A physiotherapist that works regularly in a health centre has concerns that confidential information is not being stored securely. They have seen files left out on desks overnight, and confidential letters have been within easy sight of the reception desk.
They raise this concern with their line manager, who suggests that they contact the practice manager. The practice manager brushes off the concerns as the result of an unusually busy few days when the practice was short staffed. The physiotherapist does not want to cause further difficulty, or jeopardise their current good relations with the practice team. However, they do not see an improvement and remain concerned.
The physiotherapist takes their concerns back to their line manager who considers the benefits of using the Standards. They agree that requesting involvement from the primary care confidential contact may be the best way to ensure action is taken. The confidential contact logs a stage 1 concern and contacts the practice manager to raise the concern directly with them. They do not share who the concern came from.
The practice manager agrees to take action and reminds staff of their responsibilities in relation to data protection. They also develop a short audit process for themselves and their staff to ensure standards are maintained.
The physiotherapist is informed of the action taken and is signposted to stage 2 of the procedure if they do not think that this concern has been resolved.