he organisation is committed to security of patient and staff records.
The organisation will take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally complaint. This will include training on Confidentiality issues, DPA principles, working security procedures and the application of best practice in the workplace.
The organisation will undertake prudence in the use of, and testing of, arrangements for the backup and recovery of data in the event of an adverse event.
The organisation will maintain a system of “Significant Event Reporting” through a no-blame culture to capture and address incidents which threaten compliance
DPA issues will form part of the organisation’s general procedures for the management of risk
Specific instructions will be documented with confidentiality and security instructions and will be promoted to all staff.