Data handling, record keeping and disposal

Data handling, record keeping and disposal

Data handling is the process of ensuring that data is stored, archived and disposed appropriately.

The Data Security and Protection Toolkit (‘Toolkit’) includes questions related to data security handling, record keeping and disposal.

Data handling

PSNC’s data security guidance sets out how data can be handled within and outside of the pharmacy.

Record keeping

In some cases clinical digital data that helps care of the patient may be kept for the lifetime of the patient plus additional time (at minimum). NHSX set out some recommended minimum retention periods within their Records Management Code of Practice for Health and Social Care. The Specialist Pharmacy Service (SPS, sps.nhs.uk) also recommend minimum retention periods for many types of pharmacy data.

Disposal of data and related contracts

If there is no longer a valid reason to keep personal data (and the data is outside of the minimum retention period you have set) there are methods for destruction. There are three common types of items that may require destruction:

  • paperwork;
  • digital data; and
  • electronic hardware (e.g. a computer hard drive).

Most pharmacy contractors have arrangements with third party expert disposal companies. When using such disposal companies, a written contract should be in place and certificates of destruction should be provided for any data taken away.

Top tips for data disposal (external companies)

Work out your criteria for selection of a disposal company:

  • Is it important for your shredding to be done in front of your eyes (on-site) or off-premises? Some waste contractors will provide this option even if you do not need to view each destruction.
  • Is the company recommended by others?
  • Does the company website provide you with reassurance?
  • If the waste contractor will destroy your hard drives or old computers, have they advised the method for how they will do this?

Other tips:

  • Seek Certificates of Destruction (electronic or paper) for any data taken away from the pharmacy.
  • Plan how many waste data collections are needed (e.g. one per month).
  • Cloud data may also be overwritten or deleted, when this is required. Your cloud data provider should have made available policies regarding data integrity and destruction or may have detailed their processes within the contract.

 

Templates

Pharmacy contractors may wish to download, adapt and use:

DSPTK Template 4: Data handling, record keeping and disposal procedures (see DS templates webpage).

DSPTK Template 21: Supplier list of processors including waste disposal companies (see DS templates webpage).

PSNC’s GDPR WB will also assist contractors with matters that relate to data handling.

Further info

If you have queries on this webpage or you require more information please contact it@psnc.org.uk. To share and hear views about digital developments with like-minded pharmacy team members, join the CP Digital email group today.

 

 

Return to the section: Data security and information governance

Return to the section: Data Security and Protection Toolkit

Return to the Pharmacy IT hub or IT a-z index



Latest Contract & IT news

View more Contract & IT news >

Have you completed the DMS DoC?

Pharmacists and pharmacy technicians are reminded that they must complete the Discharge Medicines Service (DMS) Declaration of Competence (DoC) before...