Data protection law does not stand in the way of providing healthcare and the management of public health issues.
However, any measures taken must be necessary and proportionate. There are important considerations to take into account when handling personal and health data. Data processing to help prevent the spread of COVID-19 must ensure health and personal data are kept secure.
The identity of an affected staff member should not be disclosed. This includes to their colleagues or to third parties. This can only be done where there is a clear justification to do so.
Contact your local data protection officer if you have any queries or concerns around data processing and protection
Protecting personal data when working remotely
Measures to control and prevent the spread of COVID-19 will involve more people working away from their usual office environment.
- Paper-based files containing personal information of clients should not be taken home unless it’s absolutely necessary. If your manager has carried out the required risk assessment and decided it’s necessary for you to have such files at home, then you will need to take extra care to ensure that all information is kept private and secure.
- You can do this by keeping them locked in a filing cabinet or drawer when not in use and making sure they are not left somewhere where they could be stolen or misplaced.
- Please ensure that any paper-based files containing information on clients are not stored in a laptop bag when at home as many burglaries target electronic equipment such as laptops and phones and a laptop bag is a prime target for a burglar.
- Please do not share patient information on personal email (non HSE) or WhatsApp.
- Follow normal HSE ICT policies and procedures around the use of email.They continue to apply when working from home and you should only use HSE computers and devices with the appropriate security features built-in.
- Use your HSE work email accounts rather than personal ones for work-related emails involving personal data.
- Be careful not to send sensitive information to personal e-mail addresses which are not always secure.
- Before sending an email, ensure you’re sending it to the correct recipient.
If you have any queries or concerns in this regard contact your local data protection officer.