The CQC Code of Practice on Personal Information

As a regulator it is the job of the CQC to check whether Hospitals, Care homes, GPs, Dentists and Services in your home are meeting national standards.

Most organisations that the CQC regulates process sensitive personal information in addition to personal information.  The Information Commissioners Office explains that sensitive personal information means personal data consisting of information as to –

(a) the racial or ethnic origin of the data subject,

(b) his political opinions,

(c ) his religious beliefs or other beliefs of a similar nature,

(d) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),

(e) his physical or mental health or condition,

(f) his sexual life,

(g) the commission or alleged commission by him of any offence, or

(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

As it is presumed that this type of information can be used in a discriminatory way and is of a very private nature. Fines for data breaches concerning sensitive personal data are often the highest issued by the ICO.

The attachment below is the CQC’s code of practice with relation to personal information, the CQC requires that the organisations that it regulates take measures to ensure personal information is handled appropriately, this includes steps taken to dispose of the information once it is no longer required. Secure shredding services help organisations comply with this particular requirement of the code of practice.

CQC Code of Practice on Confidential Personal Information

If your organisation is regulated by the CQC we can help ensure that you are compliant with the destruction element of this particular code of practice. Call us today on 0333 360 1084