[Skip to content]

East Midlands Strategic Health Authority
Search our Site
.

Safe Haven Procedure

Background

Safe Haven is a term used to explain an agreed set of arrangements that are in place in an organisation to ensure confidential person identifiable information (e.g. patients and staff information) can be communicated safely and securely. 

Safe Haven Procedures act as a safeguard for confidential information which enters or leaves the organisation, whether this is by facsimile (fax), e-mail, post or other means. Any members of staff handling confidential information, whether paper based or electronic must adhere to the Safe Haven Procedure.

Purpose

To create an organisational wide procedure that will ensure that confidential information in any medium will be transmitted safely and provided with appropriate security.

Scope

This procedure must be adopted by anybody employed or working on behalf of NHS East Midlands or who is, or may be, involved either directly or indirectly with the transfer of personal and confidential information to contacts within and outside NHS East Midlands.

Information relating to NHS East Midlands business may be in any form including computerised files / documents, e-mail messages (and attachments), fax messages, telephone conversations, hard copy documents / letters and information held on magnetic / optical media, being distributed through internal and external mail systems.

Responsibilities

  • Each Director, in their area of responsibility, must ensure that all staff are aware of their responsibilities concerning the handling of confidential / sensitive information, and must ensure that the guidance within this procedure is adhered to.  They must ensure that all sources of confidential / sensitive information sent into and out of NHS East Midlands are advised of the requirements of this policy.
  • All Staff employed by, or working on behalf of, NHS East Midlands involved in the handling of confidential / sensitive information have a duty to respect a data subjects rights to confidentiality and to follow the guidance in this procedure.
  • NHS East Midlands Information Governance Workstream Lead will provide advice as necessary.

 

Processes for Handling Information Securely

Any person-identifiable information received and sent from within the NHS must be handled using the safe haven procedures. The following section details the processes for handling information securely related to specific communication methods.

For the purposes of this procedure NHS East Midlands considers all it’s building with physical security access (restricted to authorised personnel) as safe havens.

Mail

  • All external correspondence must be clearly and accurately marked with the name and address of the recipient. 
  • When sending sensitive material double envelopes must be used. 
  • Sensitive or personal mail should be marked “addressee only.”
  • Bulk person identifiable information (10 or more records) sent via mail must be sent using Royal Mail’s “Special Delivery” service.
  • Further guidance on the processing of information by mail can be found in NHS East Midlands Transportation of Records Procedure.

 

Faxing

  • Wherever possible, frequently dialled numbers must be stored in the memory of the fax machine (speed dial) to reduce the chances of dialling an incorrect number.
  • The fax machine must not be left unattended if waiting to re-dial.
  • If it is necessary to send information by fax, the sender must notify the recipient (or duly authorised person) prior to transmission. Once the transmission is sent the sender must then contact the recipient to confirm receipt.
  • A standard cover sheet containing a “Confidentiality Clause” must be used (see sample attached as Appendix ‘A’).
  • Only the minimum amount of relevant information required by the recipient must be included.
  • In the event of the intended recipient not being present, received faxes must be handed to the intended recipient (or duly authorised person) immediately, and not left in the print tray.

 

Telephone

  • Incoming and outgoing calls may generate confidential / sensitive conversations. Caution must be exercised to ensure sensitive conversations are not overheard.
  • When disclosing confidential or sensitive information over the phone consideration must be given to authenticating the caller.
  • If the information being given is confidential but irrelevant, the caller must be stopped.
  • Confidential information received over the telephone must be processed appropriately, in accordance with existing standards and / or legislation.

 

E-Mail

  • Person identifiable information must only be sent by e-mail when deemed to be absolutely necessary.  This information should be sent to and from an NHS.net account.  If this is not possible the identifiable information must be included within an attached encrypted password protected document, spreadsheet or database. Inclusion within the main body of the e-mail is not permitted.
  • All attachments containing confidential / sensitive information must be password protected. The password must be delivered to the intended recipient via the telephone, and not via email.
  • Steps must be taken to ensure that any confidential / sensitive information is sent to the mailbox of the person or persons who are authorised to see that information and that no unauthorised persons have access to that mailbox / those mailboxes.
  • Before sending / receiving confidential / sensitive emails, confirm the email address with the other party, spelling any words that may cause errors. In addition test messages must be sent.
  • Use must be made of the e-mail “Tracking Options” where available to notify that a message has been delivered and / or read. Otherwise the sender must be telephoned to confirm receipt.
  • A copy of the e-mail and its attached documents must be stored appropriately within manual and / or electronic records, and the original email deleted from both the inbox and deleted items.

 

Appendix A

FAX COVER SHEET

Address

 

IMPORTANT INFORMATION

§         The information contained within this fax is confidential and may be legally privileged.

§         It is intended solely for the addressee.

§         If you are not the intended recipient, any disclosure, reproduction, distribution or other actions taken or otherwise in reliance upon the information is prohibited, and may also be unlawful. 

§         If this document is received by anyone other than the intended recipient, please contact the sender immediately.

To:

      

From:

      

Tel  No: 

      

Tel No:

      

Fax No:

      

Fax No:

      

Date:

      

E-mail:

      

Number of pages (including this cover sheet):       

Message:             

  • pdf
  • Safe Haven Procedure [pdf / 90KB] This document compliments the Transportation of Records Policy creating an organisational wide policy that aims to ensure that confidential information in any medium will be transmitted safely and provided with appropriate security.