Confidentiality and security of information

Information held about patients should be accurate, available to those who need to see it, and yet remain confidential. These three principles, especially the last two, may be difficult to achieve together. Electronic record systems can use sophisticated processes, such as Role-Based Access, Legitimate Relationships, and Sealed Envelopes, to enable appropriate security. Use of patient information is covered by legislation, such as the Data Protection Act, by guidance, such as the Care Record Guarantee, and by local information governance processes, such as the Caldicott guardian and Trust Data Protection Policies. Healthcare professionals must be aware of all these, particularly when keeping information for their own use (e.g. logbooks).