Are all paper-based care records kept in locked cabinets when not in use?
Are computer screens positioned to prevent 'overlooking' by visitors or unauthorized persons?
Are staff members using unique passwords (not shared) to access digital care systems?
Are mobile devices (tablets/phones) used for care notes locked with a PIN or biometrics?
Is the handover conducted in a private area where it cannot be overheard?
Are 'Person Identifiable Information' (PII) documents shredded or placed in secure bins?
Is there a clear-desk policy in the nurses' station or administrative offices?
Are staff aware of the procedure for reporting a data breach (to the DPO)?
Is there a Privacy Notice displayed in the home or provided to residents/families?
Are photos of residents only displayed if there is a signed consent form on file?
Is there an up-to-date 'Data Map' or record of what data the home holds and where?
Are archiving and destruction dates clearly marked on archived paper boxes?