All of our staff, volunteers and Executive Team receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. All staff are trained to ensure they understand how to recognise and report a data protection breach ensuring that the organisation’s procedure for investigating, managing and learning lessons from incidents is well established.

All identifiable information that we hold about you will be held securely and confidentially. We use strict administrative and technical controls to ensure that only authorised staff are able to see information that identifies you where it is appropriate to their role and is strictly on a need-to-know basis.

The hospice also ensures that all electronically stored information, including information collected via our website, is either located on internal servers that are kept up-to-date, protected by passwords and behind a strict network firewall or stored on external servers by organisations that have the certifications to ensure your information is stored securely.

Where we store information on a portable device, the information on those devices will be encrypted to protect against unauthorised access.

All hospice PCs and laptops are protected by up-to-date anti-virus software.

The hospice also ensures that any organisation that we share information with or any support provider that may have the ability to access that information train their staff on data protection and have their own policies, procedures and certifications in place to meet any data protection regulations.

When an individual applies to join the Ayrshire Hospice, personal information about unsuccessful candidates will be held for 3 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

In terms of clinical information, everyone working for the Ayrshire Hospice has a legal duty to keep information about you confidential. The NHS Care Record Guarantee and NHS Constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.

Where clinical information requires to be sent electronically to another health or social care provider it will only be sent using the NHS Mail secure email system.

We will only retain information in accordance with the schedules set out in the Records Management Code of Practice for Health and Social Care 2016. The hospice’s Records Management Policy includes guidance around the secure destruction of information in line with the Code of Practice.

The Hospice has a Caldicott Guardian who is a senior person responsible for protecting the confidentiality of service users and service users’ information and enabling appropriate and lawful information-sharing