03 May 2018

Data protection in healthcare: How does GDPR affect you?

Has your inbox been bursting with businesses asking you to review their terms and conditions recently? Not sure why this is happening? Don’t worry! We’ve got you covered with our simple guide to GDPR.

What is GDPR?

The General Data Protection Regulation [GDPR] is a significant and wide-reaching new law rolled out by the European Union intended to protect your data. In just under a month this new law will be enforced, meaning potentially large fines for organisations that don’t comply.

Put simply, it means that organisations that hold information about individuals need to comply with new and in some regards, stricter rules. These rules relate to what information is gathered, why it is gathered, how it’s used and stored and how long it’s retained.

Consent & confidentiality

Central to these rules are the important matters of consent, confidentiality and privacy. Each individual needs to agree to data about them being stored and processed. In some circumstances, consent must be explicit, in the sense that the individual “opts in” by giving their expressed agreement. There are also circumstances where gathering and processing personal data can be undertaken with implied consent, such as in the course of providing a service. In other words, it’s necessary and understood by the individual that data is captured and used.

Under GDPR, organisations that gather or use data about individuals will also have new, additional obligations to store and process that information in a manner that keeps it confidential and the protects the privacy of the individual. 

It’s not just digital…

Crucially, GDPR doesn’t just concern computers and websites. Any records, including paper documents such as application forms, or assessments are also subject to the new rules.

What is Newcross doing to protect sensitive data?

Newcross has always been at the forefront of quality assurance and we’re proud of our track record for protecting confidentiality and privacy.

Long before GDPR emerged, we were independently accredited as being compliant with ISO 27001:2013, the international benchmark for managing information. This means that we already subscribe to a set of standards that ensure the security and safe handling of our computer systems and data.

In response to GDPR, we’re updating policies and procedures and providing new, enhanced training and information for office and healthcare staff. We’re also undertaking additional reviews of our databases and procedures.

How will it affect your work?

Inevitably, it’s necessary to gather often very personal information in the course of providing care.

In the first instance, it’s vital to remember that we must only gather information about individuals - whether service users, clients or colleagues - that’s necessary and justifiable. So be careful of what you write down and record.

Being vigilant is also important; keeping an eye out for sensitive information and constantly ensuring it is well managed and properly protected. Additionally, we need to ensure that we destroy or delete data as soon as there is no further need to retain it.

So, when you receive communications about GDPR or are asked to undergo training, you need to pay close attention.