STATEMENT OF CONFIDENTIALITY
INSTRUCTIONS: This statement is to be read by all personnel including agency staff, interims, contractors and volunteers immediately they first start with South Central Ambulance Service NHS Trust.
One copy to be retained by the signatory and one copy to be held by South Central Ambulance Service NHS Trust.
- All employees/engagments including agency staff, interims, contractors and volunteers are responsible for maintaining confidentiality. This duty of confidentiality forms part of your employment/engagement contract. Breach of information gained in the course of duty may lead to disciplinary action that could result in dismissal. You should also be aware that regardless of any disciplinary action taken, a breach of confidence could also result in civil action for damages.
- In the course of your duties you may have access to confidential information. This will include information about patients, clients, staff records, details of contract prices and terms and other business sensitive data.
- Gaining access or attempting to gain access to information that you do not need to see to carry out your work is a breach of confidentiality, as is passing information on to someone who is not authorised to receive it.
- You must not, whether during or after your employment/engagement with South Central Ambulance Service NHS Trust, unless expressly authorised by the Accountable Officer, make any disclosure to any unauthorised person or use any confidential information relating to the business affairs of the Organisation. This includes any detail about South Central Ambulance Service NHS Trust clients and employees, actual, potential or past and all details relating to information on any of South Central Ambulance Service NHS Trust’s
- Generally personal information given for one purpose must not be used for another purpose without the consent of the person concerned because that use may breach confidentiality.
- Everyone has a legal right to know what information is being collected about them and why, and the purposes for sharing that information.
- For patients, consent cannot be implied for purposes other than healthcare. Non-healthcare purposes could include disclosure to the police, to government departments other than the Department of Health, to the courts, etc. In most cases, patients should be asked for their explicit consent before information is shared for non- healthcare purposes. Seek advice if you are not sure whether specific consent is required.
- Every individual has an obligation to protect confidentiality and a duty to verify the authorisation of another person to ensure information is only passed on to those who have a right to see it and to follow the rules and guidance available to them.
- The rules are there to protect both patient and staff but they should not be applied so rigidly that they are impractical to follow or detrimental to the care of the individual concerned. If in doubt seek advice.
- You are responsible for your decision to pass on information. If you are unsure whether or not to disclose information, consult your line manager and/or if necessary obtain advice from the Head of Corporate Governance, the Caldicott Guardian, Information Governance Officer, teams data custodian or information security team.
- Individuals are required to ensure that confidential information is safeguarded and is kept securely in accordance with all relevant legislation. This includes:
- Data Protection Legislation. This includes the General Data Protection Regulation (EU) 2016/679 (GDPR),
- Data Protection Act (DPA) 2018, the Law Enforcement Directive (Directive (EU) 2016/680) (LED)
- Human Rights Act 1998,
- Health and Social Care Act 2012 as amended by the Health and Social Care (Safety and Quality) Act 2015,
- Privacy and Electronic Communications (EC Directive) Regulations.
- The Caldicott Principles revised 2013
YOUR DUTY OF CARE
- You are responsible for protecting the physical security of confidential information from accidental loss, damage, destruction, unauthorised access or accidental disclosure.
- You must return to South Central Ambulance Service NHS Trust upon request (and in any event upon the termination of your employment/engagement), all documents and tangible items which belong to the Organisation or which contain or refer to any confidential information and which are in your possession or under your control.
- You must not remove or copy any documents or tangible items including software which belong to South Central Ambulance Service NHS Trust or which contain any confidential information from the Organisation’s premises at any time without proper advanced authorisation
- Do not leave confidential information lying around unattended or place paper containing confidential information in the bin. It must be shredded or put in a ‘confidential waste’ container
- You must always wear your identification badge when on South Central Ambulance Service NHS Trust or partner premises and ensure that any visitor’s wear identification badges accordingly. Challenge unknown persons on Organisation premises
- Lock away any confidential information and lock offices when unoccupied
- Do not remove confidential data (held manually or electronically) from South Central Ambulance Service NHS Trust sites without the express permission of your Manager/Head of Service/Director. If this is required as part of your job then you are responsible for following the guidelines for storing and transporting confidential information as set out in the Information Security Policy/Information Governance Staff Handbook
- Be especially careful with the security of portable computers, i.e. hand held devices and laptops and follow the principles set out in the Information Security Policy/Information Governance Staff Handbook
- Take care when giving personal information over the phone – have you identified the person? Do they have a right to know? Can anybody else hear the conversation?
- Be careful when putting a telephone call on hold – what information might they hear?
- Don’t leave personal information on answer phones
- Envelopes containing confidential information must be securely sealed, labelled ‘confidential’ and clearly addressed to a known contact. Medical records or other sensitive information should be sent externally by Special Delivery or by approved courier. Please refer to the Information Security Policy or Data Custodian for more information
Computer & Electronic Security
- Keep your PC screen out of sight of others if personal information is showing and log out or lock your computer keyboard if you move away from your desk
- Never tell anyone your password or share passwords. Change your password regularly
- Do not email or fax patient identifiable information unless approved safeguards are used or there are exceptional circumstances. Consult your line manager if personal or confidential information has to be sent in this way and refer to the Information Security Policy for instructions.
- Ensure you store all information on a backed-up shared drive and not on the hard drive/desktop of your computer. Do not keep or process South Central Ambulance Service NHS Trust confidential/identifiable data on your home PC
- Under no circumstances should you put software on a South Central Ambulance Service NHS Trust PC without permission of the head of the IT department
- Under no circumstances should you connect non-South Central Ambulance Service NHS Trust supplied equipment to the South Central Ambulance Service NHS Trust network or computers – for example personal laptops, iPhones/mobile phones, iPods, iPads/tablet devices.
- The only memory sticks which are permitted for use are those provided by the IT procurement department, which are fully encrypted and meet South Central Ambulance Service NHS Trust security requirements.
- Due to confidentiality interims are required to use a secure NHS email account. This does not infer any employment rights’
- You are also required to:
- Report any security risks/incidents
- Always protect your data
- Ensure that you have accurate and correct information
- Don’t keep information longer than necessary – refer to your line manager
- Do not discuss confidential information with friends or family outside of South Central Ambulance Service NHS Trust or with colleagues in public places
- Read all related policies and guidance on confidentiality and information security
- Do not set up any databases or new information flows for personal data without discussing it with the Head of Corporate Governance
- If in any doubt – do not share information and seek advice before proceeding further.
- I confirm that I am fully aware that I have a legal duty of confidentiality to South Central Ambulance Service NHS Trust. I further confirm that I will not disclose any unauthorised information belonging to patients, South Central Ambulance Service NHS Trust’s staff or South Central Ambulance Service NHS Trust’s affairs and those of other associated organisations to any other party.
- I am aware that any breach of this undertaking is a serious matter that may lead to disciplinary action. South Central Ambulance Service NHS Trust may also instigate legal proceedings against an individual who does not comply with its confidentiality requirements.
- There may be occasions when staff have a duty to raise concerns over health service issues and the legal duty of confidence may be overridden, i.e. a statutory requirement or in the public interest. In all cases references must be made to your line manager or senior manager who will, if necessary take further advice, before any disclosure is made.
- Further information can be found in the relevant policies which I will read as soon as possible after commencing my employment/engagement
ACCEPTANCE By continuing in the application process and submitting your personal details you agree to the above declaration.