As part of the JACIE certification process, we review documentation submitted by centres to assess compliance with our standards. Recently, we have noticed that some centres are inadvertently including patient personal data, such as initials, age, date of birth, and diagnosis, in the documented evidence of activity and on labels.
We would like to remind all centers that patient personal data is not required for the certification process and should not be included in any submissions.
Including this information exposes sensitive data unnecessarily and may breach data protection regulations, such as the General Data Protection Regulation (GDPR). To help ensure compliance and safeguard patient privacy, please follow these guidelines:
- Remove or redact all patient identifiers from documentation before submission. This includes initials, dates of birth, age, diagnosis, or other identifiable information.
- Carefully review all materials before submitting to JACIE to ensure they do not contain patient personal data.
- If you are unsure about whether a document is appropriate, please contact the JACIE Office for guidance at jacie@ebmt.org.
Safeguarding patient data is a shared responsibility and an essential part of our collective commitment to high-quality care. Your cooperation is crucial in maintaining the integrity of the JACIE certification process while ensuring compliance with data protection laws.
Thank you for your attention to this important matter. If you have any questions or need further assistance, please don’t hesitate to reach out to us.
The JACIE Office