PLE Staff and Clinicians Responsibilities
All employees and associates of PLE Health (PLE) are accountable for compliance with this Policy. When using information, any accidental breach of this Policy must be reported to the Information Security Officer as soon you become aware of it. Transmission of information must be via a secure electronic method.
As part of our information security requirements you must ensure that:
Associates who use laptops and/or hand-held mobile devices are responsible for ensuring the integrity of the data they process. Data must be backed up on a regular basis to ensure data integrity and availability and sufficient controls need be taken to ensure that the equipment is secured and not left unattended.
The minimum acceptable level of security for connection to a WiFi network is WPA or WPA2 (Wired Equivalent Protection/WEP is not an acceptable standard). Laptops and other mobile devices must not in any circumstances be connected to an unsecure WiFi network (whether via a public wireless access point, wireless ‘hotspot’ or otherwise).
Employees and associates using any device are required to ensure that anti-virus and malware protection controls are installed and regularly updated on the local machine.
Under no circumstances should the operation of any anti-malware software or firewall be disabled and it is vital that any laptop or handheld mobile device has appropriate security measures.
Any suspected breach of security by accident or deliberate intrusive action by another (such as hacking) is immediately reported to the Information Security Officer, who in some circumstances will have an obligation to notify the breach to ICO.
On a call, employees and associates must ask appropriate Data Protection questions before passing on any information.
Not later than 6 months (or agreed timescales) following the completion of the request, all information linked to PLE Clients that is no longer required to complete the service to PLE must be permanently deleted from any laptop or handheld mobile device on which it is stored and any physical copy must be destroyed. Physical paper copies must be destroyed by confidential shredding.
All employees and associates should use a secure email provider. Unsecure webmail providers such as Hotmail Yahoo, Outlook.com etc. are not appropriate vehicles for the transfer of sensitive information unless sent via an encrypted system such as ESET. Attachments sent by email must be password-protected with the password must be sent by separate email or via PLE’s online portal.
Medical reports/records should only be sent by post if no other option. If posted they must be sent by trackable post and a copy should be retained. This copy should then be securely destroyed within our agreed timescales (not usually more than 6 months)