Jr docs need IG training – ICO

  • 19 March 2014
Jr docs need IG training – ICO
The Information Commissioner’s Office will not take regulatory action over NHS Digital/

NHS organisations are confused about how to ensure junior doctors get data protection training, a report from the Information Commissioner’s Office has found.

The report summarises key findings from 19 audits carried out by the ICO  and looks at how NHS trusts comply with the Data Protection Act.

Although some of the trusts audited demonstrated “good practice” in ensuring all staff have mandatory information governance training, the report says that all 19 NHS organisations were confused over “how to best ensure that junior doctors and medical students completed relevant data protection training.”

Sally-Anne Poole, ICO enforcement group manager said: “if organisations are employing temporary or agency workers into positions that involve the handling [and sending out] of personal information then they must make sure these staff have received adequate data protection training.”

The audit also found that although all the organisations had a system in place to track health records, some did not conduct audits for missing files.

It also raised concerns around unlocked trollies full of patient records being found at several trusts.

“In relation to the security of health records we found disparity in how each organisation protected health records while in records libraries and during transport to wards and outpatient clinics,” says the report.

“We observed files being moved around trusts in trollies; some trusts requested that a member of staff collected the trolley while others delivered the trollies direct to the clinic. The common area of concern was that the majority of these trollies were not locked.”

ICO team manager in the ‘good practice team’, Claire Chadwick, said that a person’s health information is one of the most sensitive types of data, and must be handled accordingly.
 
“Our experiences in these audits suggested that tended to be the case. Only one of the audits suggested a substantial risk of non-compliance with the law, while more than half gave reasonable assurance the law was being complied with,” she said.

“This report is an opportunity to review and improve practices and procedures based on our experiences.”

The audit also found concerns around the use of fax machines for sending personal information, but says that all organisations had appropriate information governance related risk registers.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Advanced fined £6m over stolen patient data in 2022 cyber attack

Advanced fined £6m over stolen patient data in 2022 cyber attack

The Information Commissioner’s Office has imposed a £6.09m fine on Advanced for failing to protect personal information during a cyber attack.
ICO guidance on transparency published for health and care sector

ICO guidance on transparency published for health and care sector

New guidance has been issued by ICO over how health and care organisations should be transparent over the use of personal information.
ICO reprimands NHS Lanarkshire for sharing patient data via WhatsApp

ICO reprimands NHS Lanarkshire for sharing patient data via WhatsApp

The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Lanarkshire following the use of WhatsApp by staff to share patient data.