Five principles of good data hygiene

Before discussing or sending any information over any digital channel,whether web, email or chat, it’s worth thinking through the following simple checklist.


1. WHAT is the nature of the data you’re sending?

Is it sensitive? Is it about someone else? If so, can you make them anonymous (take out their name if you’re sending a text; crop out their face or other distinguishing features, if it’s a picture). If you can’t anonymise them, are you using a fully compliant service like Hospify?

2. WHY are you sending it?

If you are sending information about someone in the course of providing them with healthcare, you do not need their direct consent as long as you are doing it in the course of your job and are handling it in a sensible and responsible manner (this is called “fair process without consent”). If this doesn’t cover what you’re doing, you probably need to get their permission first.

3. WHERE is the data going?

Are you sure that the servers the data will travel through and be stored on are all in the UK or Europe? Do you know where the data will be stored? Will the data be deleted once it’s been sent? (Clue: Using a service like Hospify really helps with this!)

4. WHO defines the guidelines for handling the data?

If you’re sending the data in the course of your job, your responsibilities in handling data will be defined by your employer. You should therefore make sure you’re familiar with their information governance (IG) policies. These should include a set of recommendations for best practice.

5. WHEN do you stop needing the data?

Once you’re finished with the data, the best thing to do is delete it from your phone. If you think there’s a medical or legal reason to keep it, you should make sure you record it in the patient’s medical record or pass it to the appropriate manager for proper archiving.