Box 89 Commonsense rules on data protection

♦ Never reveal passwords to other people or write them down in any recognizable form

♦ Never send unencrypted confidential personal information over the Internet, in e-mails, on disks or by post in such a way that it can be identified

♦ When sending data, send it, if possible, without the patient's name or other such identifying information not essential for the recipient

♦ Never disclose confidential information to unknown persons over the telephone

♦ Always destroy, e.g. by shredder, unwanted paper documents giving personal information

♦ Always obtain authorization from the person concerned before divulging personal information to an external source

♦ Always use imaginary data or blank out names when preparing material for discussions of procedures, presentations, or case reports

♦ Always keep cabinets containing confidential data locked

♦ Ensure that only such data as are needed for the clinical research in hand are stored and for no longer than is necessary

♦ Ensure that confidential data are handled only by trained staff who appreciate data protection requirements and who are appropriately supervised

♦ Ensure the security of data storage and handling through access controls, both physical and logical, and audit trails that enable a comprehensive audit of accesses to the system, including failed access attempts

0 0

Post a comment