{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

Technology-Enabled Care and Telecare Policy

1. Purpose

The purpose of this policy is to establish clear guidelines for accessing, handling, and managing records related to technology-enabled care (TEC) and telecare services within {{org_field_name}}. This policy ensures that the confidentiality, integrity, and availability of TEC and telecare records are maintained while complying with Care Inspectorate Scotland regulations, Health and Social Care Standards (Scotland) 2018, and Scottish Social Services Council (SSSC) Codes of Practice.

This policy ensures that:

• Records related to technology-enabled care and telecare are managed securely and efficiently.
• Data protection and confidentiality standards are upheld when accessing or sharing TEC and telecare records.
• Only authorised personnel access TEC and telecare records to ensure privacy and security.
• People receiving care and their representatives understand their rights regarding access to TEC and telecare records.
• Regulatory and legal compliance is maintained when handling digital health and care data.

2. Scope

This policy applies to:

• All employees, including care workers, supervisors, and management, who handle, access, or store TEC and telecare records.
• Agency and temporary staff, ensuring they adhere to the same data protection standards as permanent staff.
• People receiving care and their families, ensuring they understand their rights regarding data access.
• Third-party service providers and contractors, ensuring compliance with data protection and security requirements.

3. Legal and Regulatory Framework

This policy aligns with:

• UK General Data Protection Regulation (UK GDPR) – Governing the secure processing of personal and health-related data.
• Data Protection Act 2018 – Setting rules for data handling, security, and access rights.
• Care Inspectorate’s Quality Framework – Defining best practices for managing care-related records.
• Health and Social Care Standards (Scotland) 2018 – Ensuring privacy, dignity, and respect in data handling.
• Freedom of Information (Scotland) Act 2002 – Providing guidelines on record transparency where applicable.
• Public Services Reform (Scotland) Act 2010 – Regulating reporting and monitoring of care-related digital records.
• Scottish Digital Health and Care Strategy – Ensuring safe and effective use of digital technologies in health and social care.

4. Definition of Technology-Enabled Care and Telecare Records

Technology-Enabled Care (TEC) and telecare involve the use of digital tools and remote monitoring systems to support individuals in maintaining their health, safety, and independence at home. These records may include:

• Telecare call logs and alerts (e.g., falls, emergency button activations).
• Sensor and monitoring device data (e.g., motion sensors, temperature monitoring).
• Video consultation and remote assessment records.
• Health and well-being tracking data.
• Secure digital care plans and reports generated from TEC systems.

5. Accessing TEC and Telecare Records

5.1 Who Can Access TEC and Telecare Records?

Access to TEC and telecare records is strictly controlled and granted only to:

• Authorised care staff who require access to perform their duties.
• People receiving care, who have a right to access their own data.
• Legally appointed representatives, including those with Power of Attorney.
• Regulatory bodies (e.g., Care Inspectorate Scotland, Data Protection authorities) for audit and compliance purposes.
• Healthcare and social care professionals, when required for care continuity.
• Third-party providers, only with explicit consent and under strict data-sharing agreements.

5.2 Secure Access Procedures

• Staff must authenticate their identity using secure login credentials when accessing TEC records.
• All access must be logged and monitored to detect unauthorised activity.
• Personal data within TEC records must be accessed only when necessary for service provision.
• Data-sharing requests must be approved by a senior manager and comply with GDPR principles.

6. Confidentiality and Data Protection Measures

6.1 Maintaining Data Privacy and Security

To protect the confidentiality of TEC and telecare records, {{org_field_name}} implements:

• Data encryption and secure storage for all electronic TEC records.
• Access controls and role-based permissions to limit data exposure.
• Regular security audits to ensure compliance with GDPR and cybersecurity best practices.
• Strict password policies and two-factor authentication where applicable.

6.2 Sharing TEC and Telecare Data

• Data should only be shared with explicit consent from the individual or their legal representative.
• Any third-party data access (e.g., NHS, emergency services) must be governed by formal agreements.
• All shared data must be anonymised where possible to protect individuals’ identities.
• If a data breach occurs, it must be reported immediately to the Data Protection Officer and investigated according to GDPR requirements.

7. Retention, Storage, and Disposal of TEC Records

7.1 Retention Periods

• TEC and telecare records will be retained for a minimum of 7 years after the individual ceases to use TEC services, in line with regulatory guidance.
• Records associated with safeguarding concerns will be retained for longer where required.

7.2 Secure Storage

• Digital TEC records must be stored in encrypted, cloud-based, or on-premise secure servers.
• Paper-based records must be securely stored in locked cabinets (if applicable).

7.3 Secure Disposal

• TEC data that has exceeded its retention period must be permanently deleted using secure data-wiping methods.
• Physical records must be shredded and disposed of through confidential waste services.

8. Handling Access Requests and Complaints

8.1 Individual Requests for Access to TEC Records

People receiving care or their legal representatives may request access to their TEC records. Requests must be:

• Submitted in writing to {{org_field_name}}.
• Reviewed and responded to within 30 days.
• Provided in a secure format, ensuring privacy and data integrity.

8.2 Complaints and Disputes

If an individual is unhappy with access decisions:

• They may appeal through the Data Protection Officer ({{org_field_data_protection_officer_first_name}} {{org_field_data_protection_officer_last_name}}) via email at {{org_field_data_protection_officer_email}} or phone {{org_field_data_protection_officer_phone}}.
• If unresolved, they can escalate concerns to the Care Inspectorate Scotland or the Information Commissioner’s Office (ICO).

9. Staff Training and Compliance

To ensure compliance with this policy, all staff must:

• Complete mandatory training on TEC and telecare data security.
• Follow best practices for data access and confidentiality.
• Report any data breaches or concerns immediately to management.
• Regularly update their knowledge on GDPR and Care Inspectorate Scotland data policies.

10. Related Policies

This policy should be read alongside:

• Data Protection and Confidentiality Policy
• Safeguarding and Protection Policy
• Whistleblowing Policy
• Risk Assessment and Incident Reporting Policy
• Cybersecurity and Information Governance Policy

11. Policy Review

This policy will be reviewed annually or sooner if there are changes in legislation, best practices, or organisational needs. Any amendments will be communicated to all staff and relevant stakeholders.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.