The Data Protection Act 1998 covers any information that can be used to identify a living person held on a computer or ‘relevant filing system’ (which may be paper-based). Schedule 1 of the Data Protection Act 1998 lists the data protection principles in the following terms:
- Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
All processing of Personal Data must abide by the principles set out above in the Data Protection Act 1998. In summary these principles are that data must be:
- Processed fairly and lawful
- Adequate relevant and not excessive
- Accurate and where necessary kept up to date
- Not kept for longer than necessary
- Processed in accordance with the subject’s rights
- Kept secure
- Not transferred abroad without adequate protection.
The data fields currently collected by Perioperative Logbook include the patients age, the date of the operation, CEPOD grade, ASA grading, operation area, airway information, block details and course details undertaken including hours and credit if applicable. This data is collected for the purpose of the Perioperative Practitioners personal log and to provide evidence of continued practice as required by the HPC Professional Deleration. On their own, these data fields do not allow unique identification of an individual and are meaningless without access to a confidential hospital database, and it is estimated that 340,000 births occur globally each day. The Perioperative Logbook does not allow the inputting of patient identifying data fields.
To gain access to Perioperative Logbook users have to agree to the Terms & Conditions and access their account with an active username and password. The information collected is owned by the Perioperative Logbook who has collected that data and acts as Guardians of the data. No other individual or body shall have access to individual Perioperative Practitioners data without the approval from the Perioperative Logbook administrator. ThePerioperative Logbook data will be monitored by members of the Perioperative Logbook administrator team who will be able to advise on the data collection fields, the analysis of data and the accuracy of the data.