Need to know
For #TeamEEAST Last updated: 18 May 2024 at 08:42
As a busy NHS organisation, we are heavy users of acronyms and abbreviations within our daily working activities. The “NHS” itself being an acronym. This often extends to the use of individuals’ initials within correspondence/documentation, typically with the intention of saving time, or ensuring confidentiality. Are we processing this information in a fair and transparent manner though?
What does the law say?
UK data protection law sets out seven key principles that should form the basis of processing (storing, sharing, viewing, deleting etc) personal data. One of the principles requires organisations to process data in a fair, lawful and transparent manner. By doing so, they also ensure that they are complying with data subject rights.
The Trust is continually striving to embed a Data Protection by Design and Default culture, and this means making sure that we are open and clear about the personal data we process.
If it is found that abbreviations/acronyms are used with the intent to hide a conversation/information about a person, then this is a breach a data protection law. Potential consequences can include monetary fines, along with public naming via the Information Commissioner’s Office website.
Section 173 of the Data Protection Act relates to the alteration of personal data to prevent disclosure to a data subject (the person the data is about). It states that it is an offence to alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure of all or part of the information that the person making the request would be entitled to receive.
How do I comply?
To ensure compliance with these legal requirements, please include the full names of individuals, at least once, within documents/correspondence where initials/abbreviations are also being used. For example, “Joe Bloggs (JB) has called today. JB said that…”
For further guidance on handling personal data in a lawful manner, please complete the Trust’s annual mandatory Data Security Awareness training module via Evolve. You can also contact the Information Governance team at informationgovernance@eastamb.nhs.uk.
Published 17th January 2023