Clinical Information Systems – Access & Audit – 7.03
SECTION:
7 – CONFIDENTIALITY AND INFORMATION GOVERNANCE
PROCEDURE:
7.03
NATURE AND SCOPE:
POLICY & PROCEDURE - TRUST WIDE
SUBJECT:
CLINICAL INFORMATION SYSTEMS – ACCESS & AUDIT
This policy and procedure aims to provide an effective and robust framework for
safeguarding Patient information contained within RiO.
DATE OF LATEST RATIFICATION:
APRIL 2015
RATIFIED BY:
STRATEGIC INFORMATION GOVERNANCE GROUP
REIVEW DATE:
APRIL 2018
IMPLEMENTATION DATE:
MAY 2015
ASSOCIATED TRUST POLICIES
AND PROCEDURES:
ISSUE 2 – MAY 2015
Information Sharing Between Professionals, Service Users and
Carers Policy - 4.01
Information Systems Security Policy & Procedure - 7.01
Safe and Secure Handling of Confidential Information - 7.04
Information Life Cycle - 7.05
Clinical Records Management Policy & Procedure- 7.06
Operation of a Registration Authority Policy - 7.07
Information Services Data Quality Policy - 7.08
Access to Information Policy – 7.09
Information Technology Acceptable Use Policy & Procedure7.10
Digital Investigations Policies & Procedures- 7.12
Information Governance -7.15
Information Risk - 7.16
Clinical Information Systems – Access & Audit – 7.03
NOTTINGHAMSHIRE HEALTHCARE NHS FOUNDATION TRUST
U
CLINICAL INFORMATION SYSTEMS - ACCESS & AUDIT
U
CONTENTS
1.0
Introduction
2.0
Policy/Procedure Principles
3.0
Definitions
4.0
Duties
5.0
Clinical Information System User Responsibilities
6.0
Conditions of Access to Clinical Information Systems
7.0
Sponsorship
8.0
Training
9.0
User Roles and Levels of Access
10.0
Legitimate Relationships and Patient confidentiality
11.0
Systems Administration
12.0
Auditing Access to Patient Information
13.0
Live and Anonymous Information Held for Testing
14.0
Live Information Held for Archiving and Back-Up
15.0
Implementation
16.0
Target Audience
17.0
Review Date
18.0
Consultation
19.0
Relevant Trust Policies
20.0
Monitoring Compliance
21.0
Equality Impact Assessment
22.0
Legislation Compliance
23.0
Champion and Expert Writer
24.0
References/Source Documents
Appendix 1 –Authorised Sponsors
Appendix 2 – List of Staff who can Request Ad-Hoc or Unscheduled Access Audits
Appendix 3 – Record of Changes
Appendix 4 – Employee Record of Having Read the Policy/Procedure
ISSUE 2 – MAY 2015
1
Clinical Information Systems – Access & Audit – 7.03
NOTTINGHAMSHIRE HEALTHCARE NHS FOUNDATION TRUST
U
1.0
CLINICAL INFORMATION SYSTEMS - ACCESS & AUDIT POLICY & PROCEDURE
U
INTRODUCTION
1.1
The Trust has a legal obligation to comply with all appropriate legislation in respect of
Data, Information, IT Security and Records Management. It also has a duty to comply with
guidance issued by the Department of Health, other advisory groups to the NHS and
guidance issued by professional bodies.
1.2
All legislation relevant to an individual’s right of confidentiality and the ways in which that can
be achieved and maintained are paramount to the Trust. This relates to roles that are reliant
upon both manual and computer systems.
1.3
This policy and procedure sets out how access to Clinical Information Systems along with
appropriate audits measures will be managed in a way that enables the Trust to honour
these obligations.
2.0
2.1
3.0
U
POLICY/PROCEDURE PRINCIPLES
This policy and procedure ensures appropriate safeguards and processes are in place,
which in turn ensures Patient information is held securely, confidentially and that clinical and
physical risks are reduced by the safe and appropriate availability of information.
U
DEFINITIONS
3.1
Clinical Information Systems are used by Nottinghamshire Healthcare and forms an
important part of the Electronic Patient Record (EPR).
3.2
Clinical Information Systems within this document are classed as all electronic systems
and/or databases containing Patient identifiable information in use within the Trust.
3.3
A Legitimate Relationship exists where it is appropriate for a system user to have access to
the information of Patients whose care they are directly supporting.
3.4
A Self-Declared Relationship exists where a system user has a requirement to access
Patient information not automatically included within a Legitimate Relationship. Clinical
Information Systems require additional clarification and information accessed this way is
subject to further audit controls.
3.5
There are various sponsors within the services / localities who “sponsor” the access to
clinical Information systems to enable individuals to use and access systems. The sponsor
is responsible to the legitimate relationships highlighted along with notifications of any
changes which may impact on the access requirements.
3.6
HIS relates to the Health Informatics Service, a corporate department of Nottinghamshire
Healthcare.
3.7
Systems Administration is the main team responsible for administering the Trust’s main
Clinical Information Systems. Part of HIS. (see 3.6)
ISSUE 2 – MAY 2015
2
Clinical Information Systems – Access & Audit – 7.03
4.0
U
DUTIES
4.1
The Information Asset Owner/s (IAO) as agreed and identified on the Information Asset
register have overall authority for access to relevant Clinical Information Systems and the
access model/guideline employed to manage access to them.
4.2
The Information Asset Administrator/s (IAA) have operational responsibility for managing
access to Clinical Information Systems and Reports in line with the access model/guidelines
authorised by the IAO/’s.
4.3
The Clinical Information Systems Manager has overall responsibility and is responsible for
defining and agreeing access requests in liaison with the IAO, that fall outside of the normal
guidelines set out by the access model.
4.4
Sponsors are responsible for appropriate authorisation of system users and ensuring the
details of those whom they have sponsored are up to date, appropriate and accurate. (See
section 7 for further details).
5.0
U
STAFF RESPONSIBILITIES
5.1
All professionals within health and social care and third parties working for or with the Trust
are responsible for ensuring that, within their own practice they comply with the relevant
professional standards as well as those standards defined locally and nationally.
5.2
In practice, staff are responsible for any records, which they create or use. This responsibility
is established at, and defined by law. Furthermore as an employee of the NHS or working
as part of a team within the NHS, any records which they create are deemed to be public
records.
5.3
Everyone working for or with the NHS who records, handles, stores or otherwise comes
across information has a personal duty under the Common Law Duty of Confidentiality. The
Data Protection Act 1998 and the Access to Records Act 1990 places statutory restrictions
on the use of personal information, including health information.
5.4
Individuals who have access to Clinical Information Systems have a responsibility to ensure
that they inform either their original Sponsor or another authorised Sponsor of any changes
to their circumstances, including, but not restricted to a change of:
•
•
•
•
•
•
Name
Team or Service
Role
On call provisions
Termination of contract
Access requirements (additional or removal of surplus information)
5.5
The Sponsor’s responsibilities are detailed in section 7.0
5.6
All Patient related information held within any Clinical Information System forms part of the
Patient record. It is the system user’s responsibility to ensure the information held within the
system is accurate and entered in a timely manner.
5.7
The following policies provide further information on Data Quality and Timeliness:
•
•
Clinical Records Management Policy - 7.06
Information Services Data Quality Policy -7.08
ISSUE 2 – MAY 2015
3
Clinical Information Systems – Access & Audit – 7.03
6.0
U
CONDITIONS OF ACCESS TO CLINICAL INFORMATION SYSTEMS
6.1
The Trust has a responsibility to maintain the highest levels of data protection and security
and must therefore make sure access to any Clinical Information Systems is only available
to appropriate users at all times.
6.2
Access to Clinical Information Systems shall only be granted where a system user:
6.3
6.2.1
Is employed by the Trust, a partner agency with an appropriate information sharing
agreement or holds an honorary contract
6.2.2
Is Social Care Staff working within the Multi-Disciplinary Team
6.2.3
Is required as part of their role to access or maintain Patient information directly in
support of care provided by the Trust
6.2.4
Has been trained or else signed off as a competent user by the Trust’s IT Trainers
6.2.5
Has been sponsored by an appropriate and approved Sponsor
6.2.6
Has signed appropriate forms for access to the Trust’s network and Clinical System,
which confirms their agreement to comply with statutory, national and local policies
Access to Clinical Information Systems may be restricted, suspended or revoked where
system user:
6.3.1
Has failed to comply with section 6.2
6.3.2
Has not accessed the system for twelve consecutive weeks
6.3.3
Has changed their job role and requires additional training in accordance with section
8.0
6.3.4
Has failed, or is suspected of failing to follow best practice guidance in respect to the
use of Clinical Information Systems
6.3.5
Has failed, or is suspected of failing to maintain accurate and up to date information
within the system, in accordance with the Information Services Data Quality Policy
(7.8)
6.3.6
Has breached, or is suspected of breaching Patient confidentiality, is the subject of a
data protection/security investigation or has otherwise failed to maintain appropriate
IT security
6.3.7
Has failed, or is suspected of failing to comply with section 10.0 in respect to Patient
confidentiality
6.3.8
Has failed, or is suspected of failing to maintain the confidentiality of their user name
and password for any Clinical Information System/s or other IT system
6.3.9
Is subject to any other form of investigation requiring the suspension of their access
to Clinical Information System/s as authorised by a senior manager
6.3.10 Has in any other way misused, or is suspected of misusing Clinical Information
System/s or any other IT systems provided by the Trust
ISSUE 2 – MAY 2015
4
Clinical Information Systems – Access & Audit – 7.03
6.3.11 Will be taking 12 weeks or more from work i.e. maternity / paternity leave, extended
sick leave, carers leave or career break
6.3.12 Has through their actions and/or communications led Health Informatics Service
(HIS) staff to believe that further training and guidance is required to ensure the safe
and accurate use of the system, pending further investigation and re-accreditation
from the IT Trainers
7.0
7.1
U
SPONSORSHIP
All access to Clinical Information Systems shall require appropriate authorisation
(sponsorship). Sponsors shall be responsible for:
7.1.1
Authorising user access for staff working within their team/service within which they
have sufficient seniority to permit access to Trust Services (See Appendix 2)
7.1.2
Ensuring access and user roles are appropriate and Patient information is required
directly in support of care provided by the Trust and otherwise meets the
requirements set out in section 6
7.1.3
Ensuring Legitimate Relationships are appropriate and access to clinical areas (i.e.
ward, team, clinic etc.) is allocated appropriately (See sections 9 & 10)
7.1.4
Ensuring access and user roles are relevant and up to date, informing the Systems
Administration team of any changes to user details, their access or other information
7.1.5
Ensuring the Systems Administration team are informed if a system user changes
role, or leaves
7.1.6
Ensuring that system users have the appropriate training for their role, informing the
IT Trainers or Systems Administration team of any unmet training requirements /
specific training needs
7.1.7
Immediately informing the Systems Administration team, or the Clinical Information
Systems Manager of any breach of Patient confidentiality or any other condition of
access to Patient information as set out in this policy and procedure
7.2
Sponsors are appointed and entrusted to act on behalf of the Trust’s Caldicott Guardian in
determining access rights and maintaining the appropriateness of that access and will be
held accountable by the Trust for their actions.
7.3
Sponsors will be required to apply to the Systems Administration team who will verify their
appropriateness and limitations (i.e. their areas of clinical responsibility).
8.0
U
TRAINING
8.1
The IT Trainers provide training and support by qualified trainers, who maintain appropriate
training materials in line with current best practice. New user and refresher training is
available for all aspects of Clinical Information Systems.
8.2
The IT Trainers can be contacted by email: [email protected]
8.3
Access to Clinical Information Systems shall only be granted to competent users who have
received appropriate training to the satisfaction of the IT Trainers.
8.4
Where a system user changes role, it may be necessary for additional training to be
provided by the IT Trainers before access to that system is amended or updated.
31TU
ISSUE 2 – MAY 2015
5
U31T
Clinical Information Systems – Access & Audit – 7.03
8.5
Following software upgrades and implementations of new functionality, it may be necessary
for additional training to be provided by the IT Trainers prior to accessing the new
functionality.
8.6
Cross organisation or ‘cascade’ training from colleagues is not permitted, expect by prior
agreement with the IT Training Manager and the Clinical Information Systems Manager.
8.7
The IT Trainers also provide support and training for basic IT skills where required.
8.8
Information Governance Training must be undertaken as part of the Trust’s mandated
training on an annual basis within each financial year to ensure staff are fully aware and
compliant with confidentiality / security requirements. The training for IG found at
https://www.igtt.hscic.gov.uk/igte/index.cfm?communityid=2
31TU
9.0
U
U31T
USER ROLES AND LEVELS OF ACCESS
9.1
The Trust seeks to maintain the highest levels of data protection, security and Patient
confidentiality. In order to maintain Patient trust and to comply with legislation and best
practice, access to Clinical Information Systems is restricted to that which is necessary to
fulfil the system user’s job role.
9.2
Clinical Information Systems generally operate a ‘role-based’ access policy, which means
access is granted in accordance to the job role of the system user. Where possible, systems
will be configured with user roles in line with the national RBAC (Role Based Access Control)
or PBAC (Position Based Access Control). It may be necessary for the access levels within
each role to vary between clinical services in order to comply with local operating procedures
and standards, however the principles of providing access to systems will be consistent
Trust-wide.
9.3
In addition to the user role, each system user will be given automatic access to certain
screens relating to Patients whose care they are directly associated. This is called
“Legitimate Relationship” and is detailed in section 10.
9.4
It is the responsibility of the Systems Administration team to maintain the user roles and
access controls and to ensure they remain relevant, consistent and that they continue to
comply with current operating practice and guidance where this is not nationally set. Where
a significant change is required to any one user role, or to the access level of any users or
groups of users, they shall seek the approval and guidance of The Clinical Information
Systems Manager. The IAO(s) shall have overall responsibility and authority for the user
roles and access controls used within the systems, via the Strategic Information Governance
Group.
10.0
10.1
U
LEGITIMATE RELATIONSHIPS AND PATIENT CONFIDENTIALITY
In addition to the user role, each system user shall be given automatic access to information
relating to Patients whose care they are directly supporting. This is called “Legitimate
Relationship”. An example of a Legitimate Relationship might be the requirement to access
information of Patients within a ward, clinic, or who are allocated to a particular HCP’s
caseload. A comprehensive audit is maintained of all information accessed within the
Clinical Information Systems, but it is considered to be appropriate for that user to have
access to information about Patients with whom they have a ‘Legitimate Relationship’.
U
10.2
U
It will be necessary for some system users to search for information for Patients with whom
they have no Legitimate Relationship. This may be for administrative reasons, or where they
need to provide care or support for Patients outside of their normal setting. It is important to
retain this facility to reduce clinical risk, particularly in the community or within a hospital for
ISSUE 2 – MAY 2015
6
Clinical Information Systems – Access & Audit – 7.03
staff operating an ‘on-call’ system. Where a Patient’s information has been accessed in this
way, the system will require a reason for accessing that Patient’s information. This is called
“Self-Declared Relationship”. A reason must be selected from the pick-list and a comment
must be entered into the free-text box. Regular audits shall be made of the use of the Selfdeclared relationship facility.
U
U
10.3
It is important to remember that Patients are entitled to know who has access to their
information, when and by whom their information has been viewed. The Clinical Information
Systems maintain a comprehensive audit trail.
10.4
System users shall only access Patient information where it is necessary to support their job
role. Accessing confidential information where there is no legitimate reason, or disclosing
confidential information inappropriately is forbidden. Access audit information shall be
available to senior managers and clinicians in order for them to protect the confidentiality of
Patients in their care. Further information is detailed in section 12.0.
11.0
11.1
U
SYSTEMS ADMINISTRATION
The Systems Administration team shall be responsible for the day to day maintenance and
where appropriate configuration, including user access. User access shall be managed
within guidelines laid down by either this policy & procedure or national guidance.
The Systems Administration Manager shall have responsibility for the management of all
configuration and user access, where this is not controlled by Smartcard/Registration
Authority.
11.2
In order to ensure access to information within Clinical Information Systems is maintained
appropriately and remains secure, the Systems Administration and Systems Maintenance
functions shall be restricted to the Systems Administration team. Exceptions to this rule shall
only be made for official support arrangements, for instance the resetting of passwords or
temporary access for essential maintenance and development. Where clinical systems are
not managed by the systems admin team this will be undertaken by the authorised team.
11.3
The Systems Administration team shall require appropriate authorisation for any changes to
user access and shall be required to keep evidence of such for audit purposes. Without
appropriate authorisation, changes to user access shall not be completed, except for the
suspension of access due to investigation, misuse of systems or leavers etc. (See section 7.)
12.0
U
AUDITING ACCESS TO PATIENT INFORMATION
12.1
The Trust takes its obligation to Patient confidentiality seriously. In order to retain Patient
confidence the Trust must demonstrate its commitment to keeping their information safe.
The Trust must also give assurances of its compliance with statute, national and local
operating standards.
12.2
The nature of the services provided by the Trust further enforce the need to tightly control
and audit access to the information of its Patients.
12.3
All Clinical System users should be aware that their activity may be audited at any time and
may also be used to provide evidence to support investigations into suspected or actual
breaches in Patient confidentiality, data security, fraud and corruption, or the physical
security requirements of low, medium or high secure facilities.
12.4
Access to Patient information shall only be granted in support of a user’s job role and shall
be limited to information required to carry out their specific duties. Where the clinical
Information system does not automatically grant access to information via a Legitimate
Relationship, the system may require the user to provide a reason for accessing that
ISSUE 2 – MAY 2015
7
Clinical Information Systems – Access & Audit – 7.03
information. A reason must be selected from the pick-list if appropriate and a comment must
be entered into the free-text box. More information regarding Legitimate Relationships is
included in section 10.
12.5
For the purposes of access audits, the Systems Administration team shall be taken to mean
staff members working within and in support of the Systems Administration team.
12.6
Unscheduled access audits shall be completed upon request from an appropriate member of
staff in confidence by the Systems Administration team. See Appendix 3 for a list of
appropriate staff. Requests for unscheduled audits should be made directly to the Systems
Administration Manager, or the Clinical Information Systems Manager.
12.7
The Systems Administration team shall audit the use of Self-declared Relationships
quarterly. Significant misuse of this facility (including insufficient explanation for access) shall
be reported to the Clinical Information Systems Manager. The records of each audit shall be
recorded and retained as per national guidance.
12.8
The Systems Administration team shall audit the use of Self-declared Relationships for any
individual user or groups of users at the request of an appropriate manager. The request and
results of each audit shall be recorded.
12.9
Service/General Managers, Clinical Directors and appropriate senior staff shall have access
to online reports that detail individual or summary audit information for Patients or HCPs
within their area.
12.10 Audits of access to high profile or vulnerable Patients will be monitored on a regular basis
and reports provided to appropriate managers.
13.0
U
LIVE AND ANONYMOUS INFORMATION HELD FOR TESTING
13.1
All training shall take place on training instances that have been anonymised, where
demographic details are scrambled and assessment information and clinical/progress notes
have been removed completely.
13.2
All development testing shall take place on testing instances that have been anonymised,
where demographic details are scrambled and assessment information and clinical/progress
notes have been removed completely.
13.3
Copies of the live databases (containing real Patient information) shall be retained solely for
testing updates to resolve problems with real data. Access to these databases will be strictly
controlled and audited.
13.4
Where external suppliers and contractors are required to access live Patient information
away from a Trust site, access shall be granted on a case by case basis and will be
monitored and audited. Access will only be allowed via an N3 connection, in compliance with
the confidentiality agreements between the supplier, the Trust and Health & Social Care
Information Centre, including the Information Governance Statement of Compliance (IGSoC)
required to establish the N3 connection. Access to computers connected via N3 must be in a
secure and unobserved “safe haven”.
14.0
14.1
U
LIVE INFORMATION HELD FOR ARCHIVING AND BACK-UP
For system performance reasons and in compliance with medical records (retention)
policies, it is necessary to store Patient identifiable information outside of the Clinical
System. Access to this information shall normally only be permitted from within the system
and shall be managed and audited as defined in this policy and procedure.
ISSUE 2 – MAY 2015
8
Clinical Information Systems – Access & Audit – 7.03
14.2
15.0
15.1
16.0
17.1
17.0
17.1
18.0
18.1
For system resilience and recovery it is necessary for back up copies of live Patient
information to be held within the Trust’s data centres. Access to this information will be
managed and audited as defined in this policy and procedure.
U
IMPLEMENTATION
This policy does not require an implementation plan as this policy formally approves current
working policy.
U
TARGET AUDIENCE
The target audience for this procedure is all staff of Nottinghamshire Healthcare and partner
agencies who require and are eligible for access to Clinical Information Systems, including
their Sponsors, Team Leaders, General Managers, Clinical and Executive Directors.
U
REVIEW DATE
This policy/procedure shall be reviewed in three years or sooner if required
U
CONSULTATION
The creation and review of this procedure shall be in consultation with:
•
•
19.0
U
RELEVANT TRUST POLICIES/PROCEDURES
•
•
•
•
•
•
•
•
•
•
•
20.0
U
Strategic Information Governance Group
Executive Leadership Council (ELC)
Information Sharing Between Professionals, Service Users and Carers 4.01
Information Systems Security - 7.01
Safe and Secure Handling of Confidential Information - 7.04
Information Life Cycle - 7.05
Clinical Records Management - 7.06
Operation of a Registration Authority - 7.07
Information Services Data Quality - 7.08
Information Technology Acceptable Use- 7.10
Digital Investigations - 7.12
Information Governance -7.15
Information Risk - 7.16
MONITORING COMPLIANCE
20.1
The Systems Administration Manager shall be responsible for maintaining regular access
and administration audits as detailed within this policy and procedure, Liaising with the
Information Asset Owner and reporting twice yearly to the Strategic Information Governance
Group.
20.2
The effectiveness of this policy and procedure shall be assessed annually by the Strategic
Information Governance Group.
21.0
21.1
U
EQUALITY IMPACT ASSESSMENT
Following the completion of an equality impact screening exercise it has been concluded that
a full impact assessment is not required. The purpose of this policy and procedure is to
safeguard Patient information and therefore has no impact on individuals or institutional
processes.
ISSUE 2 – MAY 2015
9
Clinical Information Systems – Access & Audit – 7.03
21.2
22.0
22.1
23.0
No adverse impact or positive discrimination has been identified across any of the equality
strands/protective characteristics. However, monitoring will be carried out periodically across
all strands to ensure consistency.
U
LEGISLATION COMPLIANCE
This policy and procedure has been considered in context of the following legislation and
guidance:
• Data Protection Act 1998
• The Caldicott & Caldicott 2 Review
• Common Law; Duty of Confidence
• Access to Health Records Act 1990
• The Computer Misuse Act 1990
• ISO 17799 (Information System Security)
U
CHAMPION AND EXPERT WRITER
23.1
The Champion of this procedure is the Caldicott Guardian.
23.2
The Expert Writer of this procedure is the Systems Administration Manager.
ISSUE 2 – MAY 2015
10
Clinical Information Systems – Access & Audit – 7.03
APPENDIX 1
U
LIST OF APPROPRIATE SPONSORS
•
Caldicott Guardian
•
Senior Information Risk Owner
•
Divisional Director/Associate Director
•
Medical Director/Associate Medical Director
•
Divisional Managers
•
Director/Associate Director of Nursing/Allied Health
•
General Manager
•
Clinical Director
•
Service Manager
•
Support Manager
•
Ward Manager
•
Team Leader
•
Clinical Information Systems Manager
•
Systems Administration Manager
ISSUE 2 – MAY 2015
11
Clinical Information Systems – Access & Audit – 7.03
APPENDIX 2
U
LIST OF STAFF WHO CAN REQUEST AD-HOC OR UNSCHEDULED RiO ACCESS AUDITS
•
Caldicott Guardian
•
Senior Information Risk Owner
•
Divisional Director/Associate Director
•
Medical Director/Associate Medical Director
•
Divisional Managers
•
Director/Associate Director of Nursing/Allied Health
•
Clinical Director
•
General Manager
•
Head of Security
•
Service Manager
•
Support Manager
•
Ward Manager
•
Team Leader
•
Head of Health Informatics
•
Clinical Information Systems Manager
•
Systems Administration Manager
•
IT Security & Compliance Manager
•
Mental Health Act & Information Governance Manager
•
Appropriate managers in line with authorised investigations
ISSUE 2 – MAY 2015
12
Clinical Information Systems – Access & Audit – 7.03
APPENDIX 3
Policy/Procedure for:
Clinical Information Systems – Access & Audit
Issue:
02
Status:
APPROVED
Author Name and Title:
Richard Detheridge, Systems Administration Manager
Issue Date:
MAY 2015
Review Date:
APRIL 2018
Approved by:
STRATEGIC INFORMATION GOVERNANCE GROUP
Distribution/Access:
NORMAL
RECORD OF CHANGES
DATE
Jan 15
AUTHOR
R Detheridge
/ M Robinson
ISSUE 2 – MAY 2015
POLICY/
PROCEDURE
7.03
(Issue 2)
DETAILS OF CHANGE
Deletion of system names to be more generic
across all clinical systems
13
Clinical Information Systems – Access & Audit – 7.03
APPENDIX 4
EMPLOYEE RECORD OF HAVING READ THE POLICY/PROCEDURE
U
Title of Policy/Procedure : Clinical Information Systems – Access & Audit
U
I have read and understand the principles contained in the named policy/procedure.
PRINT FULL NAME
0B
ISSUE 2 – MAY 2015
SIGNATURE
14
DATE