Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aspects of Data Security Raj Samani Vice President – Communications, ISSA UK Rita Arafa IG Deployment Officer, NHS CFH.

Published bySara Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: "Aspects of Data Security Raj Samani Vice President – Communications, ISSA UK Rita Arafa IG Deployment Officer, NHS CFH."— Presentation transcript:

1 Aspects of Data Security Raj Samani Vice President – Communications, ISSA UK Rita Arafa IG Deployment Officer, NHS CFH

2 Agenda Reported issues Impact C.I.A. What can we do? Wrap-up including Questions

3 Reported Issues The current situation in the media: Reports in the Health Press and General media: There may be a risk of breach of patient data 2008 ‘A year of data breaches' - E-Health Insider 28 Oct 2008 Reports of viruses in hospital systems impacting on patient care NHS hit by a different sort of virus – More4 News 9 th Jul 2009 Fears that patient data could be lost Health data on lost memory stick – More4 News 9 th Jan 2009 Data protection warning as more trusts lose patient records – Health Service Journal 16 th July 09

4 Impact When electronic clinical systems are compromised the following are at risk: Clinical Care Confidentiality Reputation Data Breaches endanger: Confidentiality Confidence Reputation

5 Clinical Care Reports of viruses in hospital systems impacting on patient care: November 08, Mytob computer virus caused havoc in three major London hospitals when it spread so quickly that it overloaded computer networks - 70 patients had to go to other hospitals while ambulances were diverted to neighbouring hospitals to ensure that seriously ill patients did not suffer as a result of the slower manual systems being used Sheffield, 800 PCs infected after just one computer in an operating theatre had its anti-virus software switched off. During March 09 Greater Glasgow and Clyde NHS trust was struck by a computer virus called Conficker, which froze staff out of their computers for two days Building security into key initiatives LAS Despatch Service, one ambulance arrived to find the patient dead and taken away by undertakers

6 Confidentiality A breach of patient’s data can be a breach in patient confidentiality Unauthorised access (internal) Unauthorised access (external) What is the impact?

7 Reputation Confidence be quickly lost by both the Staff using the systems and Patients. Electronic records can end up being incomplete which can further reduce confidence.

8 Reputation Perceived breaches of data security can seriously damage the reputation of both Clinical IT systems and the organisations that use them. “Everyone must recognise that data breaches can cause harm, distress and hassle for the individuals affected, lead to serious financial losses and seriously affect the reputation of organisations.” eHealth Insider 29 Oct 2008

9 C.I.A. and F.U.D It is imperative that the following are protected: Confidentiality Integrity Availability Without introducing: Fear Uncertainty Doubt

10 So what should be done? ISMS – Information Security Management System Establish roles and responsibilities Management Planning – Identify where the gaps are by: Reviewing, checking, implementing Plan-do-check-act

11 Why does it need to be done? To comply with the Data Protection Act (principle 7) For Public Assurance Contractual, Legal and Regulatory Obligations Care Record Guarantee

12 Roles and Responsibilities Information Asset Owner The IAOs are responsible for ensuring that information risk is managed appropriately and for providing assurances to a Board level lead termed a Senior Information Risk Owner (SIRO) Information Asset Administrator IAAs are operational staff with day to day responsibility for managing risks to their information assets. SIRO: Senior Information Risk Owner Is accountable Fosters a culture for protecting and using data Provides a focal point for managing information risks and incidents Is concerned with the management of all information assets Caldicott Guardians Is advisory Is the conscience of the organisation Provides a focal point for patient confidentiality & information sharing issues Is concerned with the management of patient information Privacy Officers

13 Suppliers: Plan ISMS review & improvement activities e.g. annual audit schedules Plan risk corrective action planning / reviewing etc. Organisation IG: Inform programmes of impending supplier reviews Suppliers: Implement risk corrective action plans Organisation IG: Cascade risk corrective action plans to relevant programmes Monitor risk corrective action plans Suppliers: Implement ISMS review & improvement activities Submit results to Organisation e.g. audit reports, risk corrective action plans, areas of concern, evidence of BAU activities Suppliers: Review ISMS review & improvement activities Organisation IG: Review results Provide guidance and influence supplier improvement activities e.g. audit schedule Ensure there is evidence of BAU ISMS activities Process Overview

14 Information Assurance Regulatory Bodies ICO: Information Commissioner’s Office Independent authority set up to promote access to official information and protect personal information CESG: The Information Assurance (IA) arm of GCHQ and is the Government's National Technical Authority for IA responsible for enabling secure and trusted knowledge sharing, which helps its customers achieve their aims. http://www.gchq.gov.uk/about_us/cesg.html CPNI: The Government authority which provides protective security advice to businesses and organisations across the national infrastructure. CSIA: The Central Sponsor for Information Assurance (CSIA) is a unit within the UK Government's Cabinet Office providing a central focus for Information Assurance (IA) activity across the UK.

15 Some positive quotes: The Royal College of GPs has put their support behind the national rollout of the Summary Care Record. They said concerns over security of records and patient confidentiality had now been resolved, and declared ‘the need for a shared record is compelling’. A team of RAF security experts recently spent three days attempting to penetrate the wireless networking component of a managed service covering healthcare for British Forces in Germany - and failed. The secure networking is part of a managed service, PAS 2.0, for Guy’s and St Thomas’ NHS Foundation Trust. eHealth Insider Jan 09 The Royal Marsden Hospital director of ICT Jon Reed said: "We've been able to create a remote environment that enables clinicians to have access to the applications they require but at the same time enforce the highest level of security for confidential patient records.” Public Sector Case study silicon.com Aug 08

16 Any Questions?

Download ppt "Aspects of Data Security Raj Samani Vice President – Communications, ISSA UK Rita Arafa IG Deployment Officer, NHS CFH."

Similar presentations

Safer IT Systems for the NHS Dr. Maureen Baker CBE DM FRCGP Special Clinical Adviser NPSA Clinical Safety Officer CfH.

Safer IT Systems for the NHS Dr. Maureen Baker CBE DM FRCGP Special Clinical Adviser NPSA Clinical Safety Officer CfH.
Quality Accounts: Stakeholder Engagement. Introduction.

Quality Accounts: Stakeholder Engagement. Introduction.
Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Www.ethics.qld.gov.au Enhancing ethical culture through ethical decision-making Ethics training.

Enhancing ethical culture through ethical decision-making Ethics training.
Promoting quality for better health services Best practice for laying the groundwork.

Promoting quality for better health services Best practice for laying the groundwork.
Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.

Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.
Building the highest quality services in the country Nigel Barnes March 2008.

Building the highest quality services in the country Nigel Barnes March 2008.
Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.

Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.
Child Safeguarding Standards

Child Safeguarding Standards
Information Governance – Who Cares? Alistair Stewart Information Governance Co-ordinator.

Information Governance – Who Cares? Alistair Stewart Information Governance Co-ordinator.
Improving outcomes for older people: Monitoring and regulating standards Ann Close 8 th June 2011.

Improving outcomes for older people: Monitoring and regulating standards Ann Close 8 th June 2011.
Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.

Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.
Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.

Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.
Governance and quality Ian Sharp November 2006 Aims of the presentation To highlight the importance of quality management and quality assurance in the.

Governance and quality Ian Sharp November 2006 Aims of the presentation To highlight the importance of quality management and quality assurance in the.
National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.
About CQC Sarah Seaholme Ram Sooriah 1 1.

About CQC Sarah Seaholme Ram Sooriah 1 1.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Public Health and Healthy Local Government Maggi Morris Executive Director of Public Health Central Lancashire.

Public Health and Healthy Local Government Maggi Morris Executive Director of Public Health Central Lancashire.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Contents Introduction Public protection

Contents Introduction Public protection

Similar presentations

Ads by Google