As you will be aware, medical records are classed under the Data Protection Act ("DPA") as sensitive personal data. As part of the process of using Vu, UKIM asks you to remember all your obligations in respect of such sensitive personal data in respect of handling and storing such data and reminds you that you must comply with the principles for the protection of personal data in the DPA.
We recommend that you do not download or print off the medical records available to you in Vu but that you review them on screen.
However, we recognise that there may be circumstances where you need to print off or download sets of medical records. In such circumstances, we would ask you to keep in mind that many of the accidental disclosures of personal data reported by the Information Commissioner involve circumstances where mobile devices (e.g. laptops, memory sticks, CD-ROMS, flash drives) used to store and transmit personal information are mislaid or stolen. Accordingly, all computers and mobile devices you use to store and transmit medical data should be protected using passwords or appropriate encryption software. All paper or non-encrypted medical data must be stored in locked filing cabinets either in your home or your consulting rooms.
All copies of medical records should be destroyed immediately after you have sent the medical report to UKIM. You should destroy paper documents by shredding them (ideally cross-shredding them). You should destroy electronically stored documents by fully deleting them from the device or by physical destruction of the device (e.g. CD).
If you require further information in respect of the provisions of the DPA, please refer to the Information Commissioner's website at www.ico.gov.uk