This practice is committed to preserving, as far as is practical, the security of data used by our information systems. We will take all reasonable actions to ensure confidentiality, integrity, and availability of information.

We will maintain the confidentiality of all data within the practice by:

• 👩‍⚕️ Ensuring that only authorised persons can gain access to our systems

• 🚫 Not disclosing information to anyone who has no right to see it

• 🔑 Using secure passwords and multi‑factor authentication where appropriate

• 📚 Ensuring all staff receive regular training on confidentiality and data protection

We will maintain the integrity of all data within the practice by:

• 🖊️ Taking care over data input

• 📋 Ensuring that all changes are reported and monitored

• 🖥️ Checking that the correct record is on screen before updating

• ⚠️ Reporting all apparent errors and ensuring that they are resolved

• 🔄 Keeping systems updated with the latest security patches and software updates

We will maintain the availability of all data by:

• 🛡️ Ensuring that all equipment is protected from intruders and unauthorised access

• 💾 Taking backups at regular, predetermined intervals

• 📑 Maintaining contingency plans for possible failure, theft, or cyber‑attack

• 🧪 Testing contingency plans regularly and keeping them up to date

We will take all reasonable measures to comply with our legal responsibilities under:

• 📖 Data Protection Act 2018 (full text on Legislation.gov.uk): Data Protection Act 2018 (Data Protection Act 2018)

• 📖 UK GDPR Guidance (Information Commissioner’s Office): UK GDPR guidance and resources (UK GDPR guidance and resources | ICO)

• 📖 Health and Safety at Work etc. Act 1974 (full text on Legislation.gov.uk): Health and Safety at Work etc. Act 1974 (Health and Safety at Work etc. Act 1974)

• 📖 Other relevant NHS and professional guidance

• All staff must immediately report suspected breaches, security incidents, or loss of data to the Practice Manager or Data Protection Officer.

• Investigations will be carried out promptly, and corrective actions taken.

• Portable devices (laptops, USB drives, mobile phones) must be encrypted and secured.

• Paper records and electronic media must be disposed of securely in line with NHS guidance.

This policy will be reviewed annually, or sooner if legislation, technology, or best practice changes.