What will be the lawful basis of processing health information going forward?
No one in the health and care sector is immune from the changes that are coming into force in May 2018.
All providers will need to make sure they hold and use information in a way that is compliant with new data processing conditions.
We have written a short guide to give you an overview of the new GDPR regulations and how they compare to the current Data Protection Act. With regards to the use of CMS within your business, you need to update your polices to reflect:
- An individual’s personal data will not be shared with a third party without prior consent
- You obtain consent from both staff and residents to store personal data
- You ensure your data is secure and confidential and all staff have their own login to access CMS. The database itself is secure and is password protected but you are responsible for user logins and passwords.
- Data is not retained longer than needed and is deleted when no longer required
- You are able to restore data in a timely manner in the event of a physical or technical incident
- You regularly audit and test your processes.
- You are registered with the ICO.
There are many resources out there to insure you are compliant.
We are also releasing our own GDPR strategy document to add to your records. This outlines out commitments to ensure that we are GDPR complaint by 25th May.