2.1.2: Confidentiality in all px care

Question 1

What is GDPR?

Answer 1

DPA 2018 implemented GDPR
Increased responsibility to demonstrate compliance and accountability
Increased penalities

Question 2

What is Data Protection Act (1998)?

Answer 2

controls how personal info is used by an organisation, business or government

Question 3

What does the person have the right to in regards to DPA?

Answer 3

Data is accurate
Data is used for specific purposes which should be disclosed to them
Data is used fairly, lawfully and transparently

Question 4

How long can data be kept?

Answer 4

HES- 10 years
General - 8years
Children & young people until px’s 25th bday or 8 years after their death
Clinical trial records - 15 years

Question 5

Who can access the patient’s data?

Answer 5

The patient
Applicant acting on px’s behalf: child’s parent/guardian, someone authorised in writing by px, person appointmend by court

Question 6

What are the 7 principle of GDPR 2018?

Answer 6

• Lawfulness, fairness & transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Accountability
• Integrit & confidentiality (security)

Question 7

What does the store do to meet GDPR?

Answer 7

Not leaving px records open
Password protected screens
Logging off

Question 8

When can GDPR be broken?

Answer 8

When px is at risk of harm - e.g. not reaching driving standard - don’t want to break it, work with px
Safeguarding issues - know who to speak to in practice
Criminal investigations