel key generations
Restart your PC
To Use:
•
•
•
•
•
•
Right click on file
Select create SDA
Unclick hide password
Type password
Type again
Done
Decrypting files:
•
•
•
•
Double click the encrypted file (it will end .sda.exe)
A dialogue window appears. Click ‘Browse…’ to select where you want to save the file onto
the network (remember not to save it to your hard drive)
In the box below, enter the passphrase
Click ‘OK’. You should then be able to access the file as normal
West Midlands Cervical Screening QA Reference Centre
Factsheet13 Transmitting patient identifiable data
Last Updated: 13/07/2009
Page 4 of 4
Related documents
National Honor Society 20142015 Essay Prompt (Pick one) 1. What
National Honor Society 20142015 Essay Prompt (Pick one) 1. What
Breast feeding rates by age (weeks): children born in 2003
Breast feeding rates by age (weeks): children born in 2003
Innovation Hub Presentation
Innovation Hub Presentation
Helen Suddes – Talent for Care
Helen Suddes – Talent for Care
Download
advertisement