Learning from Information Governance incidents


You’re busy, typing away, sending a number of emails and answering the phone at the same time, and before you know it… you’ve sent some personal data to a staff member who didn’t need to see it.
It can happen so easily and it’s one of most common Information Governance incidents reported on DATIX.
These tips can help prevent inappropriate sharing.

Sending by email
Although it is better to scan personal information and send by email rather than through the internal post, it should only be sent securely and to the correct recipient.
Double-check your email before you send them, or add a time-delay so you have an opportunity to review emails before sending.

Inappropriate access
You should not access Patient care record incidents and other systems inappropriately when there is no work requirement to view that data (e.g. looking up 999 calls on the CAD that you do not need to see, viewing someone’s information on OHIO or GRS).

Sharing information outside of work
You must not share or discuss confidential information outside of work: either in social settings or on Facebook and other social media.

Patient Care Records
Clinicians - please use ePCR wherever possible. If you have to use paper PCRs, please ensure you store them safely in the shift envelope in the vehicle and do not take the envelope out of the vehicle to attend other calls.

If you are unsure of the correct process, please read the Patient Care Record Policy or contact your manager.

Remember, this is not just good working practice, it’s the law! Not keeping people’s personal data securely can be a breach of the Data Protection Act 2018 and Computer Misuse Act 1990 and could result in a fine or even imprisonment.

For the Trust to learn from incidents, they must be reported so an investigation can take place.
You can report incidents:
Online: by filling in a Datix form, accessed through the East24 homepage.
Over the phone: through Single Point of Contact (SPOC) on 0345 602 6856
At the scene: via the electronic Patient Care Record (ePCR).

If you haven’t completed it this year, please remember to complete your mandatory Information Governance update on Learnzone, or if your update is due in the new year, watch this space for more information about the new online module!


Published 29th November 2018

Please ensure if you are posting a comment, you must include your name in full (first and surname). Thank you.

Leave a Comment
Name (required)
Email Address (required, never displayed)
Enter a message

(all comments are moderated - your submission will be posted on approval.)