End User Systems Access Agreement

This online digital form acts as a formal agreement between Nottingham University Hospitals NHS Trust (NUH), your employing organisation and the submitter. Please do not complete this if your employer has not approved this request and it's terms and conditions. Please ensure your equipment such as Laptop or Desktop is able to run the relevant software such as Nervecentre and you have been issued with an Login / NHS Smartcard. Please ensure your equipment such as a Laptop or Desktop has a smartcard reader if using a Smartcard.

All parties will abide by the Standard Information Sharing Charter for Trusted partners outlined on NUH website below:

Standard Information Sharing Charter

The purpose of this agreement is to enable staff across organisational boundaries to work together more effectively and efficiently, ensuring that patients receive the care and support they need, when and where they need it.

Allowing you access to NUH's systems will ensure essential information is accessible to aid seamless transfers and provision of care.

The access granted will be for 'Direct Care Purposes' only.

Direct Care has been identified by the National Data Guardian 2016 as:

“Direct care: A clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals. It includes supporting individuals’ ability to function and improve their participation in life and society. It includes the assurance of safe and high quality care and treatment through local audit, the management of untoward or adverse incidents, person satisfaction including measurement of outcomes undertaken by one or more registered and regulated health or social care professionals and their team with whom the individual has a legitimate relationship for their care."

All parties to this agreement will, as appropriate, ensure that records which are being accessed are accurate, complete and up-to-date.

All technical equipment and infrastructure in accessing this system will meet current NHS security standards and provided by your main employer.

Access to the agreed data will only be used for the agreed purpose as set out in this agreement and on a need to know basis, with robust access procedures in place and strict role based access controls.

Legal Basis for Access

There are a number of Acts which make provision for the sharing of information and impose obligations on the use of personal information for direct care these are;

The Human Rights Act 1998
The Health and Social Care Act 2012
Care Act 2014
The Mental Health Act 2005
The Data Protection Act 2018
Common Law Duty of Confidence

Signatories will ensure that the security and confidentiality of this data is safeguarded and there is no unlawful disclosure.

Duty of Confidence Agreement

Introduction

All information, both written and computer based, relating to patients’ diagnosis and treatment, and to the personal details of members of staff and patients, is strictly confidential. The Trust and anyone accessing this information for ‘direct care purposes’, have a binding legal obligation not to disclose such information to any unauthorised person(s).

This duty of confidence is given legal effect by reference to the Data Protection Act 2018 and the ‘right or privacy’ under the Human Rights Act 1998. It applies to any information which is processed by the Trust (i.e. stored, retained, maintained as a record, amended or utilised for the Trust’s purposes as an NHS Trust), from which a living person is capable of being identified.

Individuals must also observe the “need to know” principle. No individual may seek out any information that they do not need in order to undertake their duties. This applies to the clinical or other personal information of any third party.

In addition to the above, everyone working for or with the NHS who records, handles, stores or otherwise comes across information has a personal common law duty of confidence. This applies equally to those, such as students or trainees on temporary placements.

The implications of not keeping information confidential or in deliberately seeking out personal information that is not required in the course of an individual’s work can, in certain and extreme cases, lead to:

• Disciplinary action
• Professional conduct proceedings
• Legal proceedings/claims for compensation
• Criminal proceedings in certain cases


There are exceptions to the general duty of confidence. If you are unsure and or require further information, please contact a member of staff within the Information Governance Department or your line manager.

Staff are permitted to make disclosure of patient information within the Trust to individuals who require access to that information:

• for the purposes of the diagnosis, treatment and care of patients (who are the subject of the records)

Confidentiality of Written Medical Records

Under no circumstances should information be disclosed by unauthorised persons, any requests for information must be directed to the appropriate person and organisation.

Confidentiality of Computer Based Information

Any information held on computer information systems is governed by the Data Protection Act and Computer Misuse Act 1990 and must not be disclosed without appropriate Authorisation.

Password(s) issued to individual members of staff, to gain access to any computer information system must remain known only to them and under no circumstances should this be divulged or shared with any other person.

Under no circumstances should computer information systems be left active whilst unattended, unless the information is hidden and secured by a password protected screensaver or similar device.

Security Policies and Procedures

This statement is compliant with the Trust’s policy on information sharing and the protection of patient information which will from time to time be updated to take account of changes in the legislation which applies to patient information. Staff will be notified of any such changes as they arise.

Staff Acknowledgement

I, as a member of staff dealing with confidential information acknowledge:

1. Medical records, including extracts and information taken from the medical records, are strictly confidential and the greatest care and secrecy must be maintained regarding their contents and safekeeping.

2. The medical content of patient records should not be discussed by me with any other staff except for training purposes and in the essential course of duty.

3. The use of patient names, addresses or other personal details, for any other purpose than that for which it was originally collected (i.e., the treatment of the patient by the health care professional) is not allowed, nor should details be given to or used by any other party for any reason.

4. Personal details relating to staff members and patients should not be discussed by me with any other member of staff except in the essential course of duty.

5. Deliberately seeking out personal or clinical information relating to another person not required by me to undertake my work is forbidden and I agree to abide by the requirements of this and other Trust policies / procedures relating to the security and confidentiality of medical records / patient information.

I understand that any breach of these requirements could result in disciplinary action.

NHS Smartcard Terms and Conditions

Online NHS Smartcard Terms & Conditions