Organisations should ensure that access to confidential personal information is monitored and audited locally and in particular ensure that there are agreed procedures for investigating confidentiality events.
There are documented confidentiality audit procedures in place that include the assignment of responsibility for monitoring and auditing access to confidential personal information. The procedures have been approved by senior management or committee and have been made available throughout the organisation.
Responsibility for documenting confidentiality audit procedures that cover monitoring and auditing access to confidential personal information has been assigned to an individual or group.
There are documented confidentiality audit procedures that clearly set out responsibilities for monitoring and auditing access to confidential personal information.
The procedures have been approved by senior management, an appropriate committee or other established local governance process and have been made available throughout the organisation.
All staff members with the potential to access confidential personal information have been made aware of the procedures. The procedures have been implemented and appropriate action is taken where confidentiality processes have been breached.
All staff members with the potential to access confidential personal information have been informed that monitoring and auditing of access is being carried out, of the need for compliance with confidentiality and security procedures and the sanctions for failure to comply. Staff might be informed through team meetings, awareness sessions, staff briefing materials, or staff may be provided with their own copy of the procedures.
The procedures have been effectively implemented and appropriate action is taken where confidentiality processes have been breached or where a near-miss has occurred. Therefore staff compliance is monitored and there are case reviews if confidentiality processes have been breached or if there has been a near-miss incident.
Latest Information Governance Review meeting
No Breaches or near misses have been recorded
Access to confidential personal information is subject to regular review and, where necessary, measures are put in place to reduce or eliminate frequently encountered confidentiality events.
Latest Information Governance Review meeting
All systems holding confidential personal information have audit trails that detail anyone and everyone that has accessed a record.
Logging configurations are publically available