Data Protection [3]
The Data Protection Act (1988) stipulates that personal data must be processed fairly and lawfully obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose. It is important to bear of this in mind when engaged in research, writing up and accessing patient notes, both electronically and on paper.
Personal data should be relevant, accurate and not excessive. It should not be kept for longer than necessary, and it should be processed and stored securely. It is not to be transferred to a country or territory outside the European Economic Area.
Familiarise yourself with the data governance policies of your allocated health trust, regarding your obligations around encryption, storage and access to sensitive client and patient notes (including images) and research data. Never access such notes unless you are genuinely justified in doing so - every online action leaves a footprint and clients/patients have a right to privacy.
New EU regulations are about to be implemented across Europe (General Data Protection Regulation), which are intended to give Europeans the right to have their online information erased (Right to be forgotten) and provide individuals greater control over what data is collected and where it is kept. International companies with European customers would also have to comply with the strengthened controls or face substantial fines.