Data Protection and Confidentiality

Question 1

What is GDPR?

Answer 1

General Data Protection Regulation
-> Data is processed lawfully and within the rights of the individual.

Question 2

What is a ‘Data Subject’?

Answer 2

A person.
-> Has to still be confidential for those who have passed away

Question 3

Give some examples of data processing.

Answer 3

• Collecting
• Recording
• Organising

Question 4

What is a ‘Data Controller’?

Answer 4

Someone with the responsibility for processing information.

Question 5

What is personal information?

Answer 5

Any information which could be used to identify a person.

Question 6

True or False: When recording patient information, you can collect whatever data you want.

Answer 6

False. You should only retain a minimal amount of data needed.

Question 7

What is special category data?

Answer 7

Personal information which is sensitive.

Question 8

Give an example of special category data.

Answer 8

Heath data.

Question 9

True or False: Special category data cannot be processed.

Answer 9

False. It can be processed if one of the following apply:
- Patient has given consent
- It is necessary for the purpose of healthcare or treatment

Question 10

True or False: The processing of special category data must only be done by a professional.

Answer 10

False. Anyone can do the processing but it has to be under the responsibility of the professional.

Question 11

If a patient would like access to their information, how long have you got to provide them it?

Answer 11

1 month

Question 12

What are 3 ways when we may have disclosure of confidential information?

Answer 12

• Patient agrees
• Law requires it
• It is in the public interest

Question 13

When disclosing confidential information, should the receiver of the data be made aware that the data is confidential?

Answer 13

Yes

Question 14

True or False: You need to make records when disclosing confidential information.

Answer 14

True
-> Legal protection

Question 15

Which people can ask for information without consent of the patient?

Answer 15

• Police
• Healthcare regulator
• NHS counter-fraud investigation officer
• Coroner, judge, relevant court
  -> MUST ask questions (e.g. proof) to make sure that they aren’t pretending to be someone else.

Question 16

What are some reasons why information may be requested for the public’s interest?

Answer 16

To prevent:
- a serious crime
- serious harm to patient or third party
- serious risk to public health

Question 17

What should you do if information has been breached?

Answer 17

It should be reported to the Information Commissioner’s Office (ICO) within 72 hours.