guidance for the storage, transmission and

advertisement
Information and I.T. Security Toolkit for GMPs
Physical and Environmental Security
GUIDANCE FOR THE STORAGE, TRANSMISSION AND TRANSPORTATION OF
PATIENT / PERSON IDENTIFIABLE INFORMATION (PII) FOR GENERAL
MEDICAL PRACTICES V2
Note: Adaptation of “LHB Procedures for the removal, transportation and off site storage
of patient or person identifiable information” (Produced by BSC/Gwynedd LHB)
NHS Wales Informatics Service
Issue C
Date Created: 06/092007
Page 1 of 8
Information and I.T. Security Toolkit for GMPs
Physical and Environmental Security
Contents
1
2
3
4
5
6
Introduction
Background
Removal of patient/personal information (from
the practice)
Transportation of Patient/Person Identifiable
information
Taking information home
Computer Security
Appendix 1 - Risk Assessment Form
Appendix 2 - Authorisation Form
NHS Wales Informatics Service
Issue C
Date Created: 06/092007
6
6
6
7
8
9
10
11
Page 2 of 8
Information and I.T. Security Toolkit for GMPs
1
Physical and Environmental Security
Introduction
1.1 There are inherent risks associated with the requirement to take patient or
person identifiable information away from the practice. This document has been
developed with the aim of providing guidance for General Medical Practices.
1.2 This document aims to raise awareness amongst practice staff (clinicians and
administration), ensuring they do not breach the requirements of the Data
Protection Act 1998 or the Caldicott Report guidance. There is existing good
practice that needs to be adhered to including the International Standard for
Information Security (ISO2700), the Information Security Management System
(ISMS) and Health Board guidance. Additional guidance on protecting information is
also available from the General Medical Committee website.
http://www.gmc-uk.org/guidance/current/library/confidentiality.asp
1.3 Patient or person identifiable information is information that can identify any
individual by name, number or a combination of items (staff records would also be
included under this definition), and exists in paper or electronic form.
1.4 Any information which can identify an individual must only be removed from the
practice if there is a justified purpose for doing so
1.5 If there are any issues regarding these procedures they should be immediately
discussed with the IM&T Security Officer, Practice Manager or the Caldicott
Guardian.
2
Background
ISO27001 ‘Information can be vulnerable to unauthorised access, misuse
or corruption during physical transport’
2.1 The Information Commissioners Office states that “personal information, which
is stored, transmitted or processed in information, communication and
infrastructures should also be managed and protected in accordance with the
organisation’s security policy and using best practice methodologies such as
ISO27001”. Therefore, every effort must be made to safeguard this information for
the protection of the data subject, the individual and for the practice itself.
2.2 These procedures aim to highlight and suggest ways of improving the security
and confidentiality of transporting sensitive information, regardless of the medium
to prevent data loss.
3
Removal of patient/personal information (from the practice)
3.1 If a member of staff (including clinicians & administration staff) is required to
take patient or person identifiable information off site as part of their role, the
practice Caldicott Guardian must be informed along with the IM&T Security
Officer/Practice Manager. A Risk Assessment Form (appendix 1) must be completed
by the member of staff in conjunction with the IM&T Security Officer/Practice
Manager.
NHS Wales Informatics Service
Issue C
Date Created: 06/092007
Page 3 of 8
Information and I.T. Security Toolkit for GMPs
Physical and Environmental Security
3.2 An assessment of the risks involved will then be carried
recommendations may be made to the member of staff if appropriate.
out
and
3.3 Once the member of staff & IM&T Security Officer/Practice Manager are
satisfied that the procedures are workable and will comply with current policy, an
Authorisation Form (appendix 2) will be signed and approved by the practice
Caldicott Guardian. A copy will be kept by the IM&T Security Officer/Practice
Manager and a copy given to the member of staff.
3.4 If, as part of the role, a member of staff is regularly required to remove patient
or person identifiable information, they must state this on the Risk Assessment
Form (Appendix 1 - Question 3) and the authorisation will continue until such time
as the termination of the current post or a change in role. However this will be
subject to regular review by the Caldicott Guardian.
3.5
If the need to take patient or person identifiable information away from the
practice is for an isolated reason, this should be stated on the Risk Assessment
Form (Appendix 1 – Question 2). If at any time in the future the need arises again,
the same process will need to be repeated.
4
Transportation of Patient/Person Identifiable information
4.1 Any paper, including medical records taken off site must be logged. The log
should contain the date, details of information, reason for removal, where the
information is being taken and estimated date of return. This is essential to ensure
appropriate audit measures are in place and records can be traced at all times.
4.2 When transferring information electronically it must be considered that it is on a
need to know basis and only the relevant files should be copied. It is easy to
inadvertently copy entire folders particularly when synchronising with portable
devices including laptops, PDA’s or USB storage devices.
4.3 All records must always be transported in a secure way by the use of locked
boxes or locked briefcases, and should be kept with the member of staff at all
times.
4.4 All records, including medical records transported within a vehicle should not be
visible to the general public. All equipment that records any confidential information
should be carried in a locked container and locked in the boot of the vehicle. This
also applies to portable devices including laptops, PDAs and USB storage devices.
4.5 Patient or person identifiable information must not be stored on portable
devices, such as a, CD, floppy disk, USB storage device or laptop unless it is
absolutely essential. If it is deemed to be essential, then the device must be
approved by the practice and must be encrypted.
4.6 When transporting more than one record, only the relevant record should be
taken into patient’s home/nursing home etc. All other records must be left in a
locked container in the locked boot of the vehicle. All due care must be taken to
ensure that the record remains complete at all times and is returned in its entirety
when no longer required.
NHS Wales Informatics Service
Issue C
Date Created: 06/092007
Page 4 of 8
Information and I.T. Security Toolkit for GMPs
Physical and Environmental Security
4.7 Paper, including medical records, should be returned when no longer needed.
They should be logged that they have been returned, signed and dated by the
member of staff. When summaries are provided to carry out ‘house’ calls, these
should be handed back into the practice to update the computer record and the
paper summary should be shredded.
4.8 Personal items such as diaries may contain confidential information that may
include details of home visits. Staff members are reminded to carry these securely
at all times and should not include information that may identify a patient.
4.9 The BSC courier service must be used to internally transport both live and
deceased patient paper records routinely requested by the BSC.
4.10 Copies of paper health records being sent outside the remit of the BSC courier
service must be sent via special delivery.
4.11 The ‘Government Mail - Regional Plus’ service must be used to transport any
portable media containing Patient Identifiable Information such as memory sticks,
CDs and DVDs. Additionally the media must be encrypted and approved by the
practice.
5
Taking information home
5.1 It should be noted that any applicable practice IM&T Security Policies and
procedures will apply wherever the information is located, and should be adhered to
at all times.
5.2 Staff must not take medical records or any confidential information home
overnight.
5.3 If a staff member is required to take confidential information home for the day,
a locked container and all other items containing confidential information including
laptops, files and PDAs; should be locked away in the home and not left in the car
overnight.
5.4 Staff must ensure that the information is not accessible by any other
members of the household (including family, friends, and neighbours) even if these
people are employees of the same organisation.
5.5 Under no circumstances should any family member be allowed to access a
laptop owned by the Practice. This will reduce the risk of accidental incidents
including the loading of illegal software, inappropriate internet access or viewing of
confidential, restricted information.
5.6 Information must not be emailed to, or recorded on, any home PC as there are
numerous issues regarding IT security. If an employee needs to work at home they
should always be provided with the relevant equipment (including secure remote
access tokens if connecting to the network) and access permissions as agreed by
the Practice.
NHS Wales Informatics Service
Issue C
Date Created: 06/092007
Page 5 of 8
Information and I.T. Security Toolkit for GMPs
Physical and Environmental Security
5.7 PDAs and laptops should be connected to the network at least once a week to
enable synchronisation and updated to ensure that all information recorded is
updated to the main Practice network.
6.
Computer Security
6.1 The requirements for securing patient, person identifiable or business sensitive
information in computer systems are detailed in the Practice IM&T Security Policy,
within ISMS.
NHS Wales Informatics Service
Issue C
Date Created: 06/092007
Page 6 of 8
Information and I.T. Security Toolkit for GMPs
Physical and Environmental Security
Appendix 1: Risk Assessment Form
(Working with Person/Patient Identifiable Information (PII) off
site)
About you
Full Name
Post Title
Identifiable Information Type (Tick)
Patient
Please tick ONLY the white boxes below that apply
Personal
Tick
1. Have you signed a Staff Confidentiality & Security Agreement?
2. Does your role require you to take patient or personal identifiable
information off site on a: ‘One off Basis’
3. Does your role require you to take patient or personal identifiable
information off site on a: ‘Regular Basis’
About the PII
Risk
Low
Med
High
4. Original paper documents/records are being used
5. Copies of documents/records are being used
6. Files will be copied onto a Laptop/ PC with up-to-date Antivirus,
Internet Security, firewall and password protected
7. Files will be password protected on Floppy/CD/DVD disc/USB stick
8. PII will be sent by Email outside of NHS net (Wales)
9. The Caldicott Guardian has signed off the process
10. The minimum and relevant information is being taken offsite
About transporting the Person Identifiable Information
High
Med
Low
11. You have a locked container to carry the records/media in
About your Home-working arrangements
Med
12. You have a lockable secure location for overnight storage
13. You have no other members in your household
14. You have other adults in your household
15. You have children in your household
16. In a discrete room with restricted access to others
17. You will be producing documents containing PII
18. If a laptop is to be used between home and the Practice, it is
encrypted to the level agreed by the Health Board.
19. You will be working on a secure home PC/laptop only you can
access
20. You will be working on an unsecured home PC/laptop
21. If a wireless broadband connection is to be used, it is encrypted
and password protected to prevent use by others who may be able to
access the broadband
Low
Low
High
High
Low
Med
Low
NHS Wales Informatics Service
Issue C
Date Created: 06/092007
Med
High
Low
Low
High
High
Med
Page 7 of 8
Information and I.T. Security Toolkit for GMPs
Physical and Environmental Security
Appendix 2: Authorisation Form
Part 2 –Authorisation Form
Practice
Member of Staff
Post Title
IM&T Security Officer/Practice Manager:
I have undertaken a risk assessment with the above member of staff and can confirm
that the Practice has taken the necessary action to ensure that the member of staff is
able to adhere to the procedures for the transportation and off site storage of Patient or
Person Identifiable Information:-
Signature:
Date:
Member of Staff:
I have read and agree to abide by the procedures for the transportation and off site
storage of Patient or Person Identifiable Information:-
Signature:
Date:
Caldicott Guardian & IM&T Security Officer/Practice Manager:
I can confirm that it is necessary for the above member of staff to remove the
information as outlined in Part 1 – Request Form and hereby grant authorisation:-
Signature:
Date:
NHS Wales Informatics Service
Issue C
Date Created: 06/092007
Page 8 of 8
Download