Privacy
notices - Summary Care Record Additional Information
In
yesterday’s bulletin, there was an update which outlined the temporary changes
being made to the Summary Care Record (SCR) to make the Additional Information
available to authorised health and care professionals. The Additional
Information will be made available unless a patient has opted out, which they
can continue to do in the usual way. In relation to this change, practices will
need to provide patients with a supplementary privacy notice to cover these SCR
changes. You will be aware from our bulletin of 14 April that NHSX has
developed a privacy notice for use during the COVID-19 outbreak which outlines
key changes in the way patient data may be used. For clarity practices should:
- Retain their existing (pre-COVID-19) Privacy Notices.
- Personalise and publish the NHSX template COVID-19 privacy notice
- Publish the link to the SCR COVID-19 supplementary privacy notice
If you have any questions about the Privacy Notices
please contact the DPO.
Keeping
our practices and IT safe
As part of
our CYBER programme, it is important that staff continue to help us protect our
digital footprint in Gloucestershire, especially with home and remote working
during this pandemic. Please follow these simple steps, which are important to
protect patient data, keep services running and create a safe culture of good
cyber practices:
Restart
your PC each day and apply security updates
Without
having the latest security updates, we are leaving our devices open to attack.
Restarting your devices each day and applying security updates will keep the
door shut and locked.
Weak
passwords risk breaches in patient confidentiality
Passwords are
the best form of defence that we have to prevent unauthorised access, so make
sure you keep them private and out of sight of others. The longer and more
complex your password, the more difficult it is to crack.
If an
email looks untrustworthy, forward it to spamreports@nhs.net
Phishing
happens when hackers and criminals send unsolicited emails that contain
attachments or links to try and trick people into providing access to
information such as patient data, health care records or details of IT systems.
If an email looks untrustworthy (look out for typos, links and unofficial
email addresses), forward it to spamreports@nhs.net and delete it.
Challenge
before giving out information or giving new people access to secure areas
Social
engineering involves criminals using tricks or deception to manipulate people
into giving access to information such as patient data, health care records or
details of IT systems. A social engineer might call and pretend to be a fellow
employee or pose as a “friend” on social media channels. Challenge everyone who
is unauthorised before giving out information or giving them access to secure
areas.
Total
Triage/eConsult - Devon peer support meeting for GPs
Dr
John McCormick (a GP who led the implementation of eConsult throughout Devon)
is holding peer support group meetings via Microsoft Teams for GPs going
through the implementation of Total Triage using eConsult, to help lead change
based on his experience on the Devon accelerator project. The meetings will
take place on Tuesdays from 12pm – 1pm for the next 2 weeks, starting 5th May.
The agenda will be fluid, sharing lessons learned and issues people want to discuss.
Please email scwcsu.glosdt@nhs.net to receive an invitation.