Provider of Healthcare and Risk Management Services
A leading provider of healthcare and risk management services for insurers, employers and individuals, who have been clients since 2007 when they became Teed’s first annual service contract client.
The client wanted to understand how they compared with best practice and whether or not they were fully compliant with the requirements of the UK’s Data Protection Act 1998 (DPA). Through our long-standing relationship with the client, they knew that Teed had the necessary expertise to provide them with guidance on the Data Protection Act.
Our consultant performed a DPA gap analysis through a combination of one-to-one interviews and a document review. The requirements of British Standard BS10012:2009, the specification for a personal information management system, were also taken into consideration during the gap analysis.
The interviews involved meeting with key people from across the organisation for up to one hour each and taking them through a structured interview using pre-prepared questionnaires to help ensure consistency and focus.
The document review included company policy; the procedures for dealing with personal data, including document storage, retention and destruction; system access control; phone contact with customers; staff training; customer correspondence; marketing material; web site wording etc.
The result was a clear and concise report for management consideration highlighting areas of non-compliance with the DPA and/or the British Standard and including recommended, practical actions to address these areas. Armed with this information, the client can take the necessary steps to ensure they are satisfying best practice and fulfilling stakeholders’ expectations.