We understand our responsibility to keep information secure. We work hard to protect the information we hold from unauthorised access, alteration or destruction. In particular we:
- have clear policies and procedures in place regarding information security
- review our policies and procedures regularly to guard against unauthorised access
- restrict access to personal information to those who need to process it
- have contractual confidentiality agreements in place with all those who need to access/process the information
- use robust technical solutions to support secure connections between web browsers and our web servers
Patient identifiable information
Section 251 of the NHS Act 2006 allows the common law duty of confidentiality to be set aside for the collection and use of patient identifiable information. Approval is only given where the work aims to improve patient care and is in the public interest.
The work we do at The Trauma Audit & Research Network has been approved and our approval is reviewed annually. It is reviewed by the Confidentiality Advisory Group, within the Health Research Authority. Part of the approval process is focused on the security of the information collected.
Confirmation of legal basis for processing of person identifiable data
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.