Justify the purpose:
Sharing of personal confidential data others should be clearly defined, scrutinised and documented, with regular reviews by designated person .
Only share data where absolutely necessary:
Confidential data should only be included when it is relevant and essential for the specific purpose of helping that individual. If possible one should try to hide the identity of the individual.
Limit personal confidential data:
Where disclosing personal confidential data is deemed necessary, the inclusion of each item of data should be considered and justified thereby ensuring that minimal data is shared as is necessary.
Access to personal confidential data should be on a strict “need-to-know” basis:
Only people who need to be aware of the data should have access to it, and they should only have access to the data items that are applicable to them. This may mean introducing access controls or splitting data flows where one data flow is used for several purposes.
Everyone with access to confidential data should be aware of their responsibilities:
All staff should be trained to ensure that those handling personal confidential data are fully aware of their responsibilities and obligations to adhere to the policies and respect patient confidentiality.
Comply with the law:
Every use of personal confidential data must be lawful. Someone in each organisation should be nominated to ensure that the organisation complies with legal requirements.