Staff Data Security Declaration

This checklist was made based on best practice recommendations from the Information Commissioner’s Office.  It also makes reference to clauses in your Employment contract, Restrictive Covenant Agreement or Service contract with Health in Motion Osteopaths.  Any action which is in breach of data protection is also in breach of your contract with the Practice and could result in disciplinary action.


Employee / Service Provider Agreement

 I have read and agree with the following statements.  Any points that I do not understand I will seek clarification for and additional training within the Practice if necessary.

1.     I will not divulge any sensitive patient information over the phone. Patient’s requesting access to the information we keep about them need to request this in writing.
2.     All third parties must request patient information in writing with valid evidence of the patient’s consent.
3.     The exception to point 1. above are calls from insurance companies. They will need to validate their enquiry by confirming their company’s name, patient’s date of birth and postcode.  I will check the information given corresponds to the patient’s records.  I will make a note, on PracticePal, of the date and time of the call, and the information I have given.
4.     I will operate a clean desk policy with no paperwork or active screens in sight of visitors. I will ensure prompt and accurate input of data and filing of paperwork. Audit forms will never leave the premises.
5.     I will not use patient data for *any purpose other than to execute my role at Health in Motion Osteopaths. *any purpose includes soliciting, socialising, employing services, conducting audits .
6.     I will not store patient data anywhere other than on the PracticePal application. The only exception to this is, contact names and corresponding email addresses are stored in contacts on my yourname.himosteo@gmail account.
7.     If I have authorisation from the practice leader to download or print some patient information for a valid reason, the downloads must be electronically or physically shredded after use.
8.     I have strong passwords on my devices and PracticePal, and these passwords are not stored on the devices or anywhere else. I will always log in and out of computer systems and PracticePal application.
9.     I will change my PracticePal password periodically when asked to.
10.  I will keep paper-based notes anonymised. Once used for their intended purpose, the notes will be shredded.
11.  I will limit my personal use of Health in Motion IT resources and make sure it doesn’t interfere with my job performance. I will never use Health in Motion IT resources to engage in any action which is offensive, threatening, discriminatory, defamatory, slanderous, obscene or illegal.
12.  I will always request approval from the practice leader prior to installing any new software or hardware.
13.  I will immediately report any security breach incidents to the practice leader.
14.  I will never store any customer card payment details.



Sign …………………..


Date  …………………..