Information management systems that meet legal and ethical requirements involve the storing of sensitive material relating to an individual’s care needs. Generally in the form of a care plan, this would involve material stored on an encrypted computer system (password protected with a set log-out time so others cannot view information, should a person be called away from their desk) or a paper i.e. which would be stored in a lockable cupboard and the keys kept on a named responsible person. These requirements would be in-line with the Data Protection Act 1998 and Caldicott principles of good practice on the uses of personal data.
Additionally, section 60 of the Health and Social Care Act 2001 deals with confidentiality and states that ‘patient?identifiable data should not be provided to third parties.