GDPR for care home, Compliance Software 15Jan, 2018
GDPR? What is it and what does it mean to your care organisation

Put May 25, 2018 in your diary as a significant date. This is when the Data Protection Act 1998 will be replaced by the General Data Protection Regulation (GDPR).

All personal information your care home has needs to be protected and handled in line with GDPR.

Personal information, in the GDPR context, is information that can identify living individuals (either on its own or on conjunction with other information already available).

GDPR Readiness

Some examples below:

  • Name
  • DOB
  • Address
  • Gender
  • NHS number
  • Occupation

All organisations who deal with special categories of personal data will have to comply with GDPR. Special categories of personal data can include the below:

  • Health information
  • Information relating to race, ethnicity, religion, or sexual orientation

To comply with GDPR, you will need to ensure that personal information is:

  1. Processed fairly, lawfully, and in a transparent manner
  2. Collected for specified, limited purposes
  3. Adequate, relevant and limited to what is necessary
  4. Accurate and kept up-to-date
  5. Kept in a form which permits identification for as long as necessary and no longer
  6. Processed in a manner that ensures appropriate security

Points to consider:

Legal Basis and Consent

  • Under GDPR, if your legal basis for collecting and sharing personal information is consent, then that consent needs to be informed, explicit, and recorded. You will only be able to use the information for the consented purpose, and any further use will require further consent. Can you currently evidence this?
  • There are other legal alternatives for collecting, using and sharing personal and special category data that may be more appropriate than consent, such as it’s in the vital interest (life or death) of the individual concerned. Are you aware of all of these?
  • You will need to document the legal basis for all personal information your organisation utilises.

Data Quality

  • Do you have data quality controls in place to ensure your information is accurate and up-to-date?

Retention Periods

  • Are you aware of retention periods relating to all information types so you are compliant with GDPR? You will need to document this under GDPR.

Information Security

  • Care home providers could be exposed if they are using paper or archaic care systems that are not designed with the latest standards of encryption and secure access
  • Under GDPR, you will be responsible for ensuring any contracted third-parties do not compromise your compliance with GDPR. Can you be certain that your system providers meet the GDPR requirements?
  • Do you hold personal data on external hard drives or USBs? What are your security controls for these mobile devices?
  • Do you have access and audit controls in place to ensure only authorised staff are seeing sensitive information?

Subject Access Requests

  • Both staff and residents can request to see what information you hold on them (a subject access request). Under GDPR, the timeframe for legally responding to these is changing, as is the ability to apply a fee. Have you updated your processes to reflect these changes? Are all staff and residents aware of this right?
  • Can you access your information quickly to comply with these requests? Do you know where all your information is stored?

Dependant on how you have answered the above, your care home may not be compliant with the new GDPR regulations.

Want to know more information on GDPR? Follow this link for the Information Commissioner Office 12 step guide to becoming compliant.

Cura Systems can help!

Don’t panic, there is an easy way to becoming compliant with GDPR. That is to utilise a company that understands data protection legislation on special categories of personal data and is committed to supporting other organisations in being compliant with GDPR.

Cura Systems offer intelligent and modern care planning system, medication management, staff planning, mobile care monitoring, notes, electronic care plans, and time and attendance monitoring software.

Using Cura will provide you with some reassurance that your information is secure and quickly accessed when needed, but only accessible to authorised individuals. Cura does this, and more, for care companies while also empowering them to utilise their information in a way that makes their information more useful to increase service efficiency and enable them to achieve to golden care and management standards.

Give your care home the competitive advantage, talk to the Cura Systems team today. Email info@cura.systems or call us on 020 3621 9111.

We are committed to executing a robust data protection strategy to ensure Cura Systems’s electronic care management  is compliant with GDPR and other data protection legal requirements

Data Protection, GDPR Awareness 9Jan, 2018
Cura is committed to executing a robust data protection strategy

We are committed to executing a robust data protection strategy to ensure cura systems complex care management software is compliant with gdpr and other data protection legal requirements.

Data Protection Compliance

We have recruited a Data Compliance and Security Officer, Jessica Hiscock, on a full time basis to inform and advise Cura Systems and our employees about our obligations to comply with the GDPR and other data protection laws. More importantly, to provide us with the means to do so through the task of producing and implementing relevant policies and procedure, as well as spreading awareness and knowledge through training.

Ensuring Robust Data Protection with Jessica Hiscock as Data Compliance Officer

Jess previously worked within the Data Protection and Confidentiality Department at Abertawe Bro Morgannwg University Health Board, covering both Information Governance and Information Security remits. She was the department’s lead trainer to over 16,000 staff (as well as additional voluntary staff, students, and contracted employees), the lead auditor on data protection compliance across the whole Health Board, and the first point of contact for any queries.

She will monitor and audit Cura Systems compliance with GDPR and other data protection laws and advise on any identified information risks. Her role is primarily a preventative-focused one where, instead of waiting for a data breach to occur, she is instead tasked with anticipating threats to information and actively working to prevent them from having real-world negative impacts. Jess is also here to support disaster recovery and business continuity management to ensure that any incidents are appropriately managed to reduce harm to Cura Systems and its data subjects.

Susuana Ocansey, our National Delivery Manager and her team will be your first point of contact for any queries (internal or external) regarding the data we process and will ensure that individuals are aware of their rights regarding the information we hold about them.

Contact the Cura Support team for more information, call 020 3621 9117 or email support.cura@cura.systems.