Skip to content
Home > Staff and Recruitment > HR Connect > Policies and Staff Governance > Policies > Security and Data Handling

Security and Data Handling

On this page

Fair Warning

NHSGGC has a moral and legal responsibility to protect the confidentiality of the data it holds and patients expect the information we retain about them will be kept secure and confidential. Your job role may give you access to patients’ clinical information and you are reminded of your responsibility to access only the information that is required to allow you to carry out your legitimate duties. This includes never accessing HEPMA records on occasions where either you or somebody you know personally is receiving treatment as an inpatient.

To protect against inappropriate access to records, the Board continues to use an audit system called FairWarning which was put in place to provide assurance that clinical information is kept safe. The system provides the Information Governance Team with daily audit reports from clinical systems which allows them to monitor and investigate any potential inappropriate access to records, including staff accessing their own records and those of family members. If, after investigation, a record is found to be accessed inappropriately, then a formal discussion between the member of staff and manager will take place and depending on the severity of the breach, there could be a number of consequences including refresher training and/or formal disciplinary action. Some good practice tips are:

1.   Never share passwords with other colleagues or managers.

2.   Keep your LearnPro Safe Information Handling Training up to date.

3.   Be familiar with the FairWarning guidelines

Staff are reminded that if they wish to access their own health information, they should submit a subject access request. The Board’s Subject Access Policy provides the relevant information and forms needed and can be found here Subject Access Policy.

If you have any questions on FairWarning or data protection in general, including training, please visit our Information Governance Knowledge Hub, or contact the Information Governance Team:

email: data.protection@ggc.scot.nhs.uk

Staff Privacy Notice

As part of our requirements under Data Protection legislation, we have published a Staff Privacy Notice.  By issuing this privacy notice, we demonstrate our commitment to openness and accountability.

The Privacy Notice lets you know what information the Board collects about you, how it is used, including who we may share it with.

We recognise the need to treat staff’s personal and sensitive data in a fair and lawful manner.  No personal information held by us will be processed unless the requirements for fair and lawful processing can be met.

We have produced a summary of the staff privacy notice, together with a more detailed notice.  Both documents can be accessed below.

If you have any questions about this please email us at: Data.protection@ggc.scot.nhs.uk