Frequently Asked Questions
Here are some of the questions received concerning Information Governance, and the responses.
Q. Do I need to get consent from patients before putting their details onto a National Register?
A. In some cases Yes. But the Ethic and Confidentiality Committee have granted exemption from Section 251 of the Health and Social Care Act 2008 for the following, which means patient consent is not required before putting PID onto these registers:National Audit of Cardiac Rehabilitation
National Diabetes Audit
Head and Neck Cancer
Mastectomy and Breast Reconstruction
Adult Cardiac Surgery
Cardiac Rhythm Management
Congenital Heart Disease
MINAP (Myocardial Infarction Audit Project)
Adult cardiac interventions.
An up to date list can be found on the NIGB website here :http://www.nigb.nhs.uk/s251/registerapp
Q. If the Trust archives documents, is there a directive that says HOW documents have to be archived, especially whether documents can be scanned and kept as electronically archives only, or if a physical version must be kept?
A. For Patient records there is IG029 Medical Records Repairing and Archiving Casenotes Procedure v1.0 that deals with archiving. There is a review taking place of the way records are scanned and the originals destroyed.
Q. I have a lot of old records and papers, I don't think I need to archive them can I just destroy them?
A. First check in the Retention Schedule to see how long you need to keep them and how you need to dispose of them. There are two Retention schedules, one for Corporate and one for Clinical data. They are under Policies and Procedures on this website.
Q. Is it safe to use my email@example.com email address to send patient details to the PCT?
A. No, it is only safe if you send from firstname.lastname@example.org to another address ending in bcf.nhs.uk, not even another Trust. To send patient details to anyone securely in an email or an attachment you need to do one of these:
a) anonymise the data, taking away any identifying information, or
b) use encryption software to effectively scramble the information so it is unreadable to hackers, or
c) Use an NHSMail email address and send it to another NHSMail address. That will automatically be encrypted.