Within the health sector, we have to follow the Common Law Duty of Confidentiality, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. The NHS Care Record Guarantee and the NHS Constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.
Everyone working in, or for, the NHS Dorset CCG must use personal information in a secure and confidential way. We are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All CCG staff, contractors and Governing Body members are mandated to attend annual training to ensure they are aware of their personal responsibilities and contractual obligations to uphold confidentiality. This is monitored by the CCG and can be enforced through disciplinary procedures. We ensure that any external companies who support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We also ensure that the information we hold is kept in secure locations, and restrict access to information to authorised personnel only. We use administrative and technical controls to do this. We protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it). We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you where it is appropriate to their role and is strictly on a need-to-know basis.
The CCG has a Director responsible for protecting the confidentiality of patient information, called the Caldicott Guardian. This role is carried out by the Director of Nursing and Quality who can be contacted by emailing firstname.lastname@example.org or by telephoning 01305 368070.