CONFIDENTIALITY POLICY
Secret Looks is committed to providing a confidential service to patients. No information given to Secret Looks will be shared with any other organisation or individual without the patient’s expressed permission.
​
Policy Statement
For the purpose of this policy, confidentiality relates to the sharing of personal, sensitive or identifiable information about individuals or organisations (confidential information), which comes into the possession of the organisation through its work.
Secret Looks holds personal data about its staff, users, members etc which will only be used for the purposes for which it was gathered and will not be disclosed to anyone outside of the organisation without prior permission.
All personal data will be dealt with sensitively and in the strictest confidence internally and externally.
​
Purpose
The purpose of the Confidentiality Policy is to ensure that all staff, members and users understand the organisations requirements in relation to the disclosure of personal data and confidential information.
​
Principles
* All personal paper-based and electronic data must be stored in accordance with the Data Protection Act 1998 and must be secured against unauthorised access, accidental disclosure, loss or destruction.
* All personal paper-based and electronic data must only be accessible to those individuals authorised to have access.
* Secret Looks is committed to effective audit of the use of and quality of its services in order to monitor performance. All audit records shared with third parties, such as to support staff appraisal or monitoring reports for regulators shall be produced in anonymous form, so individuals cannot be recognised.
​
Protecting Confidentiality in Discussions
It is not acceptable for staff to:
* Discuss matters related to the people in their care outside the clinical setting
* Discuss a case with colleagues in public where they may be overheard
* Discuss one patient with another without explicit and written consent.
* Consultations must not be undertaken where privacy and confidentiality cannot be assured.
​
Protecting Confidentiality Using the Telephone
* If telephone conversations to patients or potential patients are conducted in areas where they may be overheard, such as in reception or waiting areas, staff will not verbalise any identifiable confidential information, such as names, addresses or telephone numbers.
* Answer phone messages must not be played back aloud, where they can be overheard
* Messages, if confidentiality may be breached, must not be left on answer phones without the express permission of the patient.
Protecting confidentiality Using Computers
* Computer screens should not be visible to members of the public
* Access to data held on a computer must be password protected with access restricted to personnel with permissions
* Confidential patient information should not be shared by email without encryption.
​
Records
All records are kept in locked filing cabinets. All information relating to service users will be left in locked drawers. This includes notebooks, copies of correspondence and any other sources of information.
​
Breaches of Confidentiality
Secret Looks recognises that occasions may arise where individual workers feel they need to breach confidentiality. Confidential or sensitive information relating to an individual may be divulged where there is risk of danger to the individual, a volunteer or employee, or the public at large, or where it is against the law to withhold it. In these circumstances, information may be divulged to external agencies e.g. police or social services on a need to know basis.
​
Legislative Framework
Secret Looks will monitor this policy to ensure it meets statutory and legal requirements including the Data Protection Act. Training on the policy will include these aspects.
​
Ensuring the Effectiveness of the Policy
All staff members will receive a copy of the confidentiality policy, and associated guidance notes. Existing and new workers will be introduced to the confidentiality policy via induction and training. The policy will be reviewed annually and amendments will be proposed and agreed by the Company Directors.
​
Non-Adherence
Breaches of this policy will be dealt with under the Grievance and/or Disciplinary procedures as appropriate.
​