Data Protection is an important consideration for Residential Care Facilities given the volume of sensitive personal, medical and financial data being processed daily within a facility. Since the General Data Protection Regulation (GDPR) came into effect on 25 May 2018 there has been a greater emphasis on an organisation’s responsibility to protect personal data. The new EU-wide legislation provides higher standards of data protection for individuals and increases the obligations on organisations who process personal data.
VCare Complete is an intuitive care and support planning software for residential care organisations. The VCare Complete platform and support services helps facilities manage resident/service users’ personal information and the care/service being provided by a care facility. VCare International Ltd does not specifically collect, manage or process resident information or data but provides support services and tools to organisations who do.
Personal Data in VCare Complete
The personal data collected in VCare Complete includes full personal demographics, contact details, personal relationships, ID numbers, profile and hobbies, correspondence, appointments, medical and non-medical alerts, health diagnosis, prospect information, events such as incidents, accidents, complaints, care information, finance information and staff information.
VCare Complete Security
The most effective method of security is management of access to the server environment where VCare Complete is held. Organisations should have internal Information Governance Policies for Secure Server Environment, Management Access, Robust Backup and Disaster Recovery.
Information held within VCare Complete is protected by access control, authentication, password control, session management, audit controls and activity logging. The software allows for granular access control to the system and can be based on user accounts, user groups, types of data records and specific functions. For specific security each form in VCare Complete can have security levels set to further restrict user access to those users with the appropriate security level. Access is managed via the VCare Administrative Security Functionality.
The VCare app uses secure web services to pass data from the mobile device to the database. No personal information about residents or service users is stored on the mobile device reducing the risk of data protection breaches in the event the device is lost or stolen. VCare Complete also keeps an activity log of records relating to record creation, updating and deletion. It can identify who, when and what activity was performed.
The following authentication methods can be used to control who can access a VCare Installation:
- Windows Domain/Active Directory where users are authenticated against the Windows network active directory
- VCare internal user names and passwords. Users are authenticated against VCare’s own user list and passwords
Users should enable strong passwords that are at least 6 characters long, case sensitive and contain a mixture of different character types. You can set the number of days a password will last for before the user will be prompted to change it. Users can also be prevented from re-using previous passwords when creating a new password. Failed login attempt can disable a user’s account. Sessions will be timed out after inactivity, this allows you to conserve user licences.
Data Subject Access Request
Should you receive a data subject access request it is important to note that personal data in VCare Complete is cross linked to related records. Records can be returned through the Global Person search feature of VCare Complete. It can be searched and retrieved by authorised users.
Should you require further information on VCare Complete and data protection please contact 093 36126 or email@example.com.