Information and I.T. Security Toolkit for GMPs Physical and Environmental Security
Toolkit 7 – Physical and Environmental SecurityTask / Template(s)/documents provided / Completed
( & Date) / Comments
7.1 / Visitor Control
Visitor Control is Documented
To Include:
- Clear signage of patient/non-patient areas
- All patients are aware of how to check in on arrival
- All non-patient visitors are booked in and accompanied supervised during their time on site and also booked out on departure.
- All contractors are made aware of any Health & Safety Regulations and the practice’s code of conduct
- All maintenance work is verified and signed-off before contractor leaves the practice
- All practice staff aware of following the Visitor Control Policy
7.2 / Physical Siting and the Patient Area
Areas containing servers and critical comms equipment (Switches, hubs, firewalls & routers) are controlled with strong physical security measures, e.g. use of combination locks on server rooms.
Ensure all computer equipment is sited to avoid hazard to staff and patients / Health & Safety at Work Act
HSE Website -
Display screens in patient area are not visible to patients or other members of the public
NHS Wales Informatics Service / Issue D / Date Created: 06/09/2007 / Page 1 of 1
Information and I.T. Security Toolkit for GMPs Physical and Environmental Security
Toolkit 7 – Physical and Environmental Security (continued)Task / Template(s)/documents provided / Completed
( & Date) / Comments
7.3 / Mobile Computing
A mobile computing policy is in place / Reference: Supplementary Policies, Toolkit Folder / If mobile computing involves removal of PII off site then the Risk Assessment Form (Working with Person/Patient Identifiable Information (PII) off site) must also be completed.
Relevant staff are aware of the policy
Mobile computing procedures are in place, to include:
- Staff are aware that equipment taken off the Practice premises should not be left unattended in public places and stored securely
- Portable computers to be carried as hand luggage, kept in sight at all times and when transported by car kept in a locked boot and removed when car is unattended
- Portable equipment is protected in accordance with manufacturers instructions
- Adequate security is in place for use of wireless devices (e.g. laptops), for example, encryption or strong authentication
- Regular audits are undertaken of the mobile equipment to ensure everything is accounted for
7.4 / Off Site Working
A documented risk assessment template is available for use to determine if Off Site Working can be undertaken / Risk Assessment Form(Working with Person/Patient Identifiable Information (PII) off site)
NHS Wales Informatics Service / Issue C / Date Created: 06/09/2007 / Page 1 of 2
Information and I.T. Security Toolkit for GMPs Physical and Environmental Security
Visitor Control Guidance
Patients:
- All patients should report to reception on arrival
- Patients should not enter designated non-patient areas
- Non-patient areas should be clearly signposted, and protected by physical security measures (for example key-codes on doors)
Non-patient Visitors:
- All non-patient visitors should be booked in on arrival and booked out on departure (for example using a visitor sign-in book)
- The identity of all non-patient visitors should be verified by ID and/or existence of an appointment
- All non-patient visitors should be accompanied by a member of staff whilst on-site
Contractor/Maintenance Visitors:
- All contractors should be booked in on arrival and booked out on departure (for example using a visitor sign-in book)
- The identity of all contractors should be verified by ID and the existence of an appointment
- All contractors should be made aware of any Health & Safety Regulations and the practice’s Code of Conduct
- All maintenance work must be verified and signed off prior to the contractor leaving the practice
Guidance for the storage, transmission and transportation of
Patient / person identifiable information (PII) for General Medical Practices V2
Note:Adaptation of “LHB Procedures for the removal, transportation and off site storage of patient or person identifiable information” (Produced by BSC/Gwynedd LHB)
Contents
1 / Introduction / 62 / Background / 6
3 / Removal of patient/personal information (from the practice) / 6
4 / Transportation of Patient/Person Identifiable information / 7
5 / Taking information home / 8
6 / Computer Security / 9
Appendix 1 - Risk Assessment Form / 10
Appendix 2 - Authorisation Form / 11
1 Introduction
1.1 There are inherent risks associated with the requirement to take patient or person identifiable information away from the practice. This document has been developed with the aim of providing guidance for General Medical Practices.
1.2 This document aims to raise awareness amongst practice staff (clinicians and administration), ensuring they do not breach the requirements of the Data Protection Act 1998 or the Caldicott Report guidance. There is existing good practice that needs to be adhered to including the International Standard for Information Security (ISO2700), the Information Security Management System (ISMS) and Health Board guidance. Additional guidance on protecting information is also available from the General Medical Committee website.
1.3 Patient or person identifiable information is information that can identify any individual by name, number or a combination of items (staff records would also be included under this definition), and exists in paper or electronic form.
1.4 Any information which can identify an individual must only be removed from the practice if there is a justified purpose for doing so
1.5 If there are any issues regarding these procedures they should be immediately discussed with the IM&T Security Officer, Practice Manager or the Caldicott Guardian.
2 Background
ISO27001 ‘Information can be vulnerable to unauthorised access, misuse or corruption during physical transport’
2.1 The Information Commissioners Office states that “personal information, which is stored, transmitted or processed in information, communication and infrastructures should also be managed and protected in accordance with the organisation’s security policy and using best practice methodologies such as ISO27001”. Therefore, every effort must be made to safeguard this information for the protection of the data subject, the individual and for the practice itself.
2.2 These procedures aim to highlight and suggest ways of improving the security and confidentiality of transporting sensitive information, regardless of the medium to prevent data loss.
3 Removal of patient/personal information (from the practice)
3.1 If a member of staff (including clinicians & administration staff) is required to take patient or person identifiable information off site as part of their role, the practice Caldicott Guardian must be informed along with the IM&T Security Officer/Practice Manager. A Risk Assessment Form (appendix 1) must be completed by the member of staff in conjunction with the IM&T Security Officer/Practice Manager.
3.2 An assessment of the risks involved will then be carried out and recommendations may be made to the member of staff if appropriate.
3.3 Once the member of staff & IM&T Security Officer/Practice Manager are satisfied that the procedures are workable and will comply with current policy, an Authorisation Form (appendix 2) will be signed and approved by the practice Caldicott Guardian. A copy will be kept by the IM&T Security Officer/Practice Manager and a copy given to the member of staff.
3.4 If, as part of the role, a member of staff is regularly required to remove patient or person identifiable information, they must state this on the Risk Assessment Form (Appendix 1 - Question 3) and the authorisation will continue until such time as the termination of the current post or a change in role. However this will be subject to regular review by the Caldicott Guardian.
3.5If the need to take patient or person identifiable information away from the practice is for an isolated reason, this should be stated on the Risk Assessment Form (Appendix 1 – Question 2). If at any time in the future the need arises again, the same process will need to be repeated.
4 Transportation of Patient/Person Identifiable information
4.1 Any paper, including medical records taken off site must be logged. The log should contain the date, details of information, reason for removal, where the information is being taken and estimated date of return. This is essential to ensure appropriate audit measures are in place and records can be traced at all times.
4.2 When transferring information electronically it must be considered that it is on a need to know basis and only the relevant files should be copied. It is easy to inadvertently copy entire folders particularly when synchronising with portable devices including laptops, PDA’s or USB storage devices.
4.3 All records must always be transported in a secure way by the use of locked boxes or locked briefcases, and should be kept with the member of staff at all times.
4.4 All records, including medical records transported within a vehicle should not be visible to the general public. All equipment that records any confidential information should be carried in a locked container and locked in the boot of the vehicle. This also applies to portable devices including laptops, PDAs and USB storage devices.
4.5 Patient or person identifiable information must not be stored on portable devices, such as a, CD, floppy disk, USB storage device or laptop unless it is absolutely essential. If it is deemed to be essential, then the device must be approved by the practice and must be encrypted.
4.6 When transporting more than one record, only the relevant record should be taken into patient’s home/nursing home etc. All other records must be left in a locked container in the locked boot of the vehicle. All due care must be taken to ensure that the record remains complete at all times and is returned in its entirety when no longer required.
4.7 Paper, including medicalrecords, should be returned when no longer needed. They should be logged that they have been returned, signed and dated by the member of staff. When summaries are provided to carry out ‘house’ calls, these should be handed back into the practice to update the computer record and the paper summary should be shredded.
4.8 Personal items such as diaries may contain confidential information that may include details of home visits. Staff members are reminded to carry these securely at all times and should not include information that may identify a patient.
4.9 The BSC courier service must be used to internally transport both live and deceased patient paper records routinely requested by the BSC.
4.10 Copies of paper health records being sent outside the remit of the BSC courier service must be sent via special delivery.
4.11 The ‘Government Mail - Regional Plus’ service must be used to transport any portable media containing Patient Identifiable Information such as memory sticks, CDs and DVDs. Additionally the media must be encrypted and approved by the practice.
5 Taking information home
5.1 It should be noted that any applicable practice IM&T Security Policies and procedures will apply wherever the information is located, and should be adhered to at all times.
5.2 Staff must not take medical records or any confidential information home overnight.
5.3 If a staff member is required to take confidential information home for the day, a locked container and all other items containing confidential information including laptops, files and PDAs; should be locked away in the home and not left in the car overnight.
5.4 Staff must ensure that the information is not accessible by any other members of the household (including family, friends, and neighbours) even if these people are employees of the same organisation.
5.5 Under no circumstances should any family member be allowed to access a laptop owned by the Practice. This will reduce the risk of accidental incidents including the loading of illegal software, inappropriate internet access or viewing of confidential, restricted information.
5.6Information must not be emailed to, or recorded on, any home PC as there are numerous issues regarding IT security. If an employee needs to work at home they should always be provided with the relevant equipment (including secure remote access tokens if connecting to the network) and access permissions as agreed by the Practice.
5.7 PDAs and laptops should be connected to the network at least once a week to enable synchronisation and updated to ensure that all information recorded is updated to the main Practice network.
6. Computer Security
6.1 The requirements for securing patient, person identifiable or business sensitive information in computer systems are detailed in the Practice IM&T Security Policy, within ISMS.
Appendix 1: Risk Assessment Form
(Working with Person/Patient Identifiable Information (PII) off site)
About youFull Name
Post Title
Identifiable Information Type (Tick) / Patient / Personal
Please tick ONLY the white boxes below that apply / Tick / Risk
1. Have you signed a Staff Confidentiality & Security Agreement? / Low
2. Does your role require you to take patient or personal identifiable information off site on a: ‘One off Basis’ / Med
3. Does your role require you to take patient or personal identifiable information off site on a: ‘Regular Basis’ / High
About the PII
4. Original paper documents/records are being used / High
5. Copies of documents/records are being used / Med
6. Files will be copied onto a Laptop/ PC with up-to-date Antivirus, Internet Security, firewall and password protected / Low
7. Files will be password protected on Floppy/CD/DVD disc/USB stick / Med
8. PII will be sent by Email outside of NHS net (Wales) / High
9. The Caldicott Guardian has signed off the process / Low
10. The minimum and relevant information is being taken offsite / Low
About transporting the Person Identifiable Information
11. You have a locked container to carry the records/media in / Med
About your Home-working arrangements
12. You have a lockable secure location for overnight storage / Low
13. You have no other members in your household / Low
14. You have other adults in your household / High
15. You have children in your household / High
16. In a discrete room with restricted access to others / Low
17. You will be producing documents containing PII / Med
18. If a laptop is to be used between home and the Practice, it is encrypted to the level agreed by the Health Board. / Low
19. You will be working on a secure home PC/laptop only you can access / High
20. You will be working on an unsecured home PC/laptop / High
21. If a wireless broadband connection is to be used, it is encrypted and password protected to prevent use by others who may be able to access the broadband / Med
Appendix 2: Authorisation Form
Part 2 –Authorisation FormPractice
Member of Staff
Post Title
IM&T Security Officer/Practice Manager:
I have undertaken a risk assessment with the above member of staff and can confirm that the Practice has taken the necessary action to ensure that the member of staff is able to adhere to the procedures for the transportation and off site storage of Patient or Person Identifiable Information:-
Signature:
Date:
Member of Staff:
I have read and agree to abide by the procedures for the transportation and off site storage of Patient or Person Identifiable Information:-
Signature:
Date:
Caldicott Guardian & IM&T Security Officer/Practice Manager:
I can confirm that it is necessary for the above member of staff to remove the information as outlined in Part 1 – Request Form and hereby grant authorisation:-
Signature:
Date:
NHS Wales Informatics Service / Issue C / Date Created: 06/092007 / Page 1 of 11