Exam Pass Notes

Download (Word)

Core Principles

• Handle patient information lawfully, fairly and securely, and use it only for authorised purposes.
• Health records are special category data and require heightened protection.
• Apply data minimisation: collect, access, print, copy and share only what is necessary for the task.
• Keep records accurate, factual and respectful, and ensure each record is linked to the correct patient.
• Protect confidentiality in conversations, on screens, paper forms, messages, emails and devices.

Dental Nurse Practice

• Do not share logins, leave screens unlocked or access records out of curiosity.
• Verify identity and authority before discussing information with callers, relatives, representatives or third parties.
• Use approved practice systems. Do not use personal phones, personal email, unapproved cloud services or public AI tools for identifiable patient information.
• Recognise and escalate patient rights requests, including requests for access to records, without delay.
• Raise concerns calmly if confidentiality, record accuracy or information security are at risk.

Breaches and Learning

• A breach can be accidental as well as deliberate: examples include sending information to the wrong recipient, losing paper records, leaving a screen visible, unauthorised access or altered information.
• Contain what you can safely control, but do not delete evidence or investigate alone.
• Report incidents promptly through practice policy so the data lead, manager, dentist or DPO can assess risk and act.
• Certain breaches must be reported to the ICO; delays can increase regulatory and patient risk.
• A practical, calm approach focused on learning improves data protection in the long term.