Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Governance - Supporting National Systems ASSIST North West Branch Event Wrightington Conference Centre, Wigan 24 th June 2008 Charles Yeomanson.

Similar presentations

Presentation on theme: "Information Governance - Supporting National Systems ASSIST North West Branch Event Wrightington Conference Centre, Wigan 24 th June 2008 Charles Yeomanson."— Presentation transcript:

1 Information Governance - Supporting National Systems ASSIST North West Branch Event Wrightington Conference Centre, Wigan 24 th June 2008 Charles Yeomanson Acting Director of IT

2 Agenda Information Governance requirements NPfIT Information Governance controls Systems/products Review of IG controls Future implementations Q & A

3 NPfIT Information Governance Requirements OBS NPfIT Contract Schedule 1.7 (730.) Care Record Guarantee (CRG) ( ) Statutory/legal – DPA, Access to Health records

4 NPfIT IG controls Registration and Authentication Role-Based Access Control (RBAC) Legitimate Relationships and Workgroups Patient Consent/Dissent Sealed Envelopes Audit Alerts

5 NPfIT IG controls – in context Am I who I say I am?Registration and Authentication (Smartcard) What types of clinical data may I access and can I update it? RBAC Can I access Mrs Smith’s clinical data?Legitimate Relationships and Workgroups Can Mrs Smith prevent her clinical data being shared outside her local GP? Consent and Dissent to data sharing Can Mrs Smith not have a Summary Care Record? Consent to Store (have a Summary Care Record) Can Mrs Smith protect parts of her clinical data? Patient “sealed envelope” Can I find out if someone has accessed Mrs Smith’s records inappropriately? Audit and Alerts

6 RBAC NHS Care Record Guarantee: “Show only those parts of your record needed for your care” Governs which functions are accessible and indirectly what type of data can be accessed 3 attributes Job Roles, Areas of Work, Activities Users must be granted relevant attributes by a trust nominated Sponsor Activities may be granted automatically as a result of a user’s Job Role (and Area of Work) Issue: Over-complexity

7 RBAC vision RBAC rationalisation (V.23, V24) Post-based allocation of access rights Integration of HR/RA processes/technology Further info:- registrationauthorities/access-control/rbac

8 RBAC rationalisation BeforeAfterReduction Activities340104236 Areas of Work2907283 Job Roles17515160

9 Patient Consent/Dissent to Share I nformation sharing across organisational boundaries NHS Care Record Guarantee: “allow you to control whether the information recorded about you by an organisation providing you with NHS care can be seen by other organisations that are also providing you with care” The patient consent status can have 3 values: -Consented -Dissented (implied dissent, if no NHS No.) -Not stated (implied consent)

10 Patient Consent/Dissent to Store Following promises made by Lord Warner, and the recommendations of the Ministerial Taskforce a patient may choose not to have a Summary Care record NHS Care Record Guarantee: “Before we create your Summary Care Record, you can decide not to have a Summary Care Record at all.” If there already was one, it will no longer be visible using the CSA Further information: now/how-can-i-find-out-more/nhs-crs-summary- leaflets/summary_leaflet_online.pdf

11 Legitimate Relationships Control who has access to a patient’s clinical record NHS Care Record Guarantee: “allow only those involved in your care to have access to records about you from which you can be identified, unless you give your permission or the law allows” A user cannot access a patient's clinical record without an LR There can be more than one LR per patient LRs have lifecycles (creation -> status change -> expiry) Determined by Workgroup membership Mostly “under the bonnet”

12 Legitimate Relationships Types:- patient referral patient self-referral patient registration subject access request patient complaint or litigation expressed Patient Consent to access Court Order or other legal demand GP registration Two types of LR enable a user working in a specific context (defined by their profile) to gain access to a patient clinical record: Self-Claimed Colleague-Granted.

13 Work Groups and LRs Clinician permitted access as has valid LR via the Workgroup to the patient Patient has “Self-referral” LR with Workgroup Clinicians may also self-claim a direct relationship not related to any Workgroups but raising an alert Workgroup Clinician is a member of Workgroup Receptionist may also be member of Workgroup

14 Parent WG WG-2WG-3WG-1 ‘Child’ Workgroups User permitted access as has a valid LR inherited via the Parent Workgroup to the patient Patient has LR with WG-1 User is member of Parent WG Workgroup Hierarchies LR granularity is a local Information Governance policy issue Keep simple initially and expand with experience

15 Seal and Seal and Lock NHS Care Record Guarantee: “Usually you can choose to limit how we share the information in your electronic care record which identifies you.” Enable patient to restrict access to sensitive information Access controlled by Workgroups A patient has two levels of dissent to share: -Seal -Seal and Lock Exceptional use Alert sent to privacy officer, if someone accesses information that has been sealed by another Workgroup

16 Seal and Seal and Lock

17 Smallest unit that can be sealed is -a Clinical Statement -a document (Summary Care Record) -PACS study Can be done at the time, or retrospectively Acknowledged in Clinical Decision Support (CDS) and transfers between systems RBAC controls are required for the management of sealing Sealed data can be accessed with patient consent or with legal justification Refusals carry a reason and a free text note (sent to PSIS)

18 Clinician Sealing A clinician may feel that there is some information that they should seal from the patient On sealing, information -is visible to all clinicians -should not be passed to PSIS -is not included in Subject Access Request/HealthSpace Clinician seals do not expire on the death of a patient

19 Use of Clinician Sealing Clinician seals can be used when:- the disclosure of information is likely to cause serious harm a child or person lacking competence has requested that the information is not disclosed to their guardian confidential 3 rd party information is present a patient has explicitly asks not to know about it Information needs to be temporarily withheld, which might otherwise alarm the patient Test results will be automatically withheld for a standard period of time

20 Audit NHS Care Record Guarantee: “keep a note of everyone who accesses the records about you” “Every time someone accesses your record, we keep a record of who they were and what entries they may have made.” Who has done what, when and to whose record Audit of creation, viewing, updates and soft deletions of records Outputs and configuration changes Contractual requirement, but different degrees of implementation Current systems mainly lack user reporting capability Comprehensive audit functionality in Lorenzo Rel. 1 Currently work being undertaken with suppliers on national audit

21 Alerts NHS Care Record Guarantee: -“ There may be times when someone will need to look at -information about you without having been given -permission to do so beforehand. This may be justifiable, for -example, if you need emergency care. We will tell you if the -action cannot be justified. ” Privacy Officer alerted when anyone accesses sealed information without (electronic) permission, with or without patient consent Patients must be alerted (via HealthSpace) of any: -change in sealing status -access that triggers an alert Alerts are through TES (Transaction Event Service) Generated now for Self-claimed LRs with Clinical Spine Application (for accessing PSIS with Spine release 2006-B)

22 IG Controls – Some NW Systems SystemRBACConsent to Share Consent to Store Legitimate Relationships Sealing iPM√√--- LE2.2√√-√ (local - Trust level) - Lorenzo Release 1 √ √ *-√ (National) - Lorenzo Release 2 √√√√ (National) √ Theatres (ORMIS) √ (local) ---- Maternity (Evolution) √ (local) ---- Child Health (CH2000) √ (National from Q3 08) - (local, not shared) -√ (local – Q1 09) - PACS/RIS R1 (GE/HSS) √ (Local) ---- PACS/RIS R2/3 √√?√ (Security Rel – 09) -

23 Data Sharing with Lorenzo NME single database instance Data sharing from Release 2 onwards Require LRs to control access LRs require PDS-traced NHS number Must acknowledge Consent to Share Access to untraced patients in the MPI restricted to the organisation that created them

24 Lorenzo Releases – Functional Summary

25 Workgroups and LRC Artefacts NHS Trust Clinics Specialties Oncology Antenatal Dermatology Seafield Landscale Oncology Cardiology Dermatology SF1 SF2 SF3 SDS Workgroup Hierarchy NT1 NT2 NT3 Oncology NT1 Seafield Oncology Clinic SF3 CL1 Oncology Clinics Registered Users 1 st Wednesday Team 3 rd Wednesday Team Users can be grouped into teams and associated with artefacts Lorenzo Operational Artefact Associating an Artefact with a Workgroup enables record access control in the application workflow SF3

26 Deployment of Legitimate Relationships Can be enabled on a Trust by Trust basis subject to the consent of each individual Trust. The design of LORENZO allows a CSC administrator to turn on LR creation and update separately to Turning on LR confirmation for each NHS Trust that is going to support use of legitimate Relationships at Release 1.

27 Q & A ?

28 Update on SHA-Hosted PCT Events Pilot consultation January 10 events February Follow-up March Attendees:- Heads of IG, IM&T, Information Security, Compliance & Governance, Performance & Information, RA Managers, Auditors, Data Quality, Primary Care Facilitators, … and a Caldicott Guardian

29 Update on SHA-Hosted PCT Events SHANo. of PCTs No. of PCTs attended No. of delegates East Midlands9812 East of England151422 London311930 North East12 8 North West242139 South Central9917 South East Coast7616 South West141314 West Midlands171428 Yorkshire and the Humber13 21 TOTAL151129207

30 SHA-Hosted PCT Events – Issues Raised Operating Model/Implementation Support: Mis-alignment of IM&T DES and IGT Lack of resources Lack of skills/vacancies Lack of importance given to IG Variety of job roles/fragmentation of IG Lack of national direction Inaccuracy/lack of clarity around IGT Lack of IG training Lack of Tracking Database training

31 SHA-Hosted PCT Events – Issues Raised Communications: Lack of internal comm’s to PCT and via SHA Lack of mandate to communicate to GPs

32 SHA-Hosted PCT Events – Suggestions Materials: SoC in a Box Checklist of actions for PCTs Timeline of activities for PCTs

33 SHA-Hosted PCT Events – Suggestions Events: IGSoC team to attend IG forums Hold National IG forum IGSoC team to attend regional PRIMIS forums to make facilitators aware of latest developments Include rep from DIPU in future events Include someone who has successfully tested things out to share lessons learnt in future events Hold workshops for PCTs to share best practice

34 SHA-Hosted PCT Events – Suggestions Communications: More regular comms (mailing lists) Sharepoint site for SHA Membership and contribution to eSpace Be more interactive with GPs / give them more info of IGSoC requirements Contact IGT administrators directly Establish communication links with PCTs

35 SHA-Hosted PCT Events – Contacts David Stone – Communications Manager Jan Birley - Migration Manager IGSoC Team 0113 397 3646

Download ppt "Information Governance - Supporting National Systems ASSIST North West Branch Event Wrightington Conference Centre, Wigan 24 th June 2008 Charles Yeomanson."

Similar presentations

Ads by Google