Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Data Protection Regulations

Published byIda Kurnia Modified over 5 years ago

Similar presentations

Presentation on theme: "General Data Protection Regulations"— Presentation transcript:

1 General Data Protection Regulations
GDPR General Data Protection Regulations

2 General Data Protection Regulations
The GDPR is Europe's new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon.  The EU's GDPR website says the legislation is designed to "harmonise" data privacy laws across Europe as well as give greater protection and rights to individuals. Within the GDPR there are large changes for the public as well as businesses and bodies that handle personal information.

3 Key Terms Data Controllers – Partners
Data Processors – You, me, everyone! Data Protection Officer – External ”expert” (TBC) Data Subject – The individual whose information we are processing Personal Data – Information relating to a Data Subject Processing – Operation performed on personal data Recipient – The entity we are disclosing information to

4 Video about GDPR Introduction to GDPR

5 What is an information asset
An information asset is a body of information, defined and managed as a single unit so it can be understood, shared, protected and exploited effectively. Information assets have recognisable and manageable value, risk, content and lifecycles.

6 What Information do we hold
Asset Register on public folder Add anything you come across which could be consider identifiable information (either paper or electronic) Les will then complete boxes if you are stuck on what to do – me to say what you have added. Retention Policy Electronic files on computers should be deleted in line with the retention policy.

7 Who do we share information with
District Nurses Secondary care Pharmacies Private providers* Insurers* Research study teams* Path lab OOH Social services Social care providers Care homes *With consent!

8 Privacy Notices Poster in waiting room Information on our website
Information sheet at reception Patient may ask for a copy of the information sheet, this must be given to the patient.

9 Online Access Form to be completed at the desk
Photographic ID is needed Can register wife/husband/children over 12 with the patients signed consent form Can register children under 12 if at the same address as both parents registering

10 Children Reaching 12 Under GDPR all children are allowed to decide who can access their records from the age of 12. Monthly a search will be run to identify all patients who have turned 12 (numbers will be low) Open EMIS Access and check if patient is registered for online access Only if patient is registered, de register them and add them back on – generating a new registration form. In EMIS print the letter explaining to the patient why they have been re-registered. Add the code as per process GDPR10

11 What about your information
You have the same rights as patients over information the practice holds about you. Employee data policy GDPR 11 – please read, ask questions and sign once understood.

12 Rights as Individuals under GDPR
Right to be informed Right to access Right to rectification Right to erasure Right to restrict processing Right to data portability Right to object Rights in relation to automated decision making and profiling.

13 Privacy Notices One for patients and one for staff Plain language
Displayed in public areas Read them! Feel free to feedback and ask questions as patients may ask you! Outlines the information we hold, how we use it, share it, store it etc. How long we keep the information – retention policy to compliment the notice How to request a copy of the information Who our DPO is – Current TBC How to complain - about compliance, request refusals etc.

14 Patient Questions You will need to be able to answer any patients questions Do not direct questions to Jane or Me If you don’t know the answer, ask Jane or myself and then share the answers with everyone else. So... If I ask a question you may need to answer it....

15 Subject Access Requests
Free!!! May be able to charge if excessive, multiple requests or unjust Deadline reduced from 45 days to 1 calendar month Extension of 2 months can be requested Verifying requests from third parties (solicitors/insurers) – New form  Clock will start ticking when we verify the request (we cant intentionally delay this) New software to help with third party redactions

16 Subject Access Requests
Form will need to be completed at the front desk. You may need to complete it on behalf of a patient Verbal request have to now be complied with, as such you may need to complete the form by asking the patient the questions over the phone. Patients should collect the records themselves where possible, where not possible we will need written consent from the patient (form available) to allow records to be handed to someone else on their behalf.

17 Children and Medical Records
Scotland have decided any child 12 or over (who has competency) is to have the same rights as an adult with their records. Tests which parents were at will be record as with mum/dad etc and this is consent to give results. We may need to get consent from children 12 or over to disclose information These are not our rules but the law under GDPR (general data protection regulations) Consent is only valid at the point the consent is given and for that single purpose. Records will alerts will need to be reviewed as to what the practice will do. This is going to cause issues and frustrations so use your common sense when assessing if consent is needed. You are amazing at doing this so simply keep doing what your doing.

18 Data Breaches Data Breaches will happen as we are only human and human’s make mistakes. If a data breach occurs or you think one has happened a data breach from must be completed. At the moment the form is the information commisioner office (ICO) form but a practice form will be used to simplify the reporting. Not all breaches are reportable to the ICO but the practice manager MUST be aware of all breaches in case the patient complains to the ICO Like clinical significant event analysis SEA, the form and subsequent investigation is to look at how to improve the systems and the practice, not to look for blame.

19 Still to do Patient Asset Register Staff Asset Register
Posters for waiting room Website Visitors book and confidentiallity

20 Summary New law applying from 25th May, we must comply
We all have a part to play as processors Privacy Notices will be circulated – familiarise yourselves Patients (and 3rd parties) can request copies of their information for free Evolutionary – Please ask questions and feedback, no one is an expert! Don’t panic! (that’s my job!)

21 Any Questions G D P R

Download ppt "General Data Protection Regulations"

Similar presentations

HIPAA Myths and Realities for Physician Practice Managers Presented by Shana Wolfe, CHC Corporate Compliance Officer, Washington County Health System Co-chair.

HIPAA Myths and Realities for Physician Practice Managers Presented by Shana Wolfe, CHC Corporate Compliance Officer, Washington County Health System Co-chair.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Practical Information Management

Practical Information Management
Self Directed Module 3 Patients’ Right to Object to Disclosures (“Opt Out”) START Click to begin… H I P A A T R A I N I N G.

Self Directed Module 3 Patients’ Right to Object to Disclosures (“Opt Out”) START Click to begin… H I P A A T R A I N I N G.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.

Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.
The Medical College of Georgia HIPAA Privacy Rule Orientation.

The Medical College of Georgia HIPAA Privacy Rule Orientation.
HIPAA Privacy What Every Staff Member Needs to Know.

HIPAA Privacy What Every Staff Member Needs to Know.
Information Governance Support Information Governance Services

Information Governance Support Information Governance Services
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Data Protection Regulation

Data Protection Regulation
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – What’s it all about???

GDPR – What’s it all about???

Similar presentations

Ads by Google