Hostname: page-component-84b7d79bbc-fnpn6 Total loading time: 0 Render date: 2024-07-27T22:56:21.214Z Has data issue: false hasContentIssue false
  • English
  • Français

Compliance with the Data Protection Acts in a psychiatric department: a complete audit cycle

Published online by Cambridge University Press:  22 May 2014

A. Hassab Errasoul ,
M. Cannon  and
D. Cotter
A. Hassab Errasoul*
Affiliation:
Coolock Community Mental Health Service, Coolock Health Center, Coolock, Dublin, Ireland
M. Cannon
Affiliation:
Department of Psychiatry, Education and Research Centre, Royal College of Surgeons in Ireland, Dublin, Ireland
D. Cotter
Affiliation:
Department of Psychiatry, Education and Research Centre, Royal College of Surgeons in Ireland, Dublin, Ireland
*
*Address for correspondence: A. Hassab Errasoul, Galway/Roscommon Mental Health Services, Day Hospital, Ballinasloe, Co. Galway. (Email: ahmedhassabu@yahoo.com)
Get access Rights & Permissions [Opens in a new window]

Abstract

Aim

1) to assess compliance with the Data Protection Acts (DPA) by a Department of Psychiatry in a general hospital, 2) to implement measures that are likely to maximize compliance with the hospital data protection policy, 3) to close the audit cycle by assessing the impact of such measures on departmental compliance with the DPA over five months period.

Method

An individual, anonymised staff questionnaire on data collection practices, procedure of disclosure of data to third parties and previous training on DPA was used to collect information from the department staff. The premises were inspected at different times over a week period using structured checklist. Default points were recorded during each inspection. Post-audit interventions included a mixture of educational interventions and practical solutions. A re-audited took place five months later using the same method.

Results

The baseline audit demonstrated significant lack of compliance with the DPA among staff members and lack of staff training on the DPA. Following the interventions, staff awareness of the requirements of the act rose which in turn lead to better adherence to recommend practices in data handling and to mean default points dropped significantly. Management of manual files appears to constitute the biggest problem in this audit. Daytime breaks were found to pose higher risk to stored data compared with before and after working hours.

Conclusions

A combination of educational and practical interventions including training of staff on the DPA results in overall improvement in compliance and reduction in default points. However, management of manual (physical) data proves to be more difficult and hence will need more input.

Keywords

Actauditcompliancedataprotection
Type
Original Research
Information
Irish Journal of Psychological Medicine , Volume 31 , Issue 2 , June 2014 , pp. 125 - 130
Copyright
© College of Psychiatrists of Ireland 2014 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Bunreacht na hÉireann (Constitution of Ireland) (1937). Article 40.3.1° (on the personal rights of the citizen).Google Scholar
European Union (2000). Charter of Fundamental Rights of the European Union, Official Journal of the European Communities (2000/C 364/01).Google Scholar
Mole, DJ, Fox, C, Napolitano, G (2006). Electronic patient data confidentiality practices among surgical trainees: questionnaire study. Annals of the Royal College of Surgeons of England 88, 550553.CrossRefGoogle ScholarPubMed
My Data – Your Business? (2005). [DVD]. Without Director. Ireland: The Office of the Data Protection Commissioner.Google Scholar
Naughton, M, Callanan, I, Guerandel, A, Malone, K (2012). Medical students’ knowledge of data protection legislation. Clinical Governance: An International Journal 17, 2838.Google Scholar
Office of the Data Protection Commissioner (2009). Data Protection Audit Resource, Office of the Data Protection Commissioner (http://www.dataprotection.ie/documents/enforcement/AuditResource.pdf). Accessed 27 November 2013.Google Scholar
Roch-Berry, C (2003). What is a Caldicott guardian? Postgraduate Medical Journal 79, 516518.Google Scholar
The Data Protection (Amendment) Act (2003). (number 6 of 2003). Dublin: The Stationery Office.Google Scholar
The National Hospital’s Office (NHO) (2007). The National Healthcare Records Management Code of Practice (http://www.hse.ie/eng/services/Publications/services/Hospitals/NHO_ Code_of_Practice_for_ Healthcare_Records_Management_ Version_2_0.pdf). Accessed 27 November 2013.Google Scholar