Records, role-based access, retention, and secure disposal

Good confidentiality practice depends on how information is created, stored, accessed and destroyed. Routine, old or printed records, and items waiting by the printer can still contain sensitive information.

Role-based access and secure working

• Access only what you need for your current role: do not open records out of curiosity or for future use.
• Keep records accurate: errors in names, addresses, medicines or contact details increase privacy and safety risks.
• Use clean-desk and clear-screen habits: close PMR screens, service forms and label previews when not actively using them.
• Keep paper secure: store documents in locked areas and collect printouts promptly.

Retention and disposal

ICO guidance on special category data requires keeping only the minimum necessary and following retention and deletion policies. Practically, keep records for the period required by law or your pharmacy's policies, and dispose of them securely once they are no longer needed.

• Do not put confidential paperwork in general waste: use confidential waste sacks, locked bins or secure shredding services.
• Dispose of labels, consultation notes and printouts properly: even small fragments can identify patients.
• Follow IT disposal processes: deleted files, old devices and removable media must be processed through approved disposal routes.
• Escalate uncertain records: if you are unsure whether a record should be destroyed, ask a manager or data protection lead.