How we keep your personal information safe and secure?
To protect personal and special category information we ensure the information we hold is kept in secure locations and restrict access to information to authorised personnel only. Our appropriate technical and security measures include:
- annual staff training
- robust policies and procedures e.g. password protection
- technical security measures to prevent unauthorised access
- complying with Data Protection Legislation;
- encrypting information transmitted between partners;
- implementing and maintaining business continuity, disaster recovery and other relevant policies and procedures
- completion of the NHS Data Security and Protection (DSP) Toolkit introduced in the National Data Guardian review of data security, consent and objections, and adhere to robust information governance management and accountability arrangements;
- use of ‘user access authentication’ mechanisms to ensure that all instances of access to any Personal Data under the Kent Medway Care Record (KM Care Record) system are auditable against an individual; i.e. role-based access and smartcard use to ensure appropriate and authorised access
- ensuring that all employees and contractors who are involved in the processing of Personal Data are suitably trained, on an annual basis, in maintaining the privacy and security of the Personal Data and are under contractual or statutory obligations of confidentiality concerning the Personal Data
- Regular audit of practices to ensure adherence against these criteria
The NHS Digital Code of Practice on Confidential Information applies to all staff who access the KM Care Record, they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
All staff with access to Personal Data are trained to ensure information is kept confidential.