Establishing a practice privacy policy

Does your practice have an up-to-date, accurate, accessible and freely available privacy policy?

Your practice should have a policy that defines how to handle enquiries and complaints.

Quality and content of medical records

Does your practice have processes in place to ensure it holds accurate and up-to-date data at all times, including accurate health summaries and medication lists?

Your practice should develop a policy for everyone to understand and follow regarding how data is accurately collected and safely held.

Patient consent

Does your practice have a procedure for requesting and recording patient consent?

Do your practice staff understand the requirements surrounding this?

Consent might be sought for primary and secondary uses provided they are adequately stipulated. Although inferred consent might be relied on in certain circumstances, express consent (a signature or a documented positive response to a question) should always be sought.

Collecting health information

Does your practice have defined processes to inform patients of when, what and how the practice collects health information?

Does your practice have a process or policy in place to handle requests for anonymity or pseudonymity?

This might include manual procedures, practice policies or the ability of your systems and software to handle the tasks.

Patient access to personal information

Does your practice have procedures for handling patient requests for access to and correction of their information?

These procedures include assessment of requests, refusal procedures and administration fees.