Data Protection at the Confed – Simon Harris’ Blog
Alongside Simon Harris’ core role as Lead Business Analyst, he is the Data Protection Officer for Leeds GP Confederation. Below he shares what his role entails and his key tips to uphold data protection.
Key elements of my role as Data Protection Officer include:
- Monitoring and advising on the Confed’s compliance with internal and external Data Protection Laws and Policies.
- Providing practical advice on best practice regarding data security and sharing.
- Overseeing Data Protection Impact Assessments where data are shared and assessing the risks involved.
- Ensuring the nationally published Data Security Toolkit (DSP) is maintained and updated.
- Assisting with the investigation of potential or actual data breaches.
The Confed network and security infrastructure is largely managed by the GP IT Team within the Integrated Care Board (ICB) in Leeds. The Confed uses NHS Mail and the high level of security that this offers. Whilst technical policies and procedures are in place to ensure no data security breaches, there remains a need for everyone to consider their own approach to any data sharing before they do so.
Many breaches arise from an email being mistakenly sent to the wrong recipient. Whilst Auto – Complete can be useful there can be people with similar names. Always double check the recipient is the intended contact and if unsure, send a quick email just to confirm.
Another example is the use of the Blind Carbon Copy (Bcc) function. By default, the Bcc address box is not shown, so it needs to be selected and email addresses entered into that specific box to hide them. Email addresses being visible is not necessarily a security breach, however where we have staff who use a non-NHS mail address we ensure to BCC them in emails. Only NHS Mail to NHS Mail is permitted if there is a requirement to share patient level details and this should only be used when absolutely essential.
Have a look at the below for best practice when sending emails to groups where the email addresses need to be concealed.