The HCPC has updated its Confidentiality guidance for registrants to include data protection principles under the General Data Protection Regulation (GDPR). GDPR, supported by the Data Protection Act 2018 (DPA) governs how personal data, including service user records, should be handled.
It sets out seven key principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
The HCPC’s Standards of conduct, performance and ethics say that registrants must keep up to date with and follow the law, HCPC guidance and other requirements relevant to their practice.
They also state that registrants must:
- make sure they have consent;
- share relevant information, where appropriate, with colleagues involved in the care, treatment or other services provided to a service user;
- respect confidentiality; and
- keep records of their work, which includes protecting them from loss, damage and inappropriate access.
The Information Commissioner’s Office is the leading authority in the UK for data protection. It has a number of helpful resources on its website including a guide to the GDPR; health and social care FAQs and FAQs for small health sector bodies.