There is a need to ensure that all transfers of personal and sensitive information (correspondence, faxes, email, telephone messages, transfer of patient records and other communications containing personal or sensitive information) are conducted in a secure and confidential manner. This is to ensure that information is not disclosed inappropriately, either by accident or design, whilst it is being transferred or communicated to, within or outside of the organisation.
All areas from which personal and sensitive information is transferred and received have been identified. A procedure is in place to ensure security and confidentiality is maintained.
There is a documented procedure for the secure transfer and receipt of personal and sensitive information.
The procedure has been approved by senior management
All staff members have been informed about the procedure on secure transfer and receipt of personal and sensitive information and of the need to comply with it.
The procedure has been made accessible to staff in an appropriate location.
All staff members have been informed of the procedure and in particular of their own responsibilities for compliance.
All new staff, temporary and contract staff members are made aware of the procedure and in particular of their own responsibilities for compliance.
Staff compliance with the procedure is monitored. The procedure is reviewed and evaluated on at least an annual basis.
Providing staff with guidance materials and briefings does not provide sufficient assurance that the guidance has been understood and is being followed, therefore compliance spot checks and routine monitoring are conducted.
Latest Information Governance Review meeting