You are here: Home Services & Applications Summary Care Record (SCR) SCR information for NHS Staff Implementing Summary Care Records Information governance Other Controls
 

Other Controls

In addition to the consent model controls, healthcare staff have a number of personal and professional obligations to maintain confidentiality and only view the records of those patients whose treatment they are directly involved in. For example:

  • Contract with their place of work - includes privacy and confidentiality clauses 
  • Professional codes of conduct - professional accountability to regulatory bodies which govern the clinical codes of conduct under which members of the clinical professions should operate, e.g. Royal College of Nursing, Royal College of Emergency Medicine. 
  • NHS Care Record Guarantee - sets out the rules that govern how patient information is used in the NHS and what control the patient can have over this. It covers people's access to their own records; controls on others' access; how access will be monitored; options people have to further limit access; access in an emergency; and what happens when someone cannot make decisions for themselves. Everyone who works for the NHS (or for organisations delivering services under contract to the NHS) has to comply with this guarantee, which was first published in 2005 and is regularly reviewed by the National Information Governance Board to ensure it remains clear and continues to reflect the law and best practice. It was last reviewed in 2009.
  • NHS Codes of Practice and legal obligations – includes codes of practice covering confidentiality, information management and records management; legal obligations, including the Data Protection Act and Computer Misuse Act, and professional codes of conduct for NHS employees.

Taken together, these controls aim to ensure that no records are accessed inappropriately; however, there are other controls in place such as Legitimate Relationships and Permission to View that aim to ensure that if accesses are made inappropriately, they are traceable and necessary steps can be taken to address any confidentiality breaches.

IG controls for accessing Summary Care Records should also be contextualised in terms of the current controls in place for paper records in a care setting. The same rules apply to SCRs as currently do to paper records, with an added layer of security in asking for Permission to View and the available auditing controls, such as alerts. Responsibility for the governance of the controls and local codes of conduct lies with the local IG teams, led by the Caldicott Guardian and Senior Information Risk Owner (SIRO), through training and awareness.