We are Guardians of Patient Privacy
#3 What is my role and responsibility with personal data? (July 2024)
Ensuring the confidentiality and security of patient information is paramount to our commitment to quality healthcare. As valued members of the Mediclinic family, it is crucial that each employee upholds the highest standards in data privacy.
Using computers, applications and medical devices, almost every employee in Mediclinic is involved in data processing. Protecting and securing personal data is essential and you play an important role in the entire data privacy framework.
If you are a clinic manager, department head, unit manager, business process owner, project owner or project manager, you have the role of a DATA OWNER. Your responsibilities are:
- To implement privacy and data protection into business processes and units you represent.
- To implement the data protection principles into the business operations you are responsible for.
- To compile and maintain the data register (data set and data flow inventory), assisted by the Privacy Champions.
- To initiate and conduct data privacy impact assessments in areas of high-risk processing activities and to implement corrective actions.
- To monitor compliance with the Privacy and Data Protection Policy and other policies and standard operating procedures and to perform or assign corrective actions.
As EXECUTIVE DIRECTOR or HOSPITAL DIRECTOR, you are ultimately accountable for privacy and data protection compliance in the company and the facilities. Your responsibility is:
- To ensure that an adequate framework, organisation, compliance monitoring and reporting for privacy and data protection matters is in place.
The Information and Communication Technology (ICT), Engineering and Biomedical departments provide and maintain technology of all kind for healthcare services and business operations. If you are in a role of implementing and maintaining technology, you are a DATA CUSTODIAN and your responsibilities are:
- To implement, maintain, monitor and update security controls related to data sets and data flows in any information, communication, technical or biomedical system or device or application.
- To implement safeguards, mechanisms and security controls in order to enable Mediclinic to comply with the data protection principles.
- To implement privacy and security by default in systems, devices and applications.
- To evaluate and procure systems, devices and applications that provide appropriate security controls and, if available, built-in privacy and security features and settings (privacy and security by design).
All employees of Mediclinic, whether a doctor, nurse, health care worker, clerk, officer, manager or any other type of employee, who have access to or process personal data, have the role of a DATA STEWARD. Your responsibilities are:
- To handle patient and employee data with care whether on paper or digitally stored and never leave patient and employee data unattended in publicly available areas.
- To read and to adhere to the Privacy and Data Protection Policy and to other policies regarding health data and information.
- To adhere to standard operating procedures (SOP) which are related to your job profile and your tasks and to comply to the privacy and security controls that are built in those SOP.
- To adhere to information security controls and procedures when executing your tasks.
- To undertake regular data privacy and information security trainings.
- To report a breach of confidentiality or security immediately.
Remember, our dedication to patient well-being extends beyond medical care; it includes safeguarding their privacy. Let us all contribute to fostering an environment where patients can trust that their information is handled with the utmost care and respect.
Thank you for your commitment to upholding the values that make Mediclinic a trusted healthcare provider.