CNMs and DONs – What you should know about the EU GDPR

GDPR for ADONs and CNMs

Are you a Director of Nursing or a Clinical Nurse Manager?

You should know the following about the EU General Data Protection Regulations (GDPR).

There has been a lot of buzz in the HR sector around the new data protection regulations that come into force next year. Last week, I got down to reading up on the GDPR and what struck me was the fact that these changes could potentially affect many of the companies we work with.

What is it and does it affect me?

New data protection regulations are due to come into force in May 2018. These regulations define how organisations use personal data. Personal data is any information that can be used to directly or indirectly identify a person. This includes: names, photographs, email addresses, bank account details, social media posts, medical information and even computer IP addresses.

This also includes medical identifiers such as specific genetic, physical, physiological and mental factors.

Further, health data is held to an even higher protection standard. Therefore, whether you work in a hospice, nursing home or provide day or home-care services, the GDPR will affect you.

The GDPR specifically mentions three health related data sets:

  1.  Data Concerning Health

    This refers to physical and mental health data. This includes information that reveals a person’s health status; such as information about the provision of healthcare services. Case sheets, patients’ records and diagnostic reports all contain health data. If your place of work accesses and stores this kind of information, it’s important to be aware of GDPR and the changes to obtaining, storing and using personal data.

  2. Genetic Data

    This refers to data regarding inherited or acquired characteristics which reveal information about the health or physiology of a person. This particularly deals with data that’s been obtained from the analysis of a biological sample from the person in question.

  3. Biometric Data

    This refers to physical, physiological and behavioural data that’s been obtained through specific technical processing and allows the identification of a person. If part of your security, sign-in or clocking procedures involves fingerprint or iris scanning, this constitutes biometric data.

The processing of these 3 data types is prohibited unless one of the following conditions applies:

  1.  The person whose data you’ve collected must have given explicit consent to the processing.
  2. The processing is necessary for preventive or occupational medicine in order to assess the working capacity of the employee, for medical diagnosis, the provision of health and social care or for the treatment and management of health and social care system and services.
  3. It is necessary for  the public interested in the area of public healthcare.

If you work in a healthcare setting and either:

  • keep patient records.
  • collect and store information regarding patient and service users’ medical history.
  • perform and store medical test results and/or behavioural and physiological assessments.

Then the GDPR is certainly something you should be aware of.

As a CNM or DON you may have access to your staffs’ personnel files and while this may not be health-specific, it may still fall under the GDPR.
At Three Q Perms & Temps, we’re getting GDPR ready. If you would like to find out more, the EU GDPR website has additional resources and Absolute Security Solutions has published a Whitepaper about the EU GDPR in Healthcare.
Have you started preparing for the GDPR? In the coming weeks, I’ll discuss what’s different about the GDPR and what to do to ensure that you’re compliant so if you’re already in the process of changing data-protection policy, let me know how it’s going for you; whether it’s been smooth sailing or difficult to put into place.