Department of Health |
|
NHS MEL (1997)45 |
|
Dear Colleague GUIDANCE ON THE USE OF FACSIMILE TRANSMISSIONS FOR THE TRANSFER OF PERSONAL HEALTH INFORMATION WITHIN THE NHS IN SCOTLAND
3. This letter should be copied to Unit General Managers, Health Board Directors of Public Health and Medical Directors of NHS Trusts who should bring this guidance to the attention of all relevant clinical staff. Health Boards should make the necessary arrangements to inform GPs about the contents of this circular.
4. Health Boards and NHS Trusts should establish connection to NHSnet for transmission of confidential personal health information. In the meantime faxes are being used to transmit information, including confidential personal health information, between various parts of the NHS in Scotland. It is important therefore that suitable safeguards are in place to maintain patient confidentiality and to ensure that access to personal health information is limited to those who need to see it. The attached guidelines offer good practice in the secure use of faxes. Yours sincerely
PAUL WILSON |
5 August 1997 Addressees For action: General Manager,
State Chief Executives NHS Trusts For information: General Manager, Common Services Agency Executive Director, SCPMDE General Managers, Health ______________________________ Enquiries to: Mr C B Knox |
GUIDANCE ON THE USE OF FACSIMILE TRANSMISSIONS FOR THE TRANSFER OF PERSONAL HEALTH INFORMATION WITHIN THE NHS IN SCOTLAND 1 . No named data should be sent by fax. If it is essential, clinical information can be sent with a suitable identifier (eg the CHI number) and the name and address and identifier conveyed by post or telephone. Where the transmission of named data is established practice and where discontinuation of this practice would cause disruption to patient services it is essential that best practice as described below is followed and a confidentiality notice as described in para 9 used. In these circumstances Health Boards and Trusts should plan to switch such data exchange to the NHS Net which is being established as a secure, private network at the earliest opportunity. You should refer to NHS MEL(1996)80 for information about NHS Net and how to connect to it. 2. It is imperative that fax machines which are used for the transmission or receipt of confidential information are placed in a secure location. The machines should be operated only by authorised users and these users should fully understand their responsibilities for maintaining confidentiality. 3 . The room housing the fax machine must be locked whenever unattended. If the office is in general use, consideration must be given to ensuring that unauthorised individuals are unable to read, accidentally or otherwise, faxes which are arriving or have recently arrived. 4. Where the fax machine used
for confidential information is located in a safe area (eg a "safe 5. A particular problem relates
to faxes arriving outside normal hours which could be seen by 6. One of the most important risks with fax machines is mis-dialling, although most models display the number dialled. This can lead to faxes not arriving at all or arriving in an unintended location. In the latter case, there can be serious implications if non-coded confidential information is on the fax. Consideration should be given to the use of encryption between two safe havens, in appropriate cases. Best practice involves always checking the safe haven fax number before dialling; never dial from memory. Valid sources would include a locally compiled safe haven directory of a national directory, but not a general directory; alternatively, a telephone call to the safe haven should be used. 7. It is good practice to always precede the fax transmission by a telephone call to the recipient to confirm the fax number, to ensure that someone will be on hand at the machine to receive the fax and to seek confirmation from the intended recipient that the fax has been received. 8. It is good practice to identify frequently used numbers and program these into a fax machine's "memory dial" facility; equally, computer dialling facilities may be used where available. However, numbers must be tested in conjunction with a telephone call before using them for confidential information. Furthermore, the use of "memory dial" codes should be limited to safe haven numbers, this will prevent code mis-dialling having serious consequences. 9. If, in extreme circumstances where the above guidelines cannot be followed completely, non-totally anonymised patient information requires to be faxed, the fax should be preceded by a Confidentiality Notice such as:- This facsimile transmission is intended only for the use of the individual or entity to which it is addressed and may contain confidential information belonging to the sender which is protected by the physician-patient privilege. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please notify this office by telephone to arrange for the return of the documents. |