Croner, the employment law and HR specialists, provide advice for protecting patients’ data.
Since the introduction of the EU’s General Data Protection Regulation (GDPR), imposed in UK law by the Data Protection Act 2018, more focus has been cast on data protection within organisations. This has long been a core matter for dental practices due to the vast amount of patient data that is retained in order to provide a dentistry service. Now that fines for breaching data protection rules have greatly increased, practices are likely to be reviewing their internal procedures to ensure they are not falling foul of the law.
Taking steps to minimise data protection or confidentiality breaches will help prevent patient data being compromised, as employees understand their responsibilities and can carry out their role effectively, whilst meeting their data obligations.
Provide employee training
To ensure practices are not at risk of breaching their data protecting obligations, it is key that all members of staff receive appropriate training on data handling. This should include:
- how to collect patient data appropriately
- which methods are used to securely store patient data
- what to do in the event of a data breach.
To ensure there is clear transparency, and to provide guidance in the future, a data protection policy can be implemented which clearly outlines matters such as employee responsibilities, security and storage systems, monitoring of employees, and the consequences of a data protection breach.
Appoint a responsible person
In most practices, it will often be a sensible idea to allocate data protection responsibilities to one member of staff. Whilst this does not remove overall responsibility or liability away from the practice, it ensures that there is day-to-day monitoring of data protection compliance. Where monitoring creates an alert that there is a risk of a data breach, or a data breach has occurred, this can be actioned in a timely manner. Such experiences can also be used to train other employees or to provide guidance when necessary.
A key part of protecting patient data is ensuring employees are maintaining patient confidentiality. This is a core part of dentistry due to the sensitive nature of the data collected from patients. To explicitly outline the practice’s confidentiality rules, a confidentiality clause can be added to employees’ employment contracts or post-termination restrictive covenants, to confirm the restrictions over disclosing patient data.
An additional confidentiality policy can be created that outlines what information is covered, the restrictions on disclosing information and the consequences should confidentiality be breached. Providing training that covers common scenarios where confidentiality can be breached, such as online, through email or over the phone, will help employees understand their obligations and apply these in practice.
When you're a practice principal, your Dental Protection membership includes access to an expert employment law and health & safety helpline, provided by our trusted partners, Croner. Call 01455 639 076 and quote the membership number 60000 to speak to an advisor.
If you are a Dental Protection Xtra member you get full access to Croner-i Business Essentials. Email email@example.com and quote your Xtra membership number to register for an account.
Find out more about Dental Protection Xtra