COVID-19 Information Governance Advice

Information governance is all about how to manage and share information appropriately.

The health and social care system is facing significant pressures due to the COVID-19 outbreak. In the current circumstances it could be more harmful not to share health and care information than to share it. The Information Commissioner has provided assurance that she cannot envisage a situation where she would take action against a health and care professional clearly trying to deliver care. You can read the statement from the Information Commissioner’s Office, alongside their Q&A resource. Health and Social Care regulators across the UK have also published a joint statement.

We will need to work in different ways from usual and the focus should be what information you share and who you share it with, though due regard should be given to how you share it. This advice sets out some of the tools you can use to support individual care, share information and communicate with colleagues during this time. 

We have also produced more detailed advice which we have linked below.

Check in the Latest Posts section for more detailed advice.

COVID-19 Guidance on text messages and similar communications with NHSScotland registered individuals.

NOTE – in response to the Covid-19 outbreak NHS Scotland is accelerating the roll out of Mircosoft Office Teams and this guidance will be updated as this roll out progresses.

Mobile Messaging

It is fine to use mobile messaging to communicate with colleagues and patients/service users as needed where it makes good sense.

We will be encouraging the use of Microsoft Office Teams across NHS Scotland, as it becomes available. 

In the interim, commercial, off-the-shelf applications such as WhatsApp and Telegram can be used when there is no practical alternative and when the benefits outweigh the risk.

Please be aware of the guidance we have produced (link available in the Latest Post section of this website) and use these accounts in a way that limits the use of personal/confidential information.

Videoconferencing

We encourage the use of videoconferencing to carry out consultations with patients and service users.

Our main service is Near Me, powered by Attend Anywhere which should always be considered in the first instance.  It is however fine to use other tools such as Skype, WhatsApp, Facetime as well as commercial products designed specifically for this purpose – and of course the telephone.

The consent of the patient or service user is implied by them accepting the invite and entering the consultation, but you should safeguard personal/confidential patient information in the same way you would with any other consultation. Guidance for the use of Near Me technology can be found here.

Homeworking

You may well need to work from home, for example, when self-isolating without symptoms.

If you are working from home and using your own equipment you should check that your internet access is secure (e.g. using your work’s Virtual Private Network (VPN) or Remote Access Service and/or if possible avoid public wi-fi) and that any security features are in use.  You should follow your organisation’s guidance on use of the VPN.

If you are taking any physical documents home with you that contain personal/confidential patient information, you should also ensure the security of these documents at your home and when travelling.

Follow the ICO’s Ten Tips for working securely from home.

Remember the statutory guidance to support the continuation of working from home during the coronavirus pandemic: Coronavirus (COVID-19): working from home – gov.scot (webarchive.org.uk)

Consider confidentiality when holding conversations or using a screen

You may be sharing your home working space with other family members or friends. Try to hold conversations, where they are less likely to overhear you and position your screen where it is less likely to be overseen. For patient confidential conversations, ensure they can take place with the required privacy.

Using Your Own Device

Generally, you can use your own devices to support video conferencing for consultations, mobile messaging and home working where there is no practical alternative.

Reasonable steps to ensure this is safe include: setting a strong password; using secure channels to communicate e.g. tools/apps that use encryption; and not storing personal/confidential patient information on the device unless absolutely necessary and appropriate security is in place.

Information should be safely transferred to the appropriate health and care record as soon as it is practical to do so.

Cyber security awareness

Finally please be aware that cyber criminals are exploiting Coronavirus headlines to spread malware and phishing emails.  Think twice and if in any doubt then do not open any attachments or click on links in emails mentioning Coronavirus or Covid-19.  If you need to open a file or link but you have any concerns then please contact the helpdesk or your security officer for advice.

Your awareness is possibly the last line of defence in preventing our IT systems suffering a cyber breach.

eMail

There is some concern that organisations may face sanctions or disciplinary actions if they  communicate with patients by email, especially during this pandemic but with some care and consideration it is quite acceptable to use email. We have set out some guidance on the use of email which will help you ensure data is being protected.

Current policy is based on a red, amber and green classification. 

More details here.

Further help

Please contact your local information governance and information security team in the first instance.