Data Quality Policy

Forever Dental and Skin needs accurate, reliable, and timely data to provide the best service to patients, employ an effective team, and meet internal and external requirements.

This policy defines our approach to data quality; it includes paper and electronic records.

The Information Governance Lead, Murray Pratt, is responsible for this policy.

The practice maintains data quality to:

• Meet the requirements of UK GDPR and the Data Protection Act 2018
• Manage an effective dental team
• Manage healthcare planning
• Keep accurate NHS forms
• Provide appropriate and timely prevention and treatment to patients in line with current research and best practice guidelines
• Have accurate management information to maintain standards
• Monitor and review activities for continuing improvement

The obligations of the team to maintain accurate data include:

• The Department of Health, the Data Protection and Security Toolkit requirements
• The Data Protection Act 2018 and UK GDPR
• The Freedom of Information Act (2000)
• The Access to Health Records Act (1990)
• Contracts of employment
• Professional codes of practice

The practice data quality standards are:

• Defined and consistent:
  • Team members understand the data that is being collected, and it must be internally consistent
• Timely:
  • Data is collected at the earliest opportunity, clinical notes are contemporaneous, and data is retained for the minimum length of time defined in the Record Retention Schedule (M 215A)
• Complete:
  • Data, as required, is captured in full
• Free from duplication:
  • Data such as patient records or marketing details are not duplicated
• Complete:
  • The required data, such as for a patient record, is complete
• Legitimacy, data is collected following the seven key principles of GDPR:
  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

How we check data quality

• We follow guidance in our Information Governance Procedures (M 217C) for the collection, storage, security, retention and deletion of personal data
• At every patient consultation appointment, we check with the patient that their personal data such as name, date of birth and other patient details in their clinical record is correct
• Whenever we carry out email marketing, we check for email bounces and delete those personal details
• Each year, we review the data requests that we have had from people and make sure that the correct procedure has been followed
• If there is a duplicate patient record, we follow the practice procedure to remove/combine duplicates

Caldicott Principles

We follow the eight Caldicott principles applying to the handling of patient-identifiable information, which are:

1. Justify the purpose(s) for using confidential information
2. Use confidential information only when it is necessary
3. Use the minimum necessary confidential information
4. Access to confidential information should be on a strict need-to-know basis
5. Everyone with access to confidential information should be aware of their responsibilities
6. Understand and comply with the law
7. The duty to share information for individual care is as important as the duty to protect patient confidentiality
8. Inform patients and service users about how their confidential information is used

Training

The Practice Manager, Larisa Zlat, is responsible for training all staff on the importance of the accuracy of any data they input and of always checking patients' details. Information governance and data security training is provided during annual practice meetings.

Review

This policy is reviewed annually.

Related documents

This policy should be read in conjunction with the Data Protection and Information Security Policy (M 233-DPT).