THE HEALTH INFORMATION AND QUALITY Authority has released a guidance document to help prevent future leaks of private information.
Professor Jane Grimson, Deputy CEO at HIQA said that while timely access to patient information was vital to deliver an efficient health and social care sustem, it was vital that the information is “appropriately used and that the privacy of service users’ information is protected”.
The guidelines issued by HIQA today come after “a number of high profile data protection breaches in the Irish health service in recent years”. One such breach saw patient information at Tallaght Hospital accessed by an unauthorised party last year after patient files were sent to a private firm for transcription.
The guidelines include:
- The necessity for a named senior individual to be made responsible and accountable for information governance in their organisation
- Registration with the Data Protection Commissioner outlining why certain information is being held
- Extra-careful safeguards put in place for transferring information outside of Europe
- Compliance with information governance be put in place in staff contracts – and a process put in place to deal with any breaches with policies and procedures
- That all staff members who have access to electronic records have individual login details and passwords (this, presumably, could help pinpoint the source of an information leak)
- Access to storage areas and rooms used to host software and hardware on which personal data is stored be only available to staff with swipe card clearance
- All portable devices capable of carrying personal health information be password-protected and encrypted
The full guidelines can be viewed here.
The document also advises on how to collect the best quality data, stating that “service users are more likely to receive safe and effective care if health and social care professionals have access to accurate and reliable data to support decision-making”.