Keep a close watch on patient data
6th October, 2015
Dental practices are being urged to ensure their patient data and information security systems are up to scratch after a series of visits by the Information Commissioner's Office.
The Information Commissioners Office (ICO) visited 21 dental practices between June 2014 and June 2015 and has published a report of its findings.
What did the report say?
In summary, it found that:
- Individual named dentists are not always registering with the ICO when they should, mistakenly thinking that the practice registration is sufficient. Various scenarios are identified when individual dentists are likely to be “data controllers” who need to register with the ICO separately from the practice. For example, if a dentist keeps their patient list separately from the practice in which they treat patients, they might be a data controller.
- Although information security in most of the practices visited was “fairly good”, there were some areas where dentists “struggled”. For example, it was found that arrangements with third parties (such as IT contractors) were not sufficiently robust from an information security perspective. There was also evidence that “some of the risks of new technologies, such as working on mobile and personal devices, are not being appropriately controlled”.
- Retention periods for records were not always clear. The ICO recommends that practices (and individual dentists where applicable) have policies which clearly set out when records, both physical and electronic, should be destroyed. The ICO has published guidance on deleting personal data.
The full report has been published on the ICO website.
What does this mean for me?
Information security is important for dental practices, particularly bearing in mind the potentially sensitive nature of patient information.
With the recent ICO visits in mind, practices should look again at their arrangements to check that they are in line with relevant regulations.
How can I find out more?
For further information on how this may affect your practice, please get in touch.
Please note that this briefing is designed to be informative, not advisory and represents our understanding of English law and practice as at the date indicated. We would always recommend that you should seek specific guidance on any particular legal issue.
This page may contain links that direct you to third party websites. We have no control over and are not responsible for the content, use by you or availability of those third party websites, for any products or services you buy through those sites or for the treatment of any personal information you provide to the third party.