CONFIDENTIALITY POLICY

CONFIDENTIALITY POLICY

The reasons for the Policy:

  • All information about the organisation (in particular patient data) is confidential, whether held electronically or in hard copy
  • other information about Ghosh Medical Ltd (for example its financial matters) is confidential
  • staff will of necessity have access to such confidential information from time to time.

2. RELEVANT CQC FUNDAMENTAL STANDARD/H+SC ACT REGULATION (2014)

  • Regulation 10: “Dignity and Respect”.

3. APPLICABILITY

The policy applies to all employees and contractors engaged by Ghosh Medical Ltd (collectively referred to herein as ‘members of staff’).


4. POLICY

  • Members of staff must not under any circumstances disclose patient information to anyone outside Ghosh Medical Ltd , except to other health professionals on a need-to-know basis, or where the patient has provided written consent, or for some other legal reason (e.g. Court Order regarding disclosure).
  • All information about patients is confidential: from the most sensitive diagnosis, to the fact of having visited the clinic or being registered with the organisation.
  • Members of staff must not under any circumstances disclose other confidential information about the company to anyone outside Ghosh Medical Ltd unless with the express consent of the CQC Registered Manager or representative.
  • Members of staff should limit any discussion about confidential information only to those who need to know within Ghosh Medical Ltd . 
  • The duty of confidentiality owed to a person under 16 is as great as the duty owed to any other person. 
  • All patients can expect that their personal information will not be disclosed without their permission (except in the most exceptional circumstances when disclosure is required when somebody is at grave risk of serious harm).
  • Electronic transfer of any confidential information must be encrypted.  Members of staff must take particular care that confidential information is not transmitted in error by email or over the Internet.
  • Members of staff must not take data from the organisation’s computer systems (e.g. on a memory stick or removable drive) off the premises unless authorised to do so.
  • Members of staff who suspect a breach of confidentiality must inform the CQC Registered Manager or representative immediately.
  • Any breach of confidentiality will be considered as a serious disciplinary offence and may lead to dismissal.
  • Members of staff remain bound by the requirement to keep information confidential even if they are no longer employed at Ghosh Medical Ltd.
  • Any breach, or suspected breach, of confidentiality after the worker has left Ghosh Medical Ltd ’s employment will be passed to Ghosh Medical Ltd ’s lawyers for action.
  • Any patient wishing to have access to their own records will be treated in accordance with statutory requirements.

5. RESPONSIBILITIES OF MEMBERS OF STAFF

All health professionals must follow their professional codes of practice and the law. This means that they must make every effort to protect confidentiality. It also means that no identifiable information about a patient is passed to anyone or any agency without the express permission of that patient, except when this is essential for providing care or necessary to protect somebody’s health, safety or well-being.

All health professionals are individually accountable for their own actions. They should, however, also work together as a team to ensure that standards of confidentiality are upheld, and that improper disclosures are avoided.

Additionally, the Company:

  • is responsible for ensuring that everybody employed or engaged by Ghosh Medical Ltd understands the need for, and maintains, confidentiality.
  • has overall responsibility for ensuring that systems and mechanisms are in place to protect confidentiality.

Standards of confidentiality apply to all staff who are bound by contracts of employment or Contracts For Service  to maintain confidentiality. They must not reveal, to anybody outside the organisation, personal information they learn in the course of their work, or due to their presence in the surgery, without the patient’s consent. Nor will they discuss with colleagues any aspect of a patient’s attendance at the surgery in a way that might allow identification of the patient unless to do so is necessary for the patient’s care.  These requirements will be conveyed to all staff as part of their induction when first joining the organisation.


6. If Disclosure TO THIRD PARTIES is Necessary

If a patient or another person is at grave risk of serious harm which disclosure to an appropriate person would prevent, the relevant health professional can take advice from the CQC Registered Manager or representative, and/or from a professional / regulatory / defence body, in order to decide whether disclosure without consent is justified to protect the patient or another person. If a decision is taken to disclose, the patient should always be informed before disclosure is made, unless to do so could be dangerous. 

Any decision to disclose information to protect health, safety or well-being will be based on the degree of current or potential harm, not the age of the patient. 

In addition, there may be instances where disclosure is necessitated by reason of legal process (e.g. Court Order).  In addition, on occasions the Police may approach Ghosh Medical Ltd for information about a patient e.g. in case of serious crime.  Such situations will call for careful judgement, and will normally need to be subject to confirmation by a Director. Medical staff involved will also be well advised to consult their professional indemnity organisation in advance of any disclosure.


7. CONFIDENTIALITY GUIDELINES FOR MEMBERS OF STAFF 

  • Be aware that careless talk can lead to a breach of confidentiality – discuss your work only with authorised personnel, preferably in private.
  • Always keep confidential documents away from prying eyes.
  • Verbal reporting about patients should be carried out in private. If this is not possible, it should be delivered in a volume such that it can only be heard by those for whom it is intended.
  • When asking for confidential information in circumstances where the conversation can be overheard by others, conduct the interview in as quiet and discreet a manner as possible and preferably find somewhere private for the discussion.
  • Information should be given over the telephone only to the patient or, in the case of children, to their parent or guardian.  Precautions should be taken to prevent the conversation being overheard. Care must be taken to ensure that the duty of confidentiality to a minor is not breached, even to a parent.
  • The duty of confidentiality owed to a person under 16 is as great as the duty owed to any other person.
  • When using computers, unauthorised access should be prevented by password protection and physical security such as locking the doors when offices are left unattended.  Where possible, VDU screens should be positioned so that they are visible only to the user.  Unwanted paper records should be disposed of safely by shredding on site and computer files on hard or floppy disks should be wiped clean when no longer required.
  • If unsure about authorisation to disclose, or a person’s authorisation to receive confidential information, always seek authorisation from the CQC Registered Manager or representative before disclosing any personal health information.

by Dr Arun Ghosh

            

  STAFF PORTAL
  FRANCHISE OPPORTUNITIES