Safe Haven Policy IG006 1016 v2.0 Page 1 of 15

SAFE HAVEN POLICY

(IG006)

Version: 2

Version Superseded: 1

Ratified/ Signed off by: Information Governance Group

Date ratified/ Signed off: 18/10/2016

Name and designation of Lead Policy Author: Martin Vitty, Head of Information Governance

Name of responsible Committee / Individual: Information Governance Group

Name of Executive Lead Phil Bradley, Director of Finance & Senior Information Risk Owner

Date issued: October 2016

Next Review date: 2 years from date issued or earlier at discretion of

the Executive Lead or Author

Type of procedural document eg, HR, IG, Clinical, etc:

IG

Document applicable to, eg all staff, or all clinical, or all admin, etc:

All Hertfordshire Community Trust (HCT) Staff.

Brief synopsis of document:

This document outlines the ‘Safe Haven’ procedure for sending confidential information both internally and externally and by post, email, fax and telephone.

Safe Haven Policy IG006 1016 v2.0 Page 2 of 28

Safe Haven Policy (IG006)

Other policies that this policy

should be read in conjunction

with:

Information Governance

Policy

Confidentiality Code of

Conduct

Specific training info for staff:

The policy is available for reference for all staff. Further

guidance can be obtained from the Head of Information

Governance.

Scope / Statement / Purpose: This policy and the notes attached as Appendices, which define a code of conduct, seek to give direction to staff. General Procedure guidance:

The policy sets out the main requirements for the safe

transfer of patient confidential information within

Hertfordshire Community NHS Trust and externally to

ensure that it is effectively and lawfully managed.

Specific procedure for individual groups:

Procedures detailed in the policy apply equally to all

Business Units, services and teams.

Key Component / Main content

of the Policy:

Detailed process for safe & legal transfer of patient confidential information.

a definition of Safe Haven, patient/client identifiable information;

essential requirements for the management of patient/client identifiable;

information guidance as to when to use the principles set out in this document;

rules around access and disclosure of patient/client identifiable information;

legislation and guidance which dictates the need for a Safe Haven Procedure;

Rules around the different types of Safe Haven routes.

Specific info for equipment:

N/A

Governance & Escalation:

Issues should in the first instance be escalated to the

Head of Information Governance.

Version: 2

Lead Author: Martin Vitty

Exec Director: Phil Bradley

Who is this document is applicable to: All

staff working for or on behalf of HCT

Date Ratified: 18/10/2016

Safe Haven Policy IG006 1016 v2.0 Page 3 of 28

Contents

1. Introduction ...................................................................................................................................... 4

2. Document Intention ......................................................................................................................... 4

3. Explanation of Terms and Definitions ............................................................................................. 4

4. Ownership, Roles and Responsibilities ........................................................................................... 6

5. Trust Policy on the Confidentiality of Information 8

5.1 Safe Haven Storage Requirements ....................................................................................................... 7

5.2 Communicating Patient / Client Identifiable Information ..................................................................... 8

5.3 Sending & Receiving via Courier ............................................................................................................ 8

5.4 Communicating by Fax ............................................................................................................................ 9

5.5 Communicating by Post……………………….......………………………………………….……… 11

5.6 Communicating by Telephone……………………………………………………………….….…… 11

5.7 Communicating by Email………………………………………………………………………….….. 12

5.8 Risk Assessments for Information Transfers………………………………..……………………... 13

5.9 Information Flow Mapping ……………………………………….……………………………………14

5.10 Responsibilities………………………………………………………………………………………. 14

6. Implementation and Training ......................................................................................................... 14

7. Monitoring Compliance and Effectiveness of Policy ..................................................................... 14

8. Review and Control Arrangements ............................................................................................... 14

9. Equality Impact Analyses ........................................................................................................... 15

10. References ................................................................................................................................... 15

11. Appendices .................................................................................................................................. 15

Appendix 1: HCT Training Guidance Notes .......................................................................................... 17

Appendix 2: Monitoring Compliance for Policy ..................................................................................... 18

Appendix 3: Policy/ Procedural Document Amendment(s) Template ................................................... 19

Appendix 4: Version Control Table ....................................................................................................... 20

Appendix 5: Equality Impact Analyses Form ........................................................................................ 21

Appendix 6: Best Practice Information Flows……………………………………...………………………..23

Appendix 7: Good Practice - Confidentiality Checklist………….………………………………………… 25

Appendix 8: Guidance on Information Included in Faxes …………………………………………………27

Appendix 9: When to use a fax for the transmission of Patient Identifiable Information……………… 27

Appendix 10: Guidance on Secure Email ………………………………………………………..…………28

Safe Haven Policy IG006 1016 v2.0 Page 4 of 28

1. Introduction

1.1 1.1 Hertfordshire Community NHS Trust (HCT) is committed to promoting a culture that assures the safety of patient, staff and visitors and in ensuring that staff, other workers and other stakeholders are fully aware of HCT objectives and the way staff must operate to achieve the following objectives.

1.2 The objectives of this policy are to:

ensure that patient/client identifiable information is handled in accordance with the Health & Social Care Information Centre (HSCIC) guide to confidentiality, Caldicott Principles, Confidentiality: NHS Code of Practice 2003 and the Cabinet Office Data Handling Requirements;

ensure that the legal obligations of the Data Protection Act 1998 are adhered to;

provide a consistent approach to the way patient/client identifiable information is handled;

meet the requirements of the NHS Information Governance Toolkit;

provide guidance on the correct way to manage patient/client identifiable information

1.3 The Safe Haven concept should be used to ensure good practice for all patient/ client identifiable information received and sent from the Trust.

1.4 This policy provides:

a definition of Safe Haven, patient/client identifiable information;

essential requirements for the management of patient/client identifiable;

information guidance as to when to use the principles set out in this document;

rules around access and disclosure of patient/client identifiable information;

legislation and guidance which dictates the need for a Safe Haven Procedure;

Rules around the different types of Safe Haven routes.

1.5 This policy should be read in conjunction with the following HCT policies, guidelines and documents / forms available via HCT intranet:

Information Governance Policy

1.6 This version supersedes any previous versions of this document.

2. Document Intention

2.1 Policy Statement – The policy sets out to provide Hertfordshire Community NHS Trust (The Trust) with an agreed framework for the transfer and storage of patient/client information and ensure that staff understands the need to comply with the Data Protection Act 1998 and the Caldicott Principles.

2.2 Aims – The Code of Conduct sets out the processes and procedures to be followed when handling confidential information

2.3 Scope – This policy is applicable to all staff working for, or on behalf of, the Trust (HCT) which includes all bank, agency and volunteer staff.

3. Explanation of Terms and Definitions

3.1 Confidential Information

Safe Haven Policy IG006 1016 v2.0 Page 5 of 28

Confidential information for the purposes of this Code includes: (i) Information where there is a “Duty of Confidence”

Personal Information supplied by an individual where there is a “duty of

confidence” ie a reasonable expectation that the information so provided will be kept confidential and will not be disclosed or used other than with the consent of that individual or as a consequence of lawful disclosure. (eg information given to a doctor by a patient).

All staff have a duty of confidence as part of their employment contract and the

duty continues after the death of the individual who provided the information, the resolution or conclusion of a matter for which the information was provided and, in the case of staff, if a member of staff has left the Trust. (ii) Sensitive personal data

Sensitive personal data is defined in the Data

Protection Act 1998. All personal data held and processed must be done so “fairly and lawfully” under the Act but sensitive personal data is subject to more rigorous criteria to justify fair and lawful processing. Sensitive personal data is defined as personal information about: race or ethnic minority; political opinions; religious or similar beliefs, trade union membership, physical or mental condition; sexual preferences; commission or alleged commission of offences or a legal proceeding.

This category also includes sensitive health information e.g. information regarding

in-vitro fertilisation, sexually transmitted diseases, HIV and termination of pregnancy.

3.2 Person-identifiable information Person-identifiable information is information in any form(1) that contains the means to identify a person, e.g. name, address, postcode, date of birth, NHS number, National Insurance number etc. Any data or combination of data and other information, which can indirectly identify the person, will also fall into this definition. This may also include eg information about health condition or healthcare provision. (1) Any form includes electronically held data on computers, disks or USB sticks, written records, emails, visual images (e.g. photographs or film), mobile phones, etc.

3.3 Anonymised Information

This is information which does not identify an individual directly, and which cannot

reasonably be used to determine identity. Anonymisation requires the removal of name, address, full post code and any other detail or combination of details that might support identification.

3.4 Pseudonymised Information

This is similar to anonymised information in that someone in receipt of information

is not able to identify an individual. However it differs in that the original provider of the information may retain a means of identifying individuals. This will often be achieved by attaching codes or other unique references to information so that the data will only be identifiable to those who have access to the key or index. Pseudonymisation allows information about the same individual to be linked in a way that true anonymisation does not.

Safe Haven Policy IG006 1016 v2.0 Page 6 of 28

4. Ownership, Roles and Responsibilities

The generic statement of roles and responsibilities are in line with the HCT (Trust) GR1 1215 V.4. Roles and responsibilities specific to this particular policy are defined below.

4.1 Designated Committee

4.1.1 The Information Governance Group is the Designated Committee for this policy.

4.2 Lead Executive Director

4.2.1 The Director of Finance is the identified Lead Executive Director for this policy and is responsible for:

(i) affirming the Lead Officer and directing them during the course of the development of this policy & procedure (ii) signing off this policy & procedure as approved for circulation and implementation following approval by the Designated Committee (or its delegate) and (iii) overall supervision of the effective development and implementation of this policy/procedure and (iv) reporting to the Chief Executive and Executive Team any significant issues arising from the implementation of this policy & procedure, including evidence of non-compliance arising from the monitoring process, so that remedial action can be undertaken (v) arbitrating on any questions of interpretation arising from this policy & procedure.

4.3 Lead Policy Author (s)

4.3.1 The identified Lead Policy Author for this policy is the Head of Information Governance who is responsible for:

(i) preparing, drafting, consulting on, and steering this policy & procedure through to the approval, signing-off and distribution stage (ii) following the implementation plan, including ensuring that this policy & procedure as approved is circulated and publicised. This shall include as a minimum submitting the policy for posting on the staff intranet (iii) monitoring compliance of this policy & procedure in accordance with Schedule 2 (iv) ensuring that this policy & procedure is reviewed in accordance with the prescribed timescale (v) reporting evidence of non-compliance to the Lead Director (for action) and to the Designated Committee (for assurance purposes). (vi) submitting this policy & procedure to the Policy Administrator for archiving when it is no longer valid

4.4 Line/ Locality Managers/ Heads of Service

4.4.1 General Managers and Assistant Directors and through their line managers as appropriate, are responsible for ensuring that:

(i) this policy & procedure is available and accessible to their staff (ii) their staff are aware of this policy & procedure and understand their

Safe Haven Policy IG006 1016 v2.0 Page 7 of 28

responsibilities (iii) their staff are trained as in accordance with this policy & procedure and as identified under a Training Needs Analysis (iv) their staff comply with this policy & procedure and that any evidence of non-compliance (individually or collectively) is reported to the Lead Officer and Lead Director (v) taking such action to ensure compliance. Action may include: access to training

use of personal development/appraisal process

providing clear instructions and / or briefings to individuals or groups

in extreme cases, use of performance management/disciplinary

procedures.

(vi) their staff co-operate with the Lead Officer in the exercise of their

compliance monitoring function and that any evidence of lack of compliance

for whatever reason is brought to the attention of the Lead Officer.

4.5 All Staff & Persons working on behalf of the Trust

4.5.1 All staff and persons working on behalf of the Trust have a responsibility to:

(i) understand this policy & procedure and their responsibilities

outlined in this section (ii) comply with the provisions of this policy &procedure (iii) attend or undertake any training in respect of this policy & procedure as

identified by their Line Manager (iv) raise with their Line Manager any issues or concerns they may have in

respect of this policy & procedure , including their understanding or ability to comply with their responsibilities

(v) report in confidence known breaches of this policy & procedure by others to their Line Manager where such breaches have presented or may present a risk of, or actual, significant harm or loss to patients, staff, the public or the organisation as a whole

(vi) report honestly and openly instances to their Line Manager where they are aware that they have individually been in breach of their responsibilities, and where such breach has presented or may present a risk of, or actual, significant harm or loss to patients, staff, the public or the organisation as a whole.

5. Safe Haven Policy

5.1 Safe Haven Storage Requirements Safe haven storage facilities must be established in accordance with the principles detailed below.

5.1.1 All Trust offices must have entry restricted by the use of a locking door control. All

staff must operate a clear desk policy. Patient/ client identifiable information will be

stored in locked drawers or cabinets when not in use.

5.1.2 A nominated person will be responsible for the security of locked cabinets where patient/ client identifiable information is stored within individual business teams. They will be responsible for the safe-keeping of the information stored in the cabinets.

5.1.3 If situated on the ground floor, doors and windows should have locks on them.

5.1.4 The room should conform to health & Safety requirements in terms of flood, theft or environmental damage.

5.1.5 Computers should not be left on view to unauthorised staff and must be set to

Safe Haven Policy IG006 1016 v2.0 Page 8 of 28

automatically lock after a short period of inactivity. Staff must always lock the screen or log out when leaving their desks

5.1.6 There will be instances where safe haven security requirements do not have a fixed location such as a shared network area and / or data warehouse. Access to the identifiable data must be restricted to authorised users only and granted by a responsible Manager i.e. N: drive.

5.1.7 All staff and visitors must display an ID card for all Trust offices

5.1.8 Unauthorised people will not be allowed access to areas where patient/ client identifiable information is kept unless supervised. ID badges will be checked before access is permitted.

5.1.9 A dedicated printer should be provided in the safe haven secure room if required (documents should only be printed where absolutely necessary) and appropriate arrangements for disposal of information i.e. a shredder/ confidential waste. Please note any local printers would not be part of a managed service and therefore will not have support.

5.1.10 Business Teams that have a Safe Haven storage facility within their own work areas should ensure an appropriate tracking system is in place for all information stored in the facility and inform the Records Manager of any existing or newly created Safe Havens.

5.1.11 All business areas that have patient/ client identifiable information must have an appropriate Safe Haven storage facility notify the Records Manager of its existence and ensure that it meets appropriate standards.

5.1.12 Identification and/or approval will be required from a relevant Information Asset Owner (IAO) i.e, General Managers/ Deputy Director before staff are given access to information stored in a Safe Haven.

5.1.13 Where patient/ client identifiable information is requested by a third party an appropriate information sharing agreement must be in place to ensure that confidentiality is maintained and appropriate security measures are in place. A full audit trail must be maintained.

5.2 Communicating Patient/ Client Identifiable Information

5.2.1 When disclosing patient/ client identifiable information internally to other Trust staff it is essential that access permissions are checked before the information is released.

5.2.2 When transferring patient/ client identifiable information between Trust offices or to and from other external sites, the principles set out in this procedure must also be in operation at the receiving point.

5.2.3 When disclosing information outside the Trust, assurances are required that the external requesting party has a designated Safe Haven point for receiving and storing patient/client identifiable information and if returning such information to the Trust, the same principles must apply.

5.2.4 Patient/ client identifiable information received should be restricted to only those individuals who need the information in order to carry out routine tasks. All new rights of access should be approved by the IAO.

5.2.5 External requesting parties should comply with the Trusts Safe Haven Procedure and meet appropriate legislation and related guidance. It is the responsibility of Trusts staff to ensure the receiving party is compliant before transferring the information.

5.3 Sending and Receiving via Courier

5.3.1 Sending - Anyone sending patient/ client identifiable information is responsible for: ensuring an approved courier is used for the transportation of the

Safe Haven Policy IG006 1016 v2.0 Page 9 of 28

information and a contract is in place that covers confidentiality and incident reporting procedures;

ensuring an appropriate Data Sharing, Data Re-Use or Data Transfer Agreement is in place which covers the appropriate permissions and details of transfer;

confirming that the recipient will be available when delivery is scheduled to be made;

ensuring that information is appropriately encrypted; ensuring the information is sealed with confidential tape in either a box

or envelope which has been clearly addressed: Ensuring that the information has been received by the requesting party.

5.3.2 Receiving - Anyone in receipt of patient/ client identifiable information is responsible for: contacting the sender to acknowledge receipt of the information; following the Safe Haven principles set out in this document for the use

and storage of the information; All identifiable information being stored on the secure server with

restricted access. Authorisation to this secure area can only be provided by a nominated Information Asset Owner (IAO) and Information Asset Administrator (IAA). The information must be reviewed regularly and managed in accordance with the principles established in this procedure.

5.3.3 Appendix 7 shows the Good practice Confidentiality Checklist for further guidance.

5.4 Communicating by Fax

5.4.1 Patient/ client identifiable information should only be sent by fax in exceptional circumstances where other transfer methods are deemed unavailable.

5.4.2 Refer Appendix 8 - Guidance on information included in a fax and Appendix 9 – When to use a fax for transmission of person-identifiable information for further guidance.

5.4.3 Fax machines must be kept in a secure location i.e. in a locked room out of any public area to avoid unauthorised access.

5.4.4 Never send a fax to an unsupervised fax machine, unless it is a designated ‘safe haven’ or ‘secure’ machine and ensure that an appropriate person is available to receive the fax.

5.4.5 Do not send large amounts of information containing person identifiable, confidential and/or sensitive information by fax. Only the minimum amount of information required by the recipient must be included.

5.4.6 Do not send faxes to a destination where they won’t be seen for some time (either unattended or outside office opening hours)

5.4.7 Use an alternative method to send patient/client identifiable information if the recipient does not have a fax machine in a secure environment, or use the 2 fax approach. This means splitting the information into 2 separate faxes, one containing non person identifiable information and one containing the identifiable data. The non-identifiable data is sent first and once confirmation of receipt has been received, the identifiable data is then sent. The process is then completed as above for each separate fax.

5.4.8 Make a telephone call to the recipient to inform them that a fax containing person identifiable, confidential and/or sensitive information is being sent, and request confirmation of receipt of the fax.

5.4.9 Double check the fax number before sending and request a report sheet to confirm the transmission was successful.

Safe Haven Policy IG006 1016 v2.0 Page 10 of 28

5.4.10 A cover sheet should be sent with the fax (Appendix 9), which contains a confidentiality disclaimer to the effect of ‘This fax is confidential and is intended for the person whom it is addressed.’

5.4.11 Ensure that fax machines are switched off outside office hours.

5.4.12 Sent and received faxes containing patient/ client identifiable information must be stored in a safe haven environment and disposed of when no longer needed using the designated confidential shredding facilities.

5.5 Communicating by Post

5.5.1 All external correspondence must be clearly marked with the name and address of the recipient.

5.5.2 When sending patient/client identifiable information mark the envelope ‘Private & Confidential – To be opened by Addressee Only’.

5.5.3 Send bulk records (10 or more records) containing patient/ client identifiable information by Royal Mail ‘Special Delivery’ service.

5.5.4 Due to the risk of post going missing, the volume of personal information per envelope should be considered. It is recommended that no more than20 patients’ information should be placed in one envelope.

5.5.5 Confirm the name, department and address of the recipient and ask the recipient to acknowledge receipt of the information.

5.5.6 When appropriate place the document/ record in double bags and send the information by Special Delivery or by courier.

5.5.7 Deliver confidential incoming post immediately or as soon as possible to the recipient but do not leave on the desk or pass to anyone else if the recipient is not available. Lock in a drawer or cabinet until the recipient is available.

5.5.8 Open incoming mail away from public areas. Mail must be opened by the addressee only if marked as such.

5.6 Communicating by Telephone

5.6.1 Patient/ client identifiable information should not be divulged over the telephone because of the risks involved (e.g. being overheard, inadvertent disclosure of confidential information, disclosing confidential information in an appropriate manner etc.)

5.6.2 If the use of a telephone is essential to convey the information then the following security protocols must be adhered to: Confirm the name, job title, department and organisation of the person

requesting the information, ensuring that you are speaking to the correct person. Ring back to confirm that person’s identity;

take a contact telephone number e.g. main switchboard number (never a direct line or mobile telephone number if possible);

confirm the reason for the request; Ensure that the enquirer has a legitimate right to have access to the

information before information is given out and provide information only to the person who has requested it.

if sharing information with other Trust staff ensure you have checked the identity of the person you are calling

before sharing the information ensure the member of staff has a legitimate reason/purpose for

receiving the information ensure that you have consent to share, where necessary check with your manager if you are in doubt about releasing information

before calling the caller back; ask a caller if they are in a location from which they are able to provide

confidential information without being overheard;

Safe Haven Policy IG006 1016 v2.0 Page 11 of 28

ask questions over the telephone that require the enquirer to answer rather than giving them details which they need to confirm e.g. try not to say “is that Joe Bloggs of The Avenue, Anytown?” Instead ask the enquirer who they are and where they live and do not repeat that information out loud;

Put callers on hold if it is necessary to make enquiries elsewhere, so that they can’t hear other confidential conversations that may be going on in the office.

5.6.3 There are privacy risks associated with leaving answer phone messages unless the individual has provided their consent to do so. If you do not have consent then answer phone message left should be limited to your name, the organisation name, and your telephone number.

5.6.4 There is a balance to be struck between respecting the privacy of the individual, not unduly worrying them with an obscure message, and ensuring that the recipient understands that it is a genuine message (e.g. not a scam that is looking to get them to call back a premium rate number).

5.6.5 Staff should take responsibility for considering whether any particular privacy issues exist that could affect whether it is appropriate to leave an answer phone message.

5.6.6 Consider the following: If you leave an answer phone message, the individual may not be the

first to hear it Who else might hear the message? Are you sure you have dialled the correct number? Will the individual fully understand the content of the message? How can you be certain the message has ever been received? You may inadvertently breach the individual’s confidentiality

5.6.7 Answer phones must be located in a secure area and only accessible by authorised personnel. Recorded messages may contain person identifiable, confidential and/or sensitive information; therefore, consideration should be given to which staffs have access to answer machines.

5.6.8 Voicemail boxes should be password protected to control access where this functionality is available, otherwise the phone should be locked away and the speaker volume lowered.

5.6.9 If using a mobile phone to discuss patient/ client identifiable information, the conversation should be politely postponed until in a secure/private area.

5.6.10 Patient/ client identifiable information given to you should not be repeated out loud.

5.6.11 Telephones should not be on ‘speaker mode’ when discussing patient/ client identifiable information.

5.6.12 SMS Text Messages should not be used to convey patient identifiable information

5.7 Communicating by Email 5.7.1 Always consider first if email is the best way to send the information. NHS.net email

is automatically encrypted in transit, therefore any email sent from one NHS.net email account to another (e.g. xxx@nhs.net to yyy@nhs.net) is secure. The user sending the email must first confirm the recipients correct email address, for example verbally over the telephone or through the NHS.net mail directory.

5.7.2 NHS.net email is hosted on the N3 network and as such forms part of the wider public sector Government Secure intranet (GSi). This means that email is encrypted

Safe Haven Policy IG006 1016 v2.0 Page 12 of 28

when delivered to any of the following email domains: Secure email domains in Central Government:

*.gsi.gov.uk *.gse.gov.uk *gsx.gov.uk

The Police National Network/ Criminal Justice Services secure email domains: *.police.uk *.pnn.police.uk *.scn.gov.uk *.cjsm.net

Please refer to HCT email guidelines for full details of email guidance All emails sent between these domains are encrypted in transit and the entire environment/infrastructure is accredited with strict end point access controls. Emails sent to or received from any other domain is untrusted (open to forging, interception or alteration). When sending outside the GSi network, patient/client identifiable information must be removed from the email and sent as an encrypted attachment. Inclusion within the main body of the email is not permitted.

5.7.3 Use must be made of the tracking options to verify once an email had been delivered and/ or read. Otherwise the recipient must telephone to confirm receipt.

5.7.4 Emails containing confidential information should be clearly marked ‘Confidential’ in the subject header box.

5.7.5 Attachments must also be encrypted if they contain patient/ client identifiable information.

5.7.6 Always check that the email address (es) of the recipient(s) appear correctly in the To, Cc and Bcc boxes. Automatic recognition of names can sometimes cause a problem.

5.7.7 If sending to multiple recipients, use a distribution list ensuring security permissions and access controls have been checked. The members of the distribution list can be checked through the Properties button when you select it. Always ensure that the distribution lists contains only those individuals who are authorised to receive the information.

5.7.8 Do not send or forward patient/client identifiable information by email to any person or organisation that is not specifically authorised to receive and view that information.

5.7.9 Do not send emails patient/client identifiable information to your home computer or personal email accounts.

5.7.10 Emails containing patient/ client identifiable information must be stored appropriately upon receipt e.g. incorporated within HR personal records and deleted from the email system when no longer required.

6.8 Risk Assessments for Information Transfers

5.8.1 Information Asset Owners must ensure that risk assessments of proposed transfers of information are conducted; documented and appropriate safeguards are implemented to protect the information (including encryption).

5.8.2 Assessments must consider the urgency, information sensitivity, costs involved and other options available

5.8.3 All users must be made aware of their responsibilities regarding information transfers.

Safe Haven Policy IG006 1016 v2.0 Page 13 of 28

5.9 Information Flow Mapping 5.9.1 The Trust must ensure that all information transfers are identified by determining

where, why, how and with whom it exchanges information. This is known as Information Flow Mapping. This mapping of information, particularly personal confidential information will help identify the higher risk areas of information transfers that require effective management.

5.10 Responsibilities

5.10.1 The Chief Executive has overall responsibility for strategic and operational management, including ensuring that Trust policies comply with all legal, statutory and good practice guidance requirements.

5.10.2 The Trust’s Medical Director, as “Caldicott Guardian” is responsible for ensuring implementation of the Caldicott standards with respect to patient-identifiable information and for: (i) advising managers on the confidentiality, protection and disclosure of patient information and (ii) ensuring that staff have access to appropriate and up to date guidance on keeping personal information secure and on respecting the confidentiality of service users.

5.10.3 The Director of Finance is the identified “Senior Information Risk Owner” (SIRO) responsible for ensuring that all information governance risks are identified, mitigated or eliminated.

5.10.4 The Head of Information Governance is responsible for monitoring compliance with this policy and advising managers on all aspects of information governance including compliance with the NHS Information Governance Toolkit.

5.10.5 The AD Performance and Information is responsible for data quality and technical security. This includes the management of any SLA or contractual arrangement for the provision of IT or other information services.

5.10.6 The Company Secretary is responsible for advising or procuring advice on the legal aspects of confidentiality and data protection

5.10.7 Directors are responsible for ensuring that, through their line managers, all staff: (i) are aware of this Policy and comply with its provisions. (ii) are aware of and comply with Trust policies relating to information governance (iii) attend/undertake mandatory training relating to information governance iv) report breaches of confidentiality and data-related incidents

5.10.8 The Director of Finance & Commerce is responsible for ensuring that arrangements are in place for all contractors to be supplied with a copy of this code or details as to its website availability for reference.

5.10.9 The Director of Workforce & OD is responsible for ensuring that arrangements are in place for ensuring: (i) the contracts of all staff (permanent and temporary) are compliant with the requirements of this Policy and (ii) confidentiality and safe haven processes are included in all corporate inductions and on-going training for staff. (iii) A “Training Needs Analysis” is in place for staff training requirements in confidentiality and information governance issues. (iv) Managers are supported and advised in the event of breaches by staff of this Policy or related policies

5.10.10 Assistant Directors and Line Managers are responsible for implementing this Policy as instructed by their Director

5.10.11 All staff are responsible for ensuring that they: (i) understand this Policy and their responsibilities (ii) comply with the provisions of the Policy

Safe Haven Policy IG006 1016 v2.0 Page 14 of 28

(iii) attend or undertake any training in respect of this Policy as identified by their Line Manager (iv) raise with their Line Manager any issues or concerns they may have in respect of this Policy, including their understanding or ability to comply with their responsibilities (v) report in confidence known breaches of this Policy by others to their Line Manager where such breaches have presented or may present a risk of, or actual, significant harm or loss to patients, staff, the public or the organisation as a whole. (vi) report honestly and openly instances to their Line Manager where they are aware that they have individually been in breach of their responsibilities, and where such breach has presented or may present a risk of, or actual, significant harm or loss to patients, staff, the public or the organisation as a whole.

5.10.12 The Information Governance Sub Group, which reports to the Executive Team, is responsible for overseeing the implementation and monitoring of this Policy.

6. Implementation and Training

6.1 The policy will be made available for reference for all staff at all times and the Trust (HCT) will ensure all staff implementing this policy have access to appropriate implementation tools, advice and training. All new staff will be made aware of the existence of this Policy via corporate and local induction process. Managers must: (i) highlight to staff their responsibility to ensure that they are aware of this Code and the importance that the Trust places on confidentiality and (ii) remind staff of the “confidentiality clause” in their contract of employment.

6.2 Appendix 1 shows the training notes for this policy.

7. Monitoring Compliance and Effectiveness of Policy

7.1 The compliance and effectiveness of this policy has to be tested primarily through audit of Key Performance Indicators (KPIs) as shown in attached Appendix 2. This will be undertaken by the Lead Policy Author in accordance with the timescales identified.

7.2 Insert definition text here

8. Review and Control Arrangements

8.1 The review, updating and archiving process for this policy shall be carried out in accordance with the Trust (HCT) GR1 Policy for Procedural Documents, V.4 by the identified Lead Policy Author.

8.2 Minor revisions and details of amendments are recorded as per Appendix 3.

8.3 The version control table as listed in Appendix 4 enables appropriate control of the policy with listed personnel responsible for its implementation as well as the date assigned/ approved/ circulated.

8.4 Review of this Code will be supported by: (i) an audit of data-related incidents and complaints relating to confidentiality

Safe Haven Policy IG006 1016 v2.0 Page 15 of 28

(ii) a review of publications and guidance identifying good practice. (iii) Benchmarking of incidents with other NHS organisations

9. Equality Impact Analyses

9.1 It is the responsibility of the Lead Policy Author to complete the EIA form (Appendix 5) before submitting the policy for ratification/ sign off.

10. References

Hertfordshire Community NHS Trust Safe Haven Policy v1.0, 2014

11. Appendices

The following appendices are attached to support this policy:

Appendix 1 – HCT Training Guidance Notes Appendix 2 – Monitoring Compliance for Policy Appendix 3 – Policy / Procedural Document Amendment(s) Template Appendix 4 – Version Control Table Appendix 5 – Equality Impact Analyses Form Appendix 6 – Best Practice Information Flows Appendix 7 – Good Practice Confidentiality Checklist Appendix 8 – Guidance on information included in faxes Appendix 9 – When to use a fax for transmission of Personal Identifiable Data Appendix 10 – Guidance on Secure Email

Safe Haven Policy IG006 1016 v2.0 Page 16 of 28

APPENDICES

Safe Haven Policy IG006 1016 v2.0 Page 17 of 28

Appendix 1: HCT Training Guidance Notes This document will be used to ensure effective training monitoring and to seek compliance assurance for the procedural document.

Mandatory Requirement

Session Clinical Staff Non-Clinical Staff

To include learning outcomes

To include frequency of training and delivery methods

To include target audience

To include target audience

Staff to be aware of the requirements for maintaining confidentiality

Induction & refresher training. On commencement and then annually.

All staff All staff

HCT Learning and Development Team, based at Howard Court, Welwyn Garden City, should be contacted for any further advice and guidance.

Safe Haven Policy IG006 1016 v2.0 Page 18 of 28

Appendix 2: Monitoring Compliance for Policy This document will be used to ensure effective monitoring and to seek compliance assurance for the policy.

Policy Name Confidentiality Code of Conduct

Policy Version V2.0

Lead Policy Author Martin Vitty, Head of information Governance

Date of Ratification 18/10/16 Date of Next Review

October 2018

Requirement to be monitored

(WHAT) Lead (WHO) Tool (HOW)

Frequency of Monitoring

(WHEN)

Reporting Arrangements

(WHERE)

Development of Action Plan (WHAT and

WHO)

Monitoring of Action Plan and Implementation

(HOW and WHEN)

Key performance indicators

Responsible Individual / Group / Committee for carrying out monitoring

Process to be used for monitoring compliance

Monthly / Quarterly / Annually – as required

Responsible designated committee for reviewing the results

In case of non-compliance, Action Plan to be generated

Lead(s) to act on recommendations and implementations

Reduction in the number of reported incidents where the safe haven policy had not been adhered to

Head of Information Governance

Incidents reported through DATIX

Monthly Information Governance Group

Head of Information Governance / Risk Manager

Information Governance Group

Ensuring best practice across the Trust through confidentiality audit

Head of Information Governance

Record Keeping Audit, Regular audit & inspection.

Annually Information Governance Group

Head of Information Governance / Service Leads

Information Governance Group

Safe Haven Policy IG006 1016 v2.0 Page 19 of 28

Appendix 3: Policy/ Procedural Document Amendment(s) Template To be completed and attached to any procedural document when submitted to the appropriate committee for ratification after doing Minor/ Technical revision(s). Procedural Document Title: Safe Haven Policy Lead Policy Author: Martin Vitty, Head of Information Governance Ref No: IG006 1016 Version: 2.0 Date Revised: October 2016 Date of Next Revision: October 2018 Summary of Amendments:

Section Heading, Paragraph Number(s)

Description of Amendment(s)

Comments

All sections, paragraphs renumbered

Whole document amended to meet new GR1 1215, V.4 format

Updated as per revised GR1 policy in January 2016

Throughout

Minor corrections to grammar and phrasing

Appendix 10

Inclusion of diagram to show which email domains are secure and which are not.

New Appendix

Safe Haven Policy IG006 1016 v2.0 Page 20 of 28

Appendix 4: Version Control Table

Version No. Status (Draft /

Approved)

Lead Policy Author

Date ratified (dd/mm/yyyy) and assigned Designated Committee

Comment (Key points of

amendments)

2.0

Approved Martin Vitty, Head of Information Governance

18/10/16 Approved

Historical Editions:

Edition / Version and Date

Reason for archiving Date for archiving and location

1.0, July 2014

Superseded by this version (v2.0)

N:HCT/Shared Secure/Archived Policies

Safe Haven Policy IG006 1016 v2.0 Page 21 of 28

Appendix 5: Equality Impact Analyses Form To be undertaken, completed and attached to any procedural document when submitted to the appropriate committee for consideration and ratification.

Name of the Policy

Confidentiality Code of Conduct

Date of Equality Analysis

12/10/16

Those involved in this analysis

Martin Vitty, Head of Information Governance

Intended Outcomes What are the Desired Outcomes? What are the benefits?

Human Rights Approach What are the patient’s core rights as part of this service / function? Are there any gaps identified? What are the risks? What action is needed to mitigate risk and / or close the gap?

Evidence What evidence is being used to support and develop the service / function?

What are the Risks? What are the risks in providing an equitable service? How can these risks be reduced, managed or justified?

Who will be Affected? Identify issues in relation to each of the protected groups below:

Race: None Gender Reassignment: None

Disability: None Religion or Belief: None

Gender: None Maternity & Pregnancy: None

Age: None Marriage & Civil Partnership: None

Sexual Orientation: None

What Workforce Issues, including job role and design, need to be considered?

Engagement and Involvement Who has been involved in this analysis?

None

N/A

Actions Identified: None

S. No. What Who When Cost

Safe Haven Policy IG006 1016 v2.0 Page 22 of 28

Appendix 6: Best Practice Information Flows

Person Identifiable Information Shared by Fax

Requirement Rationale Evidence

1. Wherever possible always send to a known safe haven and ensure you maintain an accurate and up to date reference of fax numbers used routinely. Whist the requirements listed below are intended as best practice to secure fax transmissions to non-safe haven / unconfirmed faxes, they should be considered as a guide for any transmission. It is the sender’s responsibility to ensure the appropriate steps are completed.

Practices

2. Prepare cover sheet : who the information is for, and marked “Private & Confidential”

To ensure appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction, or damage to personal data. Access to person identifiable information should be on a strict need to know basis.

DPA Principle 7, Caldicott Principle 4

3. Ensure the fax contains only the minimum details necessary for the recipients to identify the data subjects

4. Contact the recipient of the fax (or the duly authorised person) to confirm the number and inform them that the confidential information is about to be sent via fax.

5. Ask the recipient (or duly authorised person) to acknowledge receipt / no receipt of the fax.

6. Use pre-programmed numbers wherever possible.

7. Double check the fax number and dial carefully

8. Obtain print record of transmission and complete log

Safe Haven Policy IG006 1016 v2.0 Page 23 of 28

Person Identifiable Information Shared by Telephone

Requirement

Rationale Evidence

1. Confirm the name, job title, department and organisation of the person requesting the information.

To ensure appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction, or damage to personal data. Access to person identifiable information should be on a strict need to know basis.

DPA Principle 7, Caldicott Principle 4

2. Confirm the reason for the information request, if appropriate

3. Obtain a contact telephone number (main office is preferable)

4. Check whether the information can be provided. If in doubt advice the enquirer you will return the call.

5. Provide the information only to the person who has requested it. (Do not leave messages)

6. Ensure that you record your name, date and time of the disclosure, the reason for it and who authorised the disclosure. Also record the recipient’s name, job title, organisation and the telephone number

Person Identifiable Information Shared by Post

Requirement

Rationale Evidence

1. Confirm the name. department and address of the recipient

To ensure personal data is processed in accordance with the subjects under the DPA. To ensure appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction, or damage to personal data. Access to person identifiable information should be on a strictly need to know basis. To understand and comply with the law

DPA Principles 6 & 7, Caldicott Principles 4 & 6

2. Seal the information in a robust envelope

3. Mark the envelope “Private & Confidential – to be opened by the addressee only”

4. When appropriate, send the information by recorded delivery

5. When necessary, ask the recipient to confirm receipt

Safe Haven Policy IG006 1016 v2.0 Page 24 of 28

Transporting Person Identifiable Information

Requirement Rationale

Evidence

1. Person identifiable information should only be taken off site when absolutely necessary, or in accordance with the local policy

To ensure appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction, or damage to personal data. Access to person identifiable information should be on a strictly need to know basis. To understand and comply with the law

DPA Principles 6 & 7, Caldicott Principles 4 & 6

2. Record what information you are taking off site, why and if applicable, where and to whom you are taking it.

3. Information must be transported in a sealed container / envelope.

4. Never leave person identifiable information unattended.

5. Ensure the information is returned to site as soon as possible.

6. Record that the information has been returned

Safe Haven Policy IG006 1016 v2.0 Page 25 of 28

Appendix 7: Good Practice Confidentiality Checklist Information Flows For all the ways in which person-identifiable information flows into and out of the organisation, check that no unnecessary data are included. For example: • Check solicitors’ letters have written consent • Check complaints made on behalf of others have written consent • Take care when giving information to relatives • Take care when giving information about children to separated parents • Take care how you deal with telephone requests for information Fax machines • Ensure fax machine is sited where unauthorised people cannot see or access it • When sending information by fax, do not include person-identifiable details unless absolutely necessary • Programme numbers into fax memory to avoid misdialling Written documentation • Ensure that medical notes are not left unattended and in unlocked rooms • Check no unauthorised people can access medical records • Ensure incoming letters/letters for signature files are secure and are not in transparent envelopes • Do not leave paperwork lying on desks / in trays especially in offices where the public have access • Where information is no longer required, shred all paper containing person-identifiable information. For example:

• Post-it notes • Memos • Surgery lists • Un-issued scripts • Culled letters (e.g. when tidying notes) • Remove all person-identifiable information from meeting rooms, following completion

of meeting Spoken communication Check spoken conversations cannot be overheard. For example: • Are the reception desks and consulting rooms private? Computers • Are your computer passwords adequate, kept confidential and changed regularly? • Do you use a password protected screen saver? • Are computer screens sited where they cannot be seen by unauthorised people? Contracts • Ensure all staff contracts contain a suitable confidentiality clause; remind staff of

easily made mistakes • Ensure all supplier contracts contain confidentiality clauses

Safe Haven Policy IG006 1016 v2.0 Page 26 of 28

Appendix 8: Guidance on information included in faxes

Background

Although the use of fax machines has become commonplace, many people fail to realise

that faxes have many vulnerabilities which could result in the wrong person reading the sent

document. If the document contains person-identifiable information, the duty of confidence

each of us has in law dictates that we do not have the right to ignore these vulnerabilities.

The use of fax machines to transmit personal data or other confidential information is

discouraged. Staff should engage with recipients to explore alternative methods.

Key Messages

The basic tenet when transferring person-identifiable information is that in all circumstances

where person-identifiable data are disclosed the data items transferred should be kept to a

minimum. Only those items of data essential to the purpose of transferring the data should

be included in the document: extraneous and irrelevant items should be omitted or blocked

out prior to transmission.

Maximum Baseline Information

At all times consideration should be given to the amount of information that is being

transmitted. The ONLY identifying details required are the minimum necessary for the

recipient to identify the data subject(s).

Obviously this will depend upon many things including the data access items required for the

recipient’s access to their own information, the sender’s confidence in the accuracy of the

data and whether the sender is offering items of identifying data in order to update the

recipient’s systems.

An identifying code such as NHS number or Hospital Number is fairly indecipherable unless

the recipient has the ‘decode’. Therefore it makes a good basis for the transfer of patient-

identifiable information. Caldicott recommends the use of the NHS number only. However,

this will not work if one or other of the parties does not have access to NHS number. A

sensible alternative maximum baseline would be a combination of the following:

A code common to both parties (NHS Number, Hospital Number of equivalent)

Another correlating piece of information to positively identify the data subject such as an

element of the date of birth or the first three letters of the postcode

Names should only be used in those circumstances where there are no other common items

between the parties. Addresses should not be transferred unless critical to the purpose of

the transmission.

Safe Haven Policy IG006 1016 v2.0 Page 27 of 28

Appendix 9: When to use a fax for transmission of Personal Identifiable Data

Can I use a fax to send Personal Identifiable Data?

Ask yourself:

• Do I really need to use a fax?

• Is it really that urgent?

• Will normal mail or courier be sufficient?

You can use a fax in the following cases:

• For urgent referrals

• In an emergency where delay would cause harm

• Child Protection

• Ambulance transport (if required)

• Urgent transmissions to GP practices

Do not use a fax in the following cases:

• For very sensitive information (HIV, STDs, incriminating information etc.)

• Routine matters

• When other methods will do

What is the procedure?

• Prepare cover sheet

• Contact recipient

• There to receive?

• Call-back if not received

• Check number

• Dial carefully

• Check valid response if able

• Monitor transmission

• Suspend if anomalies

• Obtain printed record of transmission

• Complete log

Safe Haven Policy IG006 1016 v2.0 Page 28 of 28

Appendix 10: Guidance on Secure Email

The following diagram shows email domains which are and which are not secure to

send Personal Identifiable Data between:

@nhs.net

@nhs.net @hscic.gov.uk

@gsi.gov.uk

@gse.gov.uk

@gsx.gov.uk

@police.uk

@pnn.police.uk

@cjsm.net @scn.gov.uk

@gcsx.gov.uk

@mod.uk

@hct.nhs.uk

@hct.nhs.uk

@bedfordshireccg.nhs.uk

@enhertsccg.nhs.uk

@hblict.nhs.uk

@hchs.nhs.uk

@hct.nhs.uk

@hertspartsft.nhs.uk

@hertsvalleysccg.nhs.uk

@hpft.nhs.uk

@lutonccg.nhs.uk

@hertfordshire.gov.uk

@hct.nhs.uk

@bedfordshireccg.nhs.uk

@enhertsccg.nhs.uk

@hblict.nhs.uk

@hchs.nhs.uk

@hct.nhs.uk

@hertspartsft.nhs.uk

@hertsvalleysccg.nhs.uk

@hpft.nhs.uk

@lutonccg.nhs.uk

@hertfordshire.gov.uk

@hct.nhs.uk

@bedfordshireccg.nhs.uk

@enhertsccg.nhs.uk

@hblict.nhs.uk

@hchs.nhs.uk

@hct.nhs.uk

@hertspartsft.nhs.uk

@hertsvalleysccg.nhs.uk

@hpft.nhs.uk

@lutonccg.nhs.uk

@hertfordshire.gov.uk

@hct.nhs.uk

@bedfordshireccg.nhs.uk

@enhertsccg.nhs.uk

@hblict.nhs.uk

@hchs.nhs.uk

@hct.nhs.uk

@hertspartsft.nhs.uk

@hertsvalleysccg.nhs.uk

@hpft.nhs.uk

@lutonccg.nhs.uk

@hertfordshire.gov.uk

@hct.nhs.uk

@bedfordshireccg.nhs.uk

@enhertsccg.nhs.uk

@hblict.nhs.uk

@hchs.nhs.uk

@hct.nhs.uk

@hertspartsft.nhs.uk

@hertsvalleysccg.nhs.uk

@hpft.nhs.uk

@lutonccg.nhs.uk

@hertfordshire.gov.uk

@hertfordshire.gov.uk

@hct.nhs.uk

@nhs.net or any other secure email @[NHS TRUST NAME].nhs.uk @[LOCAL AUTHORITY NAME].gov.uk

@nhs.net @[NHS TRUST NAME].nhs.uk @[LOCAL AUTHORITY NAME].gov.uk