IGSOP03 Safeguarding Confidential Information

Page 1

Safeguarding Confidential Information – Printers and Photocopies Procedure

Version: V6

Ratified by: Technology Programme Board

Date ratified: 12/10/2021

Job Title of author: Information Governance Manager

Reviewed by Committee or Expert Group Technology Programme Board

Related procedural documents

IGPOL65 Transferring Personal Information Policy and Procedure

IGPOL70 Confidentiality Code of Conduct Policy for Staff

IGPOL53 Information Security Policy

Review date: October 2024

It is the responsibility of users to ensure that you are using the most up to date document template – ie obtained via the intranet.

In developing/reviewing this procedure Provide Community has had regard to the principles of the NHS Constitution.

Version Control Sheet

Version Date Author Status Comment

V1 Dec 2009 Information Governance Coordinator Ratified EXPIRED

V2 June 2012 Information Governance Coordinator Ratified Reviewed in line with Provide CIC transition

V3 June 2014 Information Governance Manager Ratified Review in line with review date

V4 August 2016 Information Governance Manager Ratified 2 Year Review

V5 August 2018 Information Governance and IT Projects Manager Ratified 2 Year Review. Minor revisions. Removal of faxing in line with organisation policy and removal of physical fax machines across provide estate.

V6 October 2021 Information Governance and IT Projects Manager Ratified 2 year review. Minor revisions

1. Purpose

This standard operating procedure has been produced to reduce the risk of confidential information being disclosed to unauthorised personnel and to reduce the threat of security breaches. Information is an asset which, like other important business assets, has value and consequently needs to be suitably protected.

In addition, compliance to this procedure will help to reduce the amount of paper that is used by the organisation as well as costly toners and inks - particularly from the colour printers. It will also reduce the amount of filing space required. Printouts are often used as a form of backup against losing information from the computer systems, however, it should be recognised that the organisation’s designated Technology team backup all information, on the server, on a daily basis.

2. Scope of Procedure and Objectives

To improve the security and confidentiality of information, wherever possible, staff should adopt this procedure for documents generated by printers and photocopiers. This is to reduce the risk of unauthorised access, loss of, and damage to information during and outside normal working hours or when areas are unattended.

3. Responsibilities

The executive responsibility for ensuring this procedure is implemented rests with the Senior Information Risk Owner.

Each director and service manager is responsible for ensuring that the procedure is adhered to within their area.

This procedure applies to all permanent, temporary or contracted staff employed by the organisation who view, handle or create patient, staff or corporate information. It also applies to agency staff, students and volunteers working in the organisation.

4. Procedure

At regular intervals during the day, and at the end of the working day staff must check all printers and photocopiers for any confidential information regarding patients, staff or corporate activities

If confidential documents are found, the appointed member of staff must follow the process below:

• If it is clear who the owner is, the document should be handed directly to the person. If this is not possible the document must NOT be left on their desk unless placed in a sealed envelope clearly marked ‘Confidential’ and with the member of staff’s name

• If it is not clear who the document belongs to or if the owner cannot be found, then it is to be placed in a designated folder in a locked cabinet or drawer by the appointed member of staff, who can monitor access to the folder

• A communication to be sent to staff stating what kind of document has been found (without giving any confidential information) and asking that the owner claim it

• Any confidential information (whether patient, staff or business sensitive) left unattended should be incident reported via Datix

• If confidential information is not claimed within 5 days then it is to be placed in a confidential waste bin or destroyed by shredding

5.

Device Specific Procedures

Printers

The following guidelines are to be followed throughout the working day:

• Printouts of confidential information must be sent to the nearest printer available and collected immediately unless secure printing is available (see below)

• If you are not sure on the path of the printer or are printing to a device you have not selected before then you must send a test print first before printing any confidential information to ensure that you have selected the correct device

• If documents have not been printed by the expected printer, do not re-print without checking that the printer pathway is correct (check with the Technology Service Desk if unsure)

• If a confidential print job is misdirected to another printer you must inform your line manager and complete a Datix incident form as soon as possible

• Staff should ensure that all pages of their document are accounted for and that no additional papers belonging to other members of staff have been accidentally taken

• Any copies which are incorrectly printed or no longer needed should be disposed of in a confidential waste bin or shredded

Follow Me Printing

• Jobs sent to the Follow Me Printing queue are held on the central server until either released by swiping your smartcard or are automatically deleted after 24 hours have lapsed without being released on a Konica Minolta Multifunction Device (MFD)

• Secure Printing is available at various provide sites where printers are located in vulnerable areas or where particularly confidential information is being printed

• If printing confidential information, it is not permissible to swipe your smartcard and leave your print job unattended

Photocopiers

The following guidelines are to be followed throughout the working day:

• When copying confidential information staff should not leave the photocopier unattended during the copying and should check their copies to make sure they have the correct amount of papers. The original document and all copies should be removed from the photocopier and taken with staff when they leave the area

• Additional copies of confidential documents should be kept to a minimum and only be created for a specific and necessary purpose

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.