External Access Requests
Details and application form for the use of organisations and their staff, such as clinicians and administrators, requesting access to the clinical systems operated by Gloucestershire Health and Care NHS Foundation Trust.
About this service
By completing and submitting the external access request application below you acknowledge that in the course of any work which is proposed to be undertaken external staff, as a result of them being approved for access as per this application, personal and clinical information about patients will be made available which must be treated in the strictest confidence and in accordance with UK law (including the common law duty of confidentiality and the current UK Data Protection Laws). This information must not be discussed or disclosed in any form with any other person(s) or organisation(s) where there is no lawful basis to do so.
When a staff member receives notification of their user account being set up, they must understand that this is for their own individual use in relation to their job role / requirement, and that their account details must not be divulged to any person, or used to enable any other person to access the system (this is a computer misuse act offence). They must promptly change their password if they suspect that another person knows it and report their concerns to the Trust’s Clinical Systems Team (who will raise this as an incident). Furthermore, any suspected breach of confidentiality or the UK Data Protection Laws or a Cyber incident affecting SystmOne must be immediately reported to the Clinical Systems Team
The UK Data Protection Law applies to all data that links to an individual (‘personal data’), including manual data, e.g. patient address labels, print outs from computer systems as well as electronic data. It is important that this information is accurate and kept up to date. If the data is inaccurate the user has an obligation to either amend it or promptly inform the relevant Trust authority. The applying organisation will invoke disciplinary action should a member of its staff intentionally breach confidentiality or process information in a manner that is incompatible with the UK Data Protection Laws.
The above sets out the high level terms and conditions for access to SystmOne. For Gloucestershire Information Sharing Partners detailed terms and conditions are set out in the Gloucestershire Information Sharing Partnership Agreement (GISPA). For all other organisations detailed terms and conditions will be set out in an Information Access/Sharing/Processing Agreement or, for individuals, in a Confidentiality Agreement.
Please note: Line Managers are responsible for completion and submission of this form.
Incomplete applications will be rejected and returned
Further information can be request by emailing: firstname.lastname@example.org
How to correctly complete SystmOne Access External User Access Registration Request Form
Email Address – This should be the applicants professional work address and never personal
SystmOne Workgroup(s) Required – Gloucestershire Health and Care NHS Foundation Trust have over 45 different workgroups setup for specialised areas of access; this ensures system users have the appropriate and adequate patient data / information available to them. The most common of these used for external purposes are:
- GHC Inpatients
- GHC Cheltenham ICT
- GHC Cotswolds ICT
- GHC Gloucester ICT
- GHC Stroud ICT
- GHC Forest of Dean (Tewkesbury, Newent & Staunton ICT)
Access Required – Mark only one type of access to indicate what is required. If the request is disproportionate to the job role of the applicant the application will be declined, this is at the discretion of GHC and in line with information and governance procedure.
Read Only Access – This access is to view into SystmOne only and will not allow a user to input or amend any patient data on the system. It is accessible through a username and password login or via smartcard and does not have a direct access link to the NHS Spine.
Full System Access Smartcard – The applicant must already own an NHS Smartcard when requesting the type of access (giving Smartcard number on the application form), unless an agreement is in place with GHC for a Smartcard to be created. A Smartcard allows for a direct link to the NHS Spine when unlocked with a PIN. Users with this type access can register or amended patient details to the patient’s record in SystmOne.
Full System Access Username and Password – This will not allow users to register patients into the unit from the spine but will allow users to carry out writing to the patient’s record with this level of access.
Lawful Reason for Access – Your lawful reason should be in line with the current UK Data Protection Legislation, if consent is your basis for access be aware that only explicit unambiguous consent is acceptable.
How would you ensure that the access is lawful? – Here you should details the processes and systems in place that will ensure that the applicant will only deal with data in the lawful manner stated.
Examples might be: consent questionnaire, role based access, notification of changes is in role, annual IG training, user access reviews.
Justification – This should be a brief description of the agreed reason that the staff member needs access to personal sensitive information.
Sharing Benefits – There should be clear a definable benefit to the sharing, considering the justification to access records will be in relation to provision of care.
Information Sharing Risks – This will be what you consider to be the risks associated with sharing access, such as: loss of data, inappropriate access, misuse of information, inappropriate disclosure.
Document Attachments – This should be any specific sharing agreement, contract, Service Level Agreement, scripts (if used for consent). Evidence that IG Training is up to date – Please note this item is a mandatory requirement (e.g. IG e-learning certificate).