Code of conduct
- Breaches of confidentiality are a serious matter. Non-compliance with this code of y person employed by the Trust may result in disciplinary action being taken. No employee shall knowingly misuse any information or allow others to do so.
- Staff are responsible for safeguarding the confidentiality of all personal and Trust information, transmitted or recorded by any means. All staff are responsible for their decision to pass on information.
- Personal information given or received in confidence may not be passed on or used for a purpose other that that for which it was obtained, without the consent of the provider of the information.
- Report information/confidentiality incidents to clinical risk management
- Information may be passed on to someone else only:
- with the consent of the patient (Gillick competency applies)
- where it is disclosed in the best interests of the patient (e.g. between members of a multidisciplinary team)
- when disclosure is required by a court (or a court order)
- when disclosure is required by statute (that is, by law)
- where disclosure is made in the public interest as described in the defined list of circumstances in ≠Disclosure in the Public Interest≠ below
- when required by the police in conjunction with the prevention/detection of serious crime (e.g murder, rape, kidnapping, causing death by dangerous driving)
- do not disclose to schools, employers, DHSS, etc without explicit consent from patient.
- Adhere to the principles of the Caldicott Report:
- justify the purpose for each use/transfer of patient-identifiable information.
- don≠t use patient-identifiable information unless it is absolutely necessary.
- use the minimum necessary patient-identifiable information.
- access to patient-identifiable information should be on a strict need-to-know basis.
- everyone with access to patient-identifiable information should be aware of their responsibilities.
- understand and comply with the law.
- Adhere to the principles of the Data Protection Act 1998. Personal data must be:
- processed fairly and lawfully
- obtained and used for one or more specified purposes only
- adequate, relevant and not excessive
- accurate and kept up to date
- not kept for longer than necessary
- processed in accordance with the rights of data subjects
- protect against unauthorised access, damage or destruction
- there are restrictions on overseas transfer: obtain explicit consent.
- Need advice? Consult the data protection intranet site or contact the Caldicott Guardian or the Information Protection Officer (ext. 22822).
DISCLAIMER: This site is currently under construction: its content and links may not be accurate.