Confidentiality

Data Protection Act and the Caldicott Data Sharing Principles.

We are registered with the Information Commissioner's Office.
Our Data Controller is Colonel A de P Gauvain.
Our Registration number is Z2034744.

We operate in accordance with the Data Protection Act and Caldicott Data Sharing Principles as follows:

Data Protection Act:

1. We tell people what we are doing with their data
People should know what you are doing with their information and who it will be shared with. This is a legal requirement (as well as established best practice) so it is important you are open and honest with people about how their data will be used.

2. We make sure our staff are adequately trained
New employees must receive data protection training to explain how they should store and handle personal information. Refresher training should be provided at regular intervals for existing staff.

3. We use strong passwords
There is no point protecting the personal information you hold with a password if that password is easy to guess. All passwords should contain upper and lower case letters, a number and ideally a symbol. This will help to keep your information secure from would-be thieves.

4. We encrypt all portable devices
Make sure all portable devices – such as memory sticks and laptops – used to store personal information are encrypted.

5. We only keep people's information for as long as necessary
Make sure your organisation has established retention periods in place and set up a process for deleting personal information once it is no longer required.

Caldicott Data Sharing Principles:

1 We justify the purpose(s)
Every single proposed use or transfer of patient identifiable information within or from an organisation is clearly defined and scrutinised, with continuing uses regularly reviewed.

2. We don't use patient identifiable information unless it is necessary.
Patient identifiable information items is not included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).

3. We use the minimum necessary patient-identifiable information.
Where use of patient identifiable information is considered to be essential, the inclusion of each individual item of information is considered and justified so that the minimum amount of identifiable information is transferred or accessible as is necessary for a given function to be carried out.

4. We ensure access to patient identifiable information is on a strict need-to-know basis.
Only those individuals who need access to patient identifiable information have access to it, and they only have access to the information items that they need to see. This requires access controls and splitting information flows where one information flow is used for several purposes.

5. We ensure everyone with access to patient identifiable information is aware of their responsibilities.
Those handling patient identifiable information - both clinical and non-clinical staff - are made fully aware of their responsibilities and obligations to respect patient confidentiality.

6. We understand and comply with the law
Every use of patient identifiable information is lawful and complies with legal requirements.

7. We recognise that the duty to share information can be as important as the duty to protect patient confidentiality.
In the patient's interest we share information within this framework.

Our Therapists are governed by the ethics policy of Human Givens, view by clicking this link