In light of recent implementation of the General Data Protection Regulations, we thought it would be timely to send an update to reassure practices that the agreement previously agreed between GPC Wales and Shared Services Partnership (SSP) regarding remote access for their post payment verification work DOES NOT put a practice at risk of breaching their responsibilities under GDPR legislation.
The agreed process for remote monitoring via SSP is as follows:
- SSP will telephone the practice to discuss the planned timing of PPV to ensure this is mutually convenient and then email the practice to confirm the arrangements for the “remote" visit. This includes requesting that the practice complete a signed temporary access agreement - in this document, the practice will see that two post payment verification (PPV) officers sign the agreement which ensures that the PPV process goes ahead if one of the SSP officers was unexpectedly away and thus this ensures minimal disruption to practices preventing rescheduling of the activity.
- The practice then has to provide a password for access to the clinical system to the two designated PPV officers (their email address will be on the practice agreement). This password should be sent via Move-It facility electronically to facilitate a secure and audible email trail.
Feedback so far from practices who have undergone remote PPV have found it far more efficient and less disruptive to the running of the practice. SSP have also seen benefits in terms of more effective time management. Rest assured, in the event of any queries these will be raised with the practice in the normal way and practice given opportunity to address them.
Attached is the formal guidance that confirms that this process does not breach GDPR and this advice has been checked by both NWIS information governance leads and the information commissioners officers. Therefore, this should provide sufficient reassurance to practices.