An authority that handles personal information about individuals has a number of legal obligations to protect that information under the Data Protection Act 1998


Under the Data Protection Act 1998 Borders Health Board is a data controller and is registered as such with the Information Commissioner's Office (ICO). The Board's registration can be found on the ICO's Data Protection Public Register - Registration Number Z772810X.


All NHS Borders employees are bound by the NHS Borders Information Governance Code of Conduct.


NHS Borders staff members are required to undertake online Data Protection Training upon commencement of their contract and every two years thereafter.


There are a number of patient information leaflets available that detail what the information will be used for and how to obtain access to it. Leaflets are displayed in Ward and Outpatient Areas and the NHS Borders web page contains links to information on what patients' rights are. This information includes how patients can access their health records.


Third Party data processing agreement in place for local and national contracts.


Privacy Monitoring tool, FairWarning v3.1.8, deployed and in routine use to monitor inappropriate use of clinical systems. Robust policy developed in conjunction with HR and Partnership to respond to confirmed incidents.