Safe Haven Procedures - WhatDoTheyKnow · Web viewFull instructions on encrypting MS-Office...

Safe Haven Procedures

Date effective from: 01 June 2011

Review date: 01 June 2014

Version number: 1.0

See Document Summary Sheet for full details

Date effective from: 01-June-2011 of 26Document Reference Number: IG-0009Version No: 1.0

Contents

Section Page

DOCUMENT SUMMARY SHEET 4DOCUMENT AMENDMENT SHEET 6

1 INTRODUCTION 7

2 PURPOSE OF DOCUMENT 72.1 Policy statement 72.2 Purpose of document 7

3 DEFINITIONS 73.1 Type of procedural document 73.2 Glossary of definitions 7

4 DUTIES 8

5 SAFE HAVEN PROCEDURES 10

5.1 A Scalable Approach to Confidential Communications 10

5.2 E-mail 10

5.3 Fax 11

5.4 Internal Mail 12

5.5 External Mail – Non-Traceable 1st / 2nd Class Mail & Parcel Post 12

5.6 Traceable Mail Services and Courier Deliveries 13

5.7 Personal Delivery (By Hand) 13

5.8 Portable Digital Media / Document Encryption 13

5.9 The “New Safe Haven” – Secondary Use Protection 14

5.10 Personal Safe Haven Working 15

5.11 Caldicott Principles 16

6 THE DEVELOPMENT OF PROCEDURAL DOCUMENTS 16

6.1 Prioritisation of work 16

6.2 Identification of stakeholders 17

6.3 Equality impact assessment 17

7 DISSEMINATION AND IMPLEMENTATION 177.1 Dissemination

7.2 Training and support for the implementation of the procedural document 17


Section Page

8 MONITORING COMPLIANCE WITH AND THE EFFECTIVENESS OF PROCEDURAL DOCUMENTS 17

8.1 Process for monitoring compliance 17

8.2 Process for monitoring effectiveness 17

8.3 Standards/key performance indicators 18

9 REFERENCES 18

10 ASSOCIATED DOCUMENTATION 18

Appendices

A Equality Impact Assessment form 19

B Plan for dissemination and implementation 22

C LPFT Safe Haven Fax Numbers 23

D Microsoft Office Document Encryption 25


DOCUMENT SUMMARY SHEET

ALL sections of this form must be completed. Those marked with * will be used as search information on Staffnet.

Document title*: Safe Haven Procedures

Document reference number*: IG-0009

Version number: 1.0

Member of the Executive Team Responsible*:

Medical Director

Document author* (Title): Information & Knowledge Manager

Document author* (Name): Carl Starbuck

Members of procedural document development group:(Note: please list titles not names of individuals)

Information & Knowledge ManagerInformation Governance StandingSupport Group

People (please use titles) / committees or groups consulted:

Information Governance StandingSupport Group

Approved by (group/committee): Means Goal 7 Group

Date approved: 18th April 2011

Ratified by: Executive Team

Date ratified: 10th May 2011

Date effective from: 1st June 2011

Review date: 1st June 2014

Frequency of review: 3 years

Responsible for the review: Information & Knowledge Manager

Target audience:(List, by title, the people for whom this procedural document is essential)

All staff and associated personnel


Responsible for dissemination: Information & Knowledge Manager

Copies available from: Staffnet

Where are essential paper copies held (include unit addresses):

N/A


DOCUMENT AMENDMENT SHEET

Please record what changes you have made to the procedural document since the last version.

This is a detailed tracked change document and is designed to show people exactly what has changed. The version number recorded below should correspond to the ratified version number shown on the Document Summary Sheet.

Version Amendment Reason

0.11st draft of new procedural document

Replacing old fax-only policy with a wider Safe Haven procedural document, encompassing all aspects of data movement.

0.2 Correction of MG7 group name.

After approval by MG7, 18/04/2011

1.0 Ratified Ratified by Executive Team, 10/05/2011


1 INTRODUCTION

The ‘Safe Haven’ concept was first introduced to indicate a fax machine operated in such a way to enhance the confidentiality of personal and sensitive information sent to it. Given the proliferation of other information transport mechanisms, the Trust approach to Safe Havens must encompass a wider array of communications media. With the advent of increased access to mobile working solutions and remote access to Trust systems, it is important to focus not solely on systems and technology, but for all of us to act as a ‘Personal Safe Haven’ whenever we handle personal, sensitive and confidential information.

2 PURPOSE OF DOCUMENT

2.1 Policy Statement

This document is a procedure. It relates to the Trust Information Governance Policy and forms part of the Trust approach to Information Governance and Information Security. It formalises guidance previously offered by the IG Department’s ‘Data Transfer Scenarios” document and the outdated fax-oriented Safe Haven Policy.

2.2 Purpose of Document

Trust staff have numerous communications methods at their disposal. Given the Trust’s core business often requires the movement of personal, sensitive and otherwise confidential information, it is imperative that the confidentiality of such information is maintained via the use of secure communications methods and staff whose own behaviour enhances our confidentiality culture and information security.

3 DEFINITIONS

3.1 Type of Procedural Document

This document is a procedure. It outlines the procedural steps required to communicate confidential information securely using a number of methods. It also proceduralises personal behaviour when handling such information.

3.2 Glossary of definitions

Agile Working – A working arrangement where staff no longer operate from a fixed base or office. Staff can operate via remote connection to Trust systems over secure links from mobile / remote locations.

Anonymised Data – Data with all identifiers removed such that data subjects within cannot be identified. This differs to pseudonymised data, which can be


identified using a key. Truly anonymised data cannot be re-identified, even at source.

Confidential Information – Although Personal Information and Sensitive Personal Information are defined by the Data Protection Act (1998), other classes of information should be regarded as confidential and worthy of Safe Haven handling. These include confidential information relating to the Trust’s business interests and activities, personal bank account details of staff and service users and any information which is given ‘in confidence’ or has the quality of confidentiality.

Government Secure Intranet (GSi) – A interconnecting secure communications infrastructure, providing secure and encrypted communications channels across the NHS and wider public sector. The “New National Network (N3) and NHS.net e-mail are part of GSi.

Personal Information – Information which may in itself, or alongside other information available from additional sources, be used to identify an individual. As defined by the Data Protection Act (1998).

Portable Digital Media – Memory sticks, recordable DVD / CD, flash memory cards and other electronic devices capable of holding data.

Pseudonymisation – A privacy-enhancing technology intended to produce an identifier which can only re-identify data subjects when the identifier is compared to the pseudonymisation key. Without the key, the data is anonymised.

Safe Haven – A working method or physical location which assures both sender and recipient that confidential information can be transferred with appropriate control. This will require a combination of a secure transit mechanism, delivery assurance, and access controls.

Sensitive Personal Information – Information relating to race, ethnicity, religion or similar beliefs, sexuality, political affiliation, trade union membership, physical and mental health, and forensic history. As defined by the Data Protection Act (1998).

4 DUTIES

4.1 Chief Executive

The Trust Chief Executive will be responsible for signing off appropriate declarations on behalf of the Trust and will be ultimately accountable for Information Governance issues.

4.2 Senior Information Risk Officer (SIRO)


The Trust must have board-level representation to act as the Senior Information Risk Officer (SIRO). This role is fulfilled by the Finance Director with his agreement. The designated SIRO will act as the board-level owner of information risks and as such will be the point of contact for board level input in this area. Progress against this procedure, particularly any difficulties and the resultant risks must be reported to the SIRO. The SIRO will be adequately trained via appropriate modules of the CfH IG Training Tool as a minimum, and will be supported by the Information and Knowledge Services team in this role.

4.3 Caldicott Guardian

To be the Trust’s ultimate authority on patient confidentiality issues. Will advise on patient data confidentiality matters and provide this expertise to the IG Standing Support Group by attendance at IG Standing Support Group meetings or delegation to a deputy officer. The Caldicott Guardian will be a board-level member of the executive team and will be appropriately trained to ensure that knowledge and expertise remains current. The Caldicott Guardian will be supported by the Information and Knowledge Manager in the role of Deputy Caldicott Guardian.

4.4 Information & Knowledge Manager

Will be the Trust’s first line of Information Governance expertise and as such an active participant in the IG Standing Support Group. Will author this procedure and act as first point of contact for advice on this procedure and the secure movement of confidential information.

4.5 Information Governance Support Officer

The IG Support Officer will assist the Information & Knowledge Manager as required and provide staff with support in relation to this procedure and the secure movement of confidential information.

4.6 Means Goal 7 Standing Group

Will support the IG team & IG Standing Support Group in developing, enacting and ratifying IG oriented procedures and provide a mandate for work in this area. Where necessary they will evaluate Trust progress in the area of information security and provide budgetary support of this procedure.

4.7 Information Governance Standing Support Group

Will support the IG team in developing and enacting this procedure and will provide a forum to debate future developments in this area. They will interpret and advise on appropriate action in the light of any new guidance coming from the Strategic Health Authority, Connecting for Health or the wider NHS. The group will be the appropriate reporting and investigatory body relating to IG


incidents and will have oversight of the Trust IG Toolkit progress and reporting.

4.8 Information Governance Team

Will continue to monitor the evolving Information Governance agenda and make recommendations to revise this procedure subject to need. The IG team will present any new directives in this area to the IG Standing Support Group for consideration and action. The team will be responsible for providing any reporting to Connecting for Health, the Strategic Health Authority, Monitor and any other relevant body. The team will lead operationally on IG toolkit performance.

4.9 Staff & Associated Non-Employed Personnel

Will be personally responsible for making sure they adhere to the procedure at all times. Every member of staff and all personnel working with / for the Trust but not employed by the Trust have a personal responsibility to observe best practice in the storage, handling, communication and processing of all person-identifiable, sensitive and confidential information and remain vigilant of possible and actual breaches in information security and report them through the Trust’s incident reporting procedures. All staff will maintain an awareness of IG communications via all media forms during their working lives within the Trust.

5 SAFE HAVEN PROCEDURES

5.1 A Scalable Approach to Confidential Communications

The Trust accepts that there is a wealth of routine communication, by paper and electronic means, which happens during the normal course of clinical and business operations. Each individual should communicate in a manner which is both appropriate and proportional in security to the content of the material they are sending. We are all responsible for the decisions we make regarding the confidentiality of our data and its storage and transfer. Further guidance should always be sought if you are unsure.

5.2 E-mail

Since March 2011, the Trust has used the NHS.net e-mail service, replacing the previous Microsoft Exchange e-mail system. This service is endorsed for the communication of personal and sensitive information by Connecting for Health, the British Medical Association, the Royal College of Nursing and the Chartered Society of Physiotherapists.

NHS.net e-mail is automatically encrypted in transit, therefore any e-mail sent from one NHS.net mail account to another (e.g. [email protected] to [email protected]) is secure.


mailto:[email protected]


NHS.net e-mail is hosted on the N3 network and as such forms part of the wider public sector Government Secure Intranet (GSi). This means that we can also be assured that e-mail is encrypted when delivered to any of the following e-mail domains:-

Secure email domains in Central Government: *.gsi.gov.uk *.gse.gov.uk *.gsx.gov.uk

The Police National Network/Criminal Justice Services secure email domains: *.police.uk *.pnn.police.uk *.scn.gov.uk *.cjsm.net

Secure email domains in Local Government/Social Services: *.gcsx.gov.uk

E-mail sent to / from NHS.net addresses and e-mail addresses ending in the above will be secure in transit. The Government is expanding GSi coverage and access to other public sector organisations and the list above may increase.

NHS.net mail should not be confused with other NHS e-mail addresses ending with NHS.UK. An example of this is the old Trust e-mail accounts, formatted [email protected] – these addresses are not secure when sending from NHS.net accounts.

When sending outside the GSi network, personal, sensitive and confidential information must be removed from the subject line and body text of the document and sent as an encrypted attachment. See section 5.8 and Appendix D below.

5.3 Fax

A Safe Haven fax machine is one which is operated in such a way to assure us that controls are in place to secure the documents sent to it. These measures are as follows:-

The location is physically secure. Access to the fax machine is such that only those satisfying the ‘need to know’ principle have access to it. This is usually via the fax being sited in a secure office or cupboard.

The location is out of public view. It will not be visible from the public side of a reception area, or window without obscured glass.

If sited in an office which is unmanned out of hours, fax printing is prevented during unmanned periods. This may be achieved by either



removing the paper or putting the fax in ‘memory receive’ or similar offline modem, where supported.

Personal, sensitive and confidential information should only be sent to a fax machine where the sender is confident that safeguards are in place to ensure its security.

Fax header sheets should be used which identify a named sender and recipient and have ‘Private and Confidential’ marking.

Speed dials should be used with caution. Although correctly programmed speed dials may enhance the likelihood that faxes are delivered to the correct recipient, an incorrectly selected speed dial will result in the fax being delivered to an incorrect fax endpoint. When dialling manually or via speed dial, the onus is on the sender to verify the fax number. Speed dials should be used with caution and checked regularly.

When sending to a non- Safe Haven fax, it may be used temporarily as a Safe Haven if the sender can be assured that the intended recipient stands by the fax to receive it and remove it immediately.

Fax transmission is now somewhat outdated technology. Encrypted e-mail correspondence is more secure and cost efficient than fax. Where possible, fax transmission should be replaced with secure e-mail.

A list of known Trust Safe Haven fax numbers is included in Appendix C. Staff wishing to either remove a fax number or have their fax assessed for suitability and inclusion should contact the Information & Knowledge Manager.

5.4 Internal Mail

Internal mail containing personal, sensitive or confidential information must be sent in a securely sealed envelope or container, marked ‘Private and Confidential’. End-to-end delivery assurance can be achieved by the sender logging the outgoing data and confirming safe delivery with the recipient by phone or e-mail. Personal, sensitive or confidential information should be sent to a named recipient who is aware of and expecting the transfer whenever practicable.

All mail should be received and opened on the ‘staff side’ of any site which has service user / non-staff access.

5.5 External Mail – Non-Traceable 1st / 2nd Class Mail & Parcel Post

External mail containing personal, sensitive or confidential information must be sent in a securely sealed envelope or container, marked ‘Private and Confidential’. End-to-end delivery assurance can be achieved by the sender logging the outgoing data and confirming safe delivery with the recipient by phone or e-mail. Personal, sensitive or confidential information should be sent


to a named recipient who is aware of and expecting the transfer whenever practicable.

All mail should be received and opened on the ‘staff side’ of any site which has service user / non-staff access.

It should be noted that point 5.1 is relevant to both internal and external mail transfers. Expectations of security should be scaled to the application. For example, we would not expect every letter sent to a service user, GP or other endpoint which contains correspondence about a single service user to be secured beyond the use of ordinary 1st / 2nd class mail. To do so would exceed the expectations of the process and the recipient. However should we be moving volumes of information (e.g. ‘bulk’ data transfers relating to several subjects), or when sending highly sensitive data, we would consider enhancing the security using traceable methods. See section 5.6 below.

5.6 Traceable Mail Services and Courier Deliveries

Personal, sensitive or confidential information may be sent by commercial courier method to enhance security. This includes Royal Mail ‘Special Delivery’ and similar courier services. End-to-end delivery assurance can be achieved by the sender logging the outgoing data and confirming safe delivery with the recipient by phone or e-mail. Personal, sensitive or confidential information should be sent to a named recipient who is aware of and expecting the transfer whenever practicable.

To be fit for purpose, the delivery service should allow for full tracking / tracing along the delivery route to delivery endpoint. The Royal Mail “Signed For” service is NOT traceable along the delivery route.

5.7 Personal Delivery (By Hand)

Staff may elect to deliver personal, sensitive or confidential information by hand. Whilst this may give the person delivering the information assurance that the delivery has taken place, it should be noted that this may result in a lack of audit trail for the transfer. By hand deliveries should therefore be used where formal proof of delivery is either not necessary or achieved by an agreed method, e.g. signature on delivery.

5.8 Portable Digital Media / Document Encryption

Since the HMRC Child Benefit data loss in October 2007, the security of personal, sensitive or confidential information moved on portable digital media has received heightened scrutiny. Any personal, sensitive or confidential information moved on portable digital media must:-

Be encrypted to an appropriate standard and / or Protected in transit using a secure, traceable delivery mechanism


Ideally, both of the above measures should be employed.

The ‘aspirational’ encryption standard set by Connecting for Health is AES 256 bit, however it is notable that NHS.net mail itself only achieves 128 bit encryption when used via Windows XP and Internet Explorer. We therefore sanction the use of the readily available encryption tools built into MS-Office to provide document-level encryption of an acceptable standard. Full instructions on encrypting MS-Office (Word / Excel) files is included in Appendix D.

For larger information packages or non- Word / Excel files, contact the Information & Knowledge Manager for further advice on how to safely send your content.

The Trust has procured a supply of hardware encrypted USB memory sticks. These sticks operate AES 256 bit encryption and are authorised for the transport of personal, sensitive or confidential information.

5.9 The “New Safe Haven” – Secondary Use Protection

The Trust has developed the ‘New Safe Haven’ concept as part of the Pseudonymisation Implementation Project. It is a privacy-enhancing working arrangement designed to increase security of patient-identifiable data when used for secondary purposes.

Pseudonymisation is a process by which an identifier is created using an electronic algorithm that can only be interpreted by having access to the pseudonymised key. The ‘New Safe Haven’ has the following characteristics:-

Data will be pseudonymised before being accessed or transferred for secondary purposes

Staff working within the ‘New Safe Haven’ will be able to decipher and thus identify the subjects of pseudonymised data.

Patient identifiable (i.e. non-pseudonymised) data can be exchanged between the ‘New Safe Havens’ of partner organisations.

The ‘New Safe Haven’ will be a virtual working group, with members identified and permitted by role.

Pseudonymisation can only function when sender and recipient are prepared to work with pseudonymised identifiers. Although our Trust has a fully implemented pseudonymisation solution, we may work with strategic partners who have not implemented it. In those cases, we must communicate patient level data using other methods outlined above so we maintain the security of information and honour our obligations under the seventh principle of the Data Protection Act (1998).


In the absence of ‘New Safe Haven’ arrangements at a partner organisation, a combination of both document-level encryption and secure GSi e-mail is considered appropriate protection.

5.10 Personal Safe Haven Working

The most important aspect of information security is the ‘Human Element’. It is not sufficient to simply consider systems, devices and working practices as the entire scope of the Safe Haven concept, particularly with the advent of mobile / remote access and agile working arrangements.

All staff must adopt working practices so that they can be considered a ‘Personal Safe Haven’ – essentially a safe pair of hands for personal, sensitive or confidential information.

Basic and common sense steps will help us all to meet this important obligation:-

Maintain an awareness of your surroundings and the threats to information security in your immediate vicinity.

Ensure PCs are locked or switched off when not in use. Make sure that PC screens are not inappropriately viewed by 3 rd

parties, particularly when working remotely. Ensure information is not visible or accessible to inappropriate people. Clear desks and other workspaces of information when leaving a

workstation. Ensure that information transferred between locations arrives intact,

without total or partial loss en-route. Store information in the boot of a car when in transit. Remove personal, sensitive or confidential information from any vehicle

on arrival at your work base, home, or final location. Only take & use personal, sensitive or confidential information when

working from home with the authorisation of your line manager. When working from home, ensure that information is used and stored

securely and protected from access by family members or other visitors to your home at all times.

Check the fax number before sending information via fax, particularly when using preset or speed-dial numbers.

Ensure that e-mail addresses are correct before sending information via any e-mail method, particularly when addresses are auto-completed by your e-mail software.

Know and apply the key Caldicott Principles to any information you are intending to send.

Facilitate mobile / remote / agile working via secure method (NHS.net e-mail, encrypted memory stick, encrypted laptop etc). NEVER do this by e-mailing personal, sensitive or confidential information to a private / personal e-mail account or by storage on a non-Trust PC or laptop.

5.11 Caldicott Principles


The Caldicott Principles are 6 key principles which govern the use of patient data and offer best practice advice.

Justify the purpose(s) of using patient-identifiable information. Only use patient-identifiable information when absolutely necessary. Use the minimum that is required. Access should be on a strict need-to-know basis. Everyone must understand his or her responsibilities. Understand and comply with the law.

All 6 principles have relevance to Safe Haven working, with the first 4 being particularly on point:

Justify the purpose – we must all be certain that what we are doing is necessary. We should not simply continue transfers of patient data ‘by wrote’.

Only use patient data when absolutely necessary – if the purpose can be achieved using fully anonymised data, do not use identifiers at all.

Use the minimum that is required – Establish the least amount of patient-identifiable data which supports the purpose and use this level of data, no more.

Access on a ‘need to know’ basis – Access to patient data should not exceed those whose roles require it. As an extension of this, patient information should not be sent to those that do not require it.

6 THE DEVELOPMENT OF PROCEDURAL DOCUMENTS

6.1 Prioritisation of Work

This document is necessary to give staff practical procedural guidance on the safe movement of personal, sensitive and confidential information. It is designed to supplement information governance training and IG communications with practical advice and working methods. It replaces an outdated fax-only policy and incorporates other guidance on data transfers issued by the IG team in a correctly formatted procedural document. It forms part of the overall approach to Information Governance and Information Security and aids our compliance with the CfH IG Toolkit and our statutory obligations under the Data Protection Act (1998). Compliance with this procedure will safeguard the confidentiality of patients, staff and the Trust’s business operations and reduce organisational risk by helping to mitigate the frequency and severity of confidentiality breaches. Although a 3 year review period is indicated, the author will re-draft this procedure in the light of significant changes to statute law, the IG Toolkit, or Trust systemic / operational changes.


6.2 Identification of Stakeholders

The table below should be used as a summary.

Stakeholder Level of involvement

All staff, trustwide 100%All attached personnel 100%

6.3 Equality Impact Assessment

The Equality Impact Assessment Form is included as Appendix A.

7 DISSEMINATION AND IMPLEMENTATION

7.1 Dissemination

The Dissemination Plan is complete and included as Appendix B.

7.2 Training and support for the implementation of the Procedural Document

Section 5 of this procedure gives staff procedural advice on the secure communication of personal, sensitive and confidential information. It is designed to supplement formal Information Governance training and act as a procedural reference guide. No additional training needs should arise, however the IG Team are available for guidance on the subject matter when required.

8 MONITORING COMPLIANCE WITH, AND THE EFFECTIVENESS OF THE PROCEDURAL DOCUMENT

8.1 Process for Monitoring Compliance

Compliance will be monitored as follows:-

By assessment of IG-related Incident Reports. Reviewed monthly by the IG Standing Support Group

By monitoring of performance against the CfH IG Toolkit. Progress reviewed monthly within the reporting year from publication (end June) to final submission (end March).

8.2 Process for Monitoring Effectiveness

If the procedure has been effective, it will be evidenced by a reduction in the severity and frequency of IG-related breaches caused by unsecure communications and related data handling practices. Observance of the


procedures laid out in section 5 will reduce the potential for breaches relating to the movement of personal, sensitive and confidential information.

8.3 Standards/Key Performance Indicators

Compliance with CfH IG Toolkit, with attainment of a minimum of level 2 performance on all standards when reported at 31st March each year.

Maintaining a record of ZERO data loss / data beach SUIs, as defined by the David Nicholson reporting requirements.

9 REFERENCES

NHS.net e-mail endorsements Government Connect - What is GCSx / GSi? Data Protection Act (1998) The Caldicott Principles

10 ASSOCIATED DOCUMENTATION

IG-0001 – Information Governance Policy IG-0003 - Code of Conduct for Employees in Respect of Confidentiality IT-0003 – Email Use Policy


http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Information%20Technology/IT-0003.doc

http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Information%20Governance/IG-0003.doc

http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Information%20Governance/IG-0001.doc

http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/caldicott/caldresources

http://www.legislation.gov.uk/ukpga/1998/29/contents

http://www.govconnect.gov.uk/what-is-gcsx.php

https://web.nhs.net/CookieAuth.dll?GetPic?formdir=5&image=Endorsements.htm

Appendix A – Equality Impact Assessment Form

Equality Impact AssessmentInitial Impact Screening Form

1 Name of procedural document/function/service development being assessed?

Safe Haven Procedures

2 Describe the main aims, objectives and intended outcomes of the procedural document/function/service development?

Aim: To advise staff on secure communications methods and personal behaviours in respect of confidential information.

Objective: To ensure that confidential information is moved securely and handled confidentially, according to Trust policy and procedure.

Intended Outcomes: That breaches relating to confidential information are reduced in both frequency and severity, and that such breaches do not occur as a result of insecure communications or bad personal practices.

3 Who is affected by this policy?

Staff Service Users □

Other Stakeholders □ (please specify)……………………………


4 Are there differences in outcomes for different groups? Yes □ No Which equality groups may be disadvantaged/experience negative impact?

Race Yes □ No

Disability Yes □ No

Gender Yes □ No

Age Yes □ No

Sexual Orientation Yes □ No

Religion/Belief Yes □ No

Mental ill health Yes □ No

Other (e.g., refugees, gypsies and travellers)……............... Yes □ No

Equality Impact AssessmentInitial Impact Screening Form (cont...)

5 Is there an adverse impact? Can you please rate on a scale of 1-5. (none = 0, low = 1-2, medium = 3-4, high = 5)

Rating = 0

How have you arrived at the above rating?

The procedures are equally applicable to all, and discriminatory to none.

What evidence do you have and how has this been collected? (personal knowledge, feedback, research, etc)

Personal knowledge of the author.


6 Relevance to General Duties – is the procedural document or practice directly or indirectly discriminatory? Is there any differential and/or adverse impact contrary to key service objectives and/or Respect – Our Single Equality Scheme and our Respect Strategy? Can you please rate on a scale of 1-5. (none = 0, low = 1-2, medium = 3-4, high = 5)

Rating = 0

How have you arrive at the above rating?

The procedures are equally applicable to all, and discriminatory to none.

7 Overall Rating - please add the two ratings and divide by two to give the over all rating.

Rating = 0

Please note that all policies where an adverse impact has been identified (even low) will need to have a full impact assessment.

8 Have you explained your procedural document/function/service development to people who might be affected by it?

Yes □ No □ N/A

If yes, please give details of those involved


Appendix B – Plan for Dissemination and implementation of Procedural Documents

SECTION 1 – DETAILS OF DOCUMENT TO BE DISSEMINATED

Title of Document Safe Haven Procedures

Date Ratified 10th May 2011

Dissemination lead name Carl Starbuck Contact details [email protected]

0113 30 55916

SECTION 2 – DETAILS OF PREVIOUS DOCUMENT TO BE RETRIEVED

Previous document already in use (Y/N) Y Version No & Date April 2008

Name of document if different from Section 1

Policy for the Secure Transmission of Manual Faxes – Safe Haven Policy

In what format (paper/electronic) Electronic Where is this filed

locally Staffnet

Proposed action to retrieve out-of date copies of the document

Removal from Staffnet, Trustwide e-mail regarding replacement

SECTION 3 – DETAILS OF DISSEMINATION

Date put on Staffnet 2nd June 2011

Who is the document to be disseminated to All staff, Trustwide

Disseminated to (either directly or via

meetings, etc)

Format (electronic/

paper)Date

disseminatedNo of

copies sent

Contact details/comments

All Staff Electronic 2nd June 2011 1 Link to Staffnet in trustwide comms.



Appendix C – LPFT Safe Haven Fax Numbers

The following numbers have been assessed as meeting Safe Haven Fax requirements. Should you wish your fax to be considered for inclusion, please contact the Information & Knowledge Manager who will carry out an assessment.

Please report any fax machines which have been either decommissioned or should no longer be regarded as a Safe Haven.

FAX NO LOCATION PURPOSE

0113 30 55991 Trust HQ Complaints/Claims Manager

0113 30 55983 Trust HQ Medical Director

0113 30 55985 Trust HQ Nursing & Clinical Governance/Caldicott Guardian

0113 29 52770 Addiction Services Addiction information

0113 30 56310 Newsam Centre Medical Records

0113 30 56601 Becklin Centre Medical Records

0113 30 55504 Mount Medical Records

0113 29 52481 St Mary’s House (North Wing) Risk Management

0113 30 55013 St Mary’s Hospital, Admin Block(located in Secretary’s office) Learning Disability - Psychology

0113 30 55055 Cashiers Office (only accessible by cashier) Cashier

0113 30 57071 Asket House Asket House

0113 29 53106 S Leeds ACDS, Concourse House S Leeds ACDS


FAX NO LOCATION PURPOSE

0113 2706751 Bridge House, CMHT 9 and 10 CMHT 9 and 10

0113 2875469 Brooke House, CMHT 8 CMHT 8

0113 29 52492 St Mary’s House, Psychology Psychology

0113 30 56775 Becklin Centre, General Office Becklin Site

0113 30 56647 Becklin Ward 1 Becklin Ward 1

0113 30 56707 Becklin Ward 5 Becklin Ward 5

0113 30 56781 Becklin Centre Pharmacy Pharmacy

0113 30 55533 The Mount Pharmacy Pharmacy

0113 30 55097 St Mary’s Hospital Pharmacy Pharmacy

0113 30 56322 Newsam Centre Pharmacy Pharmacy

0113 30 56483 Newsam Centre Outpatient Suite First Floor Leeds & West Yorkshire CFS/ME ServiceGender Identity Service

0113 29 52309 St Mary’s House, Main House CMHT Sector 5

0113 29 54151 Peel Court, Administrators Office Adult Rehabilitation & Recovery


Appendix D – Microsoft Office Document Encryption

Microsoft Office supports the encryption of documents to AES 128 bit standards. This is acceptable for the encryption of personal, sensitive and confidential information.

It should be used whenever personal, sensitive or confidential information is sent over otherwise unsecured e-mail systems (e.g. when sent outside of the NHS.net or wider GSi e-mail service).

It may be used to enhance security of highly sensitive or confidential information when sent over secure e-mail systems.

The Trust permits unencrypted e-mail communications with service users, carers and family members on completion of an informed consent process. See the Trust E-mail Policy.

We can encrypt MS-Office files to give the necessary protection using the following method.

MS-Office (2007) Encryption

1. Type up your MS-Word or MS-Excel file as normal2. Left-click the “Office Button” in the top left corner the screen3. Left-click the “Prepare” option in the menu4. Left-click “Encrypt Document”5. Type in your chosen password6. Re-type your chosen password for confirmation7. Save your file8. The recipient will need the password to unencrypt the file

Encryption is also supported in earlier versions of MS-Office.

Passwords should be communicated separately to the document itself.

If e-mailing encrypted files, ask the recipient to e-mail you back for the password. Put this request in the body text of your covering e-mail.

If posting encrypted files on portable media, ask the recipient to e-mail you for the password.

This step adds to security by assuring you that the file is in the hands of the right recipient.

DO NOT send the password with the encrypted file!


Although we have tested these methods with NHS.net mail accounts and found that MS-Office encrypted attachments can be both sent and received by our e-mail service, there is no guarantee that these methods will work with your intended recipients.

Ant-virus measures may see the encrypted attachment as a potential threat and screen it out. Users are advised to test this method with a non-essential file to ensure it is workable.


Safe Haven Procedures - WhatDoTheyKnow · Web viewFull instructions on encrypting MS-Office...

Documents

Transcript of Safe Haven Procedures - WhatDoTheyKnow · Web viewFull instructions on encrypting MS-Office...