As a doctor you have an ethical, legal and contractual duty to protect patient confidentiality.
- Under data protection law, those responsible for patient data are legally obliged to store it securely and protect it from unauthorized or unlawful processing.
- The General Medical Council (GMC) guidance on confidentiality states that “you must make sure any personal information about patients that you hold or control is effectively protected at all times against improper access, disclosure or loss”.
You must make sure that identifiable patient data is not improperly disclosed in any circumstances. An inadvertent breach of patient confidentiality could result in you facing patient complaints or even a trust disciplinary or GMC investigation.
StegoTime provides an excellent, simple, flexible solution to protect your patient data, while it is stored on your computer, local server, or cloud; or while it is exchanged across the Internet. Simpley, use Stegotime to hide the patient data in an image of your choice (e.g., your patient photo), authroize your patient or any other person who is legally authroized to access this data, and store it or send it to them by email. You can be sure that no one can disclose the data except you, your paient, and those whom you authroized.
Communicating via Mobile Apps
NHS guidance for doctors using mobile apps which lack proper security features – such as WhatsApp – advises that “it should never be used for the sending of information in the professional healthcare environment.”
The guidance warns that, as a consumer service, WhatsApp “does not have a service level agreement (SLA) with users and has no relevant data security certification” and, as such, should not be used to send patient information or details of clinical cases to colleagues.
Data Storage on Portable Devices
When used with care, portable storage devices are a valuable and convenient way to store and transfer data.
However, since mobile devices are particularly vulnerable to loss or theft, security and best practice should be your first priority.
- Avoid storing identifiable personal data on personal mobile devices, such as memory sticks, laptops or personal mobile phones, which risk being misplaced or accessed by other people.
- Familiarise yourself with your trust's information security policy and the name of the person in charge of data security. Always follow trust procedures on the use of mobile devices, laptops and portable data storage.
- If you are worried about whether you should use a portable storage device at work, talk to your trust information officer for advice. Encryption and password protection of data held on mobile devices would be considered to be standard practice.
- Make sure you only transfer or store information in line with your trust's information security policies, and take care not to mix professional and personal data. There can be particular dangers where doctors use the same devices for both professional and personal use.
- Follow relevant GMC and NHS guidance and get to know your legal requirements under data protection law.
- If you lose any data, report the incident to the nominated senior person in your organisation immediately. They can then take appropriate action and inform patients, if necessary.