Privacy Policy for Awaken Clinic

Policy Statement

For this policy, confidentiality relates to the sharing of personal, sensitive or identifiable information about individuals or organizations (confidential information), which comes into the possession of the organisation through its work.

Awaken Clinic is committed to providing a confidential service to its users. No information given to Awaken Clinic will be shared with any other organization or individual without the user’s explicit consent.

Awaken Clinic holds personal data about its staff, users, members etc. which will only be used for the purposes for which it was gathered and will not be disclosed to anyone outside of the organisation without prior permission.

All personal data will be dealt with sensitively and in the strictest confidence internally and externally.

Purpose

The purpose of the Confidentiality Policy is to ensure that all staff, members and users understand the organization’s requirements in relation to the disclosure of personal data and confidential information.

Principles

• All personal paper-based and electronic data must be stored in accordance with the GDPR 2018 and must be secured against unauthorized access, accidental disclosure, loss or destruction.
• All personal paper-based and electronic data must only be accessible to those individuals authorized to have access.
• Awaken Clinic is committed to effective audit of the use of and quality of its services to monitor performance. All audit records shared with third parties, such as to support staff appraisal or monitoring reports for regulators shall be produced in anonymous form, so individuals cannot be recognised.

Protecting Confidentiality in Discussions

It is not acceptable for staff to:

• Discuss matters related to the people in their care outside the clinical setting
• Discuss a case with colleagues in public where they may be overheard
• Discuss one patient with another without explicit and written consent.
• Consultations must not be undertaken where privacy and confidentiality cannot be assured.

Protecting Confidentiality Using the Telephone

• If telephone conversations to patients or potential patients are conducted in areas where they may be overheard, such as in reception or waiting areas, staff will not verbalize any identifiable confidential information, such as names, addresses or telephone numbers.
• Answer phone messages must not be played back aloud, where they can be overheard.
• Messages, if confidentiality may be breached, must not be left on answer phones without the express permission of the patient.

Protecting confidentiality Using Computers/ internet

• Computer screens should not be visible to members of the public
• Access to data held on a computer must be password protected with access restricted to personnel with permissions
• Confidential patient information should not be shared by email without encryption

Protecting Confidentiality patient records (see policy- medical records)

Protecting confidentiality using social media or mobile devices

• Practitioners/employees will avoid using mobile devices to communicate with patients where confidential sensitive information might be disclosed.
• Respect all communication by text or messenger apps as part of the medical record.
• Practitioners will not store or retain patient information on mobile devices.
• Where mobile devices are used, devices must be password protected and stored securely.
• All confidential information must be stored securely on a cloud (not on the device itself) and encrypted.
• Explicit and written consent must be obtained for sharing any patient information, including photographs, on social media.

Records

All hard copy records are kept in locked filing cabinets. All digital records are maintained securely in compliance with GDPR 2018. All hard copy information relating to service users will be kept securely. This includes notebooks, copies of correspondence and any other sources of information.

Breaches of Confidentiality

Awaken Clinic recognizes that occasions may arise where individual workers feel they need to breach confidentiality. Confidential or sensitive information relating to an individual may be divulged where there is risk of danger to the individual, a volunteer or employee, or the public at large, or where it is against the law to withhold it. In these circumstances, information may be divulged to external agencies e.g. police or social services on a need to know basis.

Legislative Framework

Awaken Clinic will monitor this policy to ensure it meets statutory and legal requirements including the GDPR 2018. Training on the policy will include these aspects.

Ensuring the Effectiveness of the Policy

All staff members will receive a copy of the confidentiality policy, and associated guidance notes. Existing and new workers will be introduced to the confidentiality policy via induction and training. The policy will be reviewed annually, and amendments will be proposed and agreed by the Stephanie France. Staff members are required and supported to develop and maintain an understanding of information governance appropriate to their role.

Non-Adherence

Breaches of this policy will be dealt with under the Grievance and/or Disciplinary procedures as appropriate.