Forced data audits for GP surgeries
Post date: 22/04/2015 | Time to read article: 1 minsThe information within this article was correct at the time of publishing. Last updated 14/11/2018
NHS authorities can now be forced by the Information Commissioner (ICO) to be audited for compliance with the Data Protection Act.
The move, which came into force on 1 February 2015, allows the ICO to assess England’s NHS foundation trusts, GP surgeries, NHS trusts and community healthcare councils, and their equivalent bodies in Scotland, Wales and Northern Ireland, under section 41A of the Data Protection Act.
The audits will review how the NHS handles patients’ personal information and can review areas including security of data, records management, staff training and data sharing. The legislation will not apply to any private companies providing services within public healthcare.
Christopher Graham, the Information Commissioner, said: “The health service holds some of the most sensitive personal information available, but instead of leading the way in how it looks after that information, the NHS is one of the worst performers. This is a major cause for concern.
“Time and time again we see data breaches caused by poor procedures and insufficient training. It simply isn’t good enough. We fine these organisations when they get it wrong, but this new power to force our way into the worst performing parts of the health sector will give us a chance to act before a breach happens. It’s a reassuring step for patients.”
According to the ICO website, a total of £1.3 million in fines has been issued against NHS organisations.
How MPS can help
- MPS has a range of factsheets on core medicolegal topics that can help with DPA compliance
- MPS’s Clinical Risk Self Assessments for General Practices offer an opportunity for all members of the team to develop practical solutions that promote safer practice. Watch our video here
- Safety Culture 360 - Are your team Safety Culture aware? Take a check-up.
Please note: Medical Protection does not maintain this article and therefore the advice given may be incorrect or out of date, and may not constitute a definitive or complete statement of the legal, regulatory and/or clinical environment. MPS accepts no responsibility for the accuracy or completeness of the advice given, in particular where the legal, regulatory and/or clinical environment has changed. Articles are not intended to constitute advice in any specific situation, and if you are a member you should contact Medical Protection for tailored advice. All implied warranties and conditions are excluded, to the maximum extent permitted by law.