A. As part of your preparation for GDPR you must commission an information security audit of your practice computers and network. This should be an external audit. The information security audit should search for unencrypted patient identifiable information on the hard drives of practice computers and servers. Possible examples include downloaded electronic messages, GMS panel lists, referral and discharge letters, scanned documents and spreadsheets.
Advice should be provided by the information security auditors on how to manage such files, whether through incorporation into the GP practice software management system, deletion, encryption at rest, or other means.
Visit our Clinical Hub ยป
