All users must accept the agreement which comes with this guidance. Employees may use the [% settings.app_abbr %] data system only if they are issued with an authorised password. Unauthorised sharing of passwords is prohibited. The system administrator maintains a list of authorised users, and all login attempts, successful and otherwise are recorded.
The Leeds Hospitals Trust is registered under the Data Protection Act to use the information for the health care of individuals and for administration only. Employees must not disclose information to organisations or individuals for any other reason.
The medical data of patients must only be disclosed for the purposes of health care or administration. The consent of the patient is required for anything else. Consent is required for research.
Check the identity of the enquirer and make sure the person is entitled to the information. Enquiries from outside the Trust, such as from relatives or from other organisations, need particular attention.
Employees are unlikely to be criticised for refusing to disclose information when there is a genuine doubt. On the other hand a hasty, illegal disclosure could result in disciplinary action.
If you are unsure about whether to disclose information then seek advice. Ask your line manager or contact the system administrator. A good rule of thumb is to disclose information on a 'need to know' basis only.
If you have access to the Internet, you should have already signed an Internet Access Agreement with your local hospital. Restrictions on how you may use data applies equally to electronic data and to printed data. Sending computerised or printed health records without consent to some countries outside Europe contravenes Data Protection law.
It is the duty of all staff handling computerised patient data to protect it. Security measures such as keeping the office locked and not leaving screens switched on and unattended must be employed. Unintentional disclosures would still be a breach of the Data Protection Act. Superfluous computer printouts of personal medical data must be destroyed and not used as scribbling pads.
Further information or advice on Data Protection matters can be obtained by contacting the Trust's Data Protection Officer on 0113 392 6936. IT Security matters will be dealt with by the IT Help Desk on 0113 392 6655.