Shared drives are the digital backbone of most general practices. From HR policies to patient templates, rotas to complaints logs, they hold everything your team needs to run the business of healthcare. But without structure, naming conventions or access controls, your shared folders can quickly become an unmanaged sprawl - one that increases the risk of data breaches, lost documents, or staff using outdated files.
This is a companion discussion topic for the original article at https://patient.info/doctor/information-governance-and-security/how-to-organise-your-shared-drive-before-it-becomes-a-risk
Hi - can you confirm if anything patient related stored in the shared drive must not have patient identifiable information? Can we use their EMIS number as a way to identify if needed
Hello @m.barratt,
Please consult your DPO for a definitive answer, but generally it depends on the security and governance of where you shared drive is stored - eg, a shared practice server or a encrypted online service within the UK are probably ok, but may not be depending not the service - You’d have to complete a DPIA process to be sure.
However, even if you use a pseudo ref number (like the EMIS number) to store the data, you may want to consider how you would find and retrieve this information for Subject Access Requests (as the data stored is still about them).