Data Protection Principles
- Personal data shall be:
- Fairly and lawfully processed
- Processed for specific purposes only
- Adequate relevant and not excessive
- Not kept longer than necessary
- Processed in accordance with the data subject’s rights
- Not transferred to countries outside the UK without adequate protection.
The Act requires Tide End Clinic to register as a Data Controller with the Office of the Information Commissioner detailing the purpose for which personal information is used and use of data beyond that specified in the registration is unlawful. An annual fee is paid to the ICO’s to maintain notification on the register.
Disclosure of Personal Information
Whether personal information can be disclosed to others is dependent on a number of factors, including, whether the patient/service user has consented to the information being shared, to whom the information is being disclosed and the reason for its disclosure.
In order to ensure the confidentiality of personal information, systems and procedures are in place to control access to such information. Such controls are essential to ensure that only authorised persons have physical access to computer hardware and equipment and access to either electronic or paper records containing confidential information about individuals.