LEARNING OUTCOME 1
UNDERSTAND REQUIREMENTS FOR HANDLING INFORMATION IN HEALTH AND SOCIAL CARE SETTINGS
The following are current legislation and codes of practice that relate to handling information in health and social care. They also summarise the main points of legal requirements for handling information.
• THE DATA PROTECTION ACT 1998 – The Data Protection Act 1998 is a piece of legislation which defines the law on processing data of people living within the United Kingdom. The Data Protection Act 1998 is set out in eight principles:
1. Personal data must be processed fairly and lawfully.
2. Personal data must only be obtained for the specific purpose and purpose given.
3. All personal data is adequate, relevant and not excessive in relation to the purpose/purposes for which they are processed.
4. All personal data must be accurate and kept up to date.
5. All personal data must not be kept for any longer than is necessary.
6. All personal data is processed in accordance with the subject’s rights. They have the rights to have data about themselves removed.
7. All personal data must be kept secure at all times.
8. Any personal data must not be transferred to any countries or territories outside of the European Economic Area (EEA) without adequate protection.
• THE FREEDOM OF INFORMATION ACT 2000 – The Freedom of Information act 2000 creates the ‘right of access’ to the public of general information help by public authorities, local authorities and the National Health Service. Personal data cannot be accessed as this is protected by the Data Protection Act 1998. The full provisions for The Freedom of Information Act 2000 came into force in January 2005.
• NURSING AND MIDWIFERY COUNCIL (NMC) – THE STANDARDS OF CONDUCT, PERFORMANCE AND ETHICS FOR NURSES AND MIDWIVES – THE CODE – The code of practice for the NMC is a set of guidelines for professional