Information management and technology security policy

The medical information we hold are protected by major acts of parliament that govern the use of information in the practice.

The Data Protection Act 1998

The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
We make sure that personal information is:

  • Fairly and lawfully processed.
  • Processed for limited purposes.
  • Adequate, relevant and not excessive.
  • Accurate and up to date.
  • Not kept for longer than is necessary.
  • Processed in line with your rights.
  • Secure.

The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

The Computer Misuse Act 1990

The Computer Misuse Act 1990 is designed to protect computer systems and software from unauthorised access and/or modification. It makes it an offence to gain access to or modify data without authority.

The Freedom of Information Act 2000

The Freedom of Information Act 2000 gives individuals the right to be told whether information is held by a public authority,and a right to have that information supplied on request subject to certain exemptions.

Caldicott Principles

The data held by your doctor complies with Caldicott principles. Use of confidential patient information should have:

  • Have a justifed purpose.
  • Not be used unless absolutely necessary.
  • Use only minimum necessary person identifiable information.
  • Others who need access will only be shown the necessary information on a strict need-to-know basis.
  • All users of the information understand and comply with the law.



Comments are closed.