Ensuring the confidentiality and data protection of information
In addition to professional guidance issued by bodies such as the General Medical Council and the Health and Care Professions Council the laboratory service must adhere to Protecting Patient Confidentiality NHS Scotland Code of Practice on protecting patient confidentiality and the Data Protection Act 2018/ EU General Data Protection Regulations. The laboratory services works very hard to ensure the safe and secure storage, use and management of information. We regularly review our policies, procedures and practice to make sure it is kept up to date.
We ensure the confidentiality and data protection of information in the following ways:
We provide our staff with confidentiality training
All of our staff undertake specific training in confidentiality. This training helps staff to follow the rules that govern the care and release of confidential data.
When we recruit new staff, they are required to undertake Corporate Induction, which includes undertaking NHS Ayrshire & Arran’s Information Governance training. On employment of new staff they are required to read, agree and sign a confidentiality statement. Local induction also includes a detailed briefing on departmental processes for ensuring the appropriate levels of confidentiality and information governance.
We have a Caldicott Guardian
We have an individual who is the ‘Caldicott Guardian’ for our organisation. Within NHS Ayrshire & Arran this is the Medical Director. The job of a Caldicott Guardian is to ensure that we take all appropriate steps to protect the confidentiality of patient information. The Caldicott Guardian is responsible for advising on, agreeing and reviewing protocols governing the protection, use and disclosure of patient information. The Caldicott Guardian leads a team of Information Governance experts, who specialise in confidentiality and data protection.
We follow confidentiality and data protection regulations
We follow:
- Data Protection Act 2018/ EU General Data Protection Regulations (GDPR)
- Protecting Patient Confidentiality: NHS Scotland Code of Practice and Caldicott Principles
Our organisation has a Data Protection, Confidentiality and Privacy Policy which details how NHS Ayrshire & Arran will meet its legal obligations and NHS requirements concerning data protection, confidentiality and privacy.
When we have to use information that could identify an individual
While many laboratory tests are performed within the Area Laboratory, for some rare or complex tests patient specimens may be sent to specialist laboratories elsewhere that have the necessary expertise. In some cases there will be only one specialist laboratory in the whole country that performs a particular test; using referral laboratories is therefore essential.
There is a detailed policy in place to govern how we choose these referral laboratories. Referral laboratories are selected for their expertise and their quality standards. We regularly check their accreditation status, which gives us assurance that they have procedures in place for the protection of information and the safety of our patients.
We also have a specialist laboratory within the Area Laboratory and we receive specimens from across the country. Our laboratories therefore have procedures in place for the protection of information from the patients within NHS Ayrshire and Arran and patients from elsewhere.
When specimens are sent to a referral laboratory we need to provide some ‘patient identifiers’ such as name and date of birth. In some tests it is essential to send further information, for example, symptoms or travel information, to allow the referral laboratory to interpret the results for our individual patient. In some tests, ethnic origin and family details may need to be shared with the referral laboratory.
Consent to a specimen being taken and analysed is given by the patient presenting at the point of specimen collection. The responsibility for obtaining informed consent for the test(s) resides with the medical staff ordering the test. Informed consent should cover all the tests being undertaken, implications of the results of these tests and the disclosure of clinical and personal details to appropriate healthcare personnel. It should also be noted that healthcare personnel have password protected, role specific, access to secure electronic systems.
The laboratory may release confidential information when required by law or contractual agreements for example Public Health Scotland or other official agencies
See our Data Protection Notice for further information.
All patients, samples and specimens and remains shall be treated with due care and respect at all times. The integrity of retained samples and records will be maintained in the event of closure, acquisition or merger of the laboratory.
All relevant information, including Freedom of Information requests will be made available as appropriate. See NHS inform for further information.
If you would like more information
We provide policies and information which can be accessed on this website.
For more information on patient confidentiality, please contact Information Governance via:
- phone: 01563 826813/25897
- email: informationgovernance@aapct.scot.nhs.uk
For laboratory-specific enquiries, please contact:
- Gary Collins, Quality Manager – 01563 825140, Gary.Collins@aapct.scot.nhs.uk