Exam Pass Notes

Download (Word)

Memory spine: Respect, Need to know, Minimum necessary, Secure it, Report quickly

• Respect: treat private information as part of a patient’s dignity and trust.
• Need to know: only access, discuss or share information for a genuine work purpose.
• Minimum necessary: use the least information required to complete the task.
• Secure it: protect screens, paper, images, devices, emails, texts, photos and records.
• Report quickly: escalate possible breaches, subject access requests, suspicious enquiries and confidentiality concerns without delay.

What counts as confidential?

• Names, addresses, phone numbers, dates of birth and appointment details are personal data.
• Prescriptions, symptoms, eye health records, images, measurements and referrals are health information and need extra protection.
• Information can be spoken, written, electronic, visual or inferred from context.
• Staff details are also personal data and must be handled correctly.

Everyday optical risks

• Reception and phone conversations can be overheard; speak quietly or move to private areas when possible.
• Relatives, carers and companions do not automatically have authority to receive information; confirm permission or legal authority first.
• Only open records, images and measurements when needed for a current work task.
• Do not share passwords, logins or smartcards.
• Emails, texts, messaging apps, photos, screenshots and AI prompts are common breach routes; use approved channels and caution.
• Subject access requests may be verbal or written and should be passed to the appropriate person promptly.

If something goes wrong

• Limit further exposure where it is safe to do so.
• Inform the manager, data protection lead or your local reporting route immediately.
• Record the facts: what happened, when, who was involved, which data were affected and what action you took.
• Do not conceal errors or delay reporting.