Published online by Cambridge University Press: 22 May 2014
1) to assess compliance with the Data Protection Acts (DPA) by a Department of Psychiatry in a general hospital, 2) to implement measures that are likely to maximize compliance with the hospital data protection policy, 3) to close the audit cycle by assessing the impact of such measures on departmental compliance with the DPA over five months period.
An individual, anonymised staff questionnaire on data collection practices, procedure of disclosure of data to third parties and previous training on DPA was used to collect information from the department staff. The premises were inspected at different times over a week period using structured checklist. Default points were recorded during each inspection. Post-audit interventions included a mixture of educational interventions and practical solutions. A re-audited took place five months later using the same method.
The baseline audit demonstrated significant lack of compliance with the DPA among staff members and lack of staff training on the DPA. Following the interventions, staff awareness of the requirements of the act rose which in turn lead to better adherence to recommend practices in data handling and to mean default points dropped significantly. Management of manual files appears to constitute the biggest problem in this audit. Daytime breaks were found to pose higher risk to stored data compared with before and after working hours.
A combination of educational and practical interventions including training of staff on the DPA results in overall improvement in compliance and reduction in default points. However, management of manual (physical) data proves to be more difficult and hence will need more input.