Presentation is loading. Please wait.

Presentation is loading. Please wait.

London Public Health Transition Delivery Board Information & Intelligence Task-to-finish Group Workshop 7 th Nov 2012 Date: 07.11.2012 Version: 0.1.

Similar presentations


Presentation on theme: "London Public Health Transition Delivery Board Information & Intelligence Task-to-finish Group Workshop 7 th Nov 2012 Date: 07.11.2012 Version: 0.1."— Presentation transcript:

1 London Public Health Transition Delivery Board Information & Intelligence Task-to-finish Group Workshop 7 th Nov 2012 Date: Version: 0.1

2 Introduction Aim: - Support transition of PH I&I to London Boroughs; 2 nd networking workshop & quality check of products to support transition Objective 1: - quality assurance of template Privacy Impact Assessment Objective 2: - quality assurance of template Information Sharing Agreement Objective 3: - publicise and explain N3, Smartcards and secure Objective 4: - publicise and explain compliance (NHS IGT) and safe haven concept Objective 5: - products for London Councils web site Page 2 AGENDA – Introduction, Robert Creighton Morning Workshop, Stephen Elgar and Thanas Loli LUNCH Afternoon Workshop, HYTEC, Robin Ingram BREAK Panel Q/A Close

3 Page 3 Key Data Sources (SUS, ONS, HPA, IC) LA/PH team csu LA/PH team Delegating to third party IT LA/PH team WHAT IS YOUR BUSINESS MODEL?

4 Page 4 Introduction WhyWhatHow Safehaven Confidentiality & security assured for Data at rest & in transit Compliance (NHS IGT) assurance N3 connection Secure NHS smartcards Are these products good enough? Do they make sense? Is there anything else we need? Privacy Impact Assessment template – based on Information Commissioners Office Why do a PIA? Identify and mitigate risks Reputation Public trust and confidence Avoid expensive bolt on solutions Cabinet Office requirement for England Central Govt. Informs project media strategy Enlightened self-interest Information Sharing Agreement template – based on Information Commissioners Office Possible Implementation if required Possible Implementation if required Implementation! TOOLSTOOLS Product will have: Risks and mitigation Recommendations for implementation Legal basis for processing Information asset set and data flows Data Protection Act Principle analysis ICO Q&A Format: the purpose for sharing; the organisations involved, potential recipients or types of recipient and the circumstances in which they will have access; the data to be shared & legal & professional basis for sharing: data quality – accuracy, relevance, usability etc; data security; retention of shared data; individuals rights – procedures for dealing with access requests, queries and complaints; review of effectiveness/termination of the sharing agreement; and sanctions for failure to comply with the agreement or breaches by individual staff;

5 Posters; N3, Secure & Smartcards Page 5 N3 connection options Secure Smartcards 15 mins Please record on feedback forms: Are these briefings useful? Y / N If not how can they be improved? What is missing? Are there alternative approaches

6 Privacy Impact Assessment template Page 6 Privacy Impact Assessment template – based on Information Commissioners Office Why do a PIA? Identify and mitigate risks Reputation Public trust and confidence Avoid expensive bolt on solutions Cabinet Office requirement for England Central Govt. Informs project media strategy Enlightened self-interest Product will have: Risks and mitigation Recommendations for implementation Legal basis for processing Information asset set and data flows Data Protection Act Principle analysis ICO Q&A Talk 20 mins Discussion 40 mins

7

8 Privacy Impact Assessment template Section 2; Key Risks, Issues and Controls Page 8 Risks / IssuesControls / Mitigation Accountability of Boroughs and other legal entities Clear accountability for holding of information stated as information assets in context of NHS IGT & ISO27000 Annual review of arrangements Most data is non-personal, personal data is a controlled exemption (by the Caldicott Guardian) Handling personal identifiable data Data quality improvement should be a part of the procedures for handling information A time limit for holding each type of information should be set Procedures for handling Subject Access Requests required There should be no further sharing without consent or a legal basis beyond the safehaven of the Borough Data sharing without consent Refresh of partnership organisations Fair Processing Notices and registration with Data Protection Act The need for consent from patients and / or agreement from National data sources and possible Section 251 application Option of Information Sharing Agreement (documents and provides evidence of care and consideration NOT legal basis) No further sharing without consent Data loss (reputational damage and fine) Safehaven: series of technical, procedural and staff controls to limit the risk of loss of data (assumption is that the Safehaven handles personal information) It is recommended that there is an annual audit IGT assessments as part of annual statement shared with Clinical Commissioning Group – annual review Option of Information Sharing Agreement Liability and compensation / indemnity – further work may be required to define this

9 Privacy Impact Assessment template Section 3; Implementation Page 9 Clear accountability Handling personal identifiable data Data sharing without consent Data loss (reputational damage and fine)

10 Privacy Impact Assessment template; Annex A; Use of template - stakeholders Page 10 London Borough Public Health Informatics Service address London Borough Public Health Informatics Service Manager contacts details London Borough Public Health Informatics Service Caldicott Guardians contacts details Clinical Commissioning Group address Clinical Commissioning Group Manager contacts details Clinical Commissioning Group Caldicott Guardians contacts details Commissioning Support Unit address Commissioning Support Unit Manager contacts details Commissioning Support Unit Caldicott Guardians contacts details

11 Privacy Impact Assessment template; Annex B Data Sources and confidentiality Page 11 Data Source DetailLegal basis for processing and Confidentiality implications Public Health Mortality Files, Public Health Birth Files (PHMF, PHBF). Supplied by ONS directly to DPH or nominated representative, over NHS.net or other GSI address. Accessible only to individuals who have signed ONS data confidentiality declarations; will continue to be supplied after transition whether the data set holds personal information? whether the data set holds Confidential information not in the public domain? Where there is personal information then the source data Controller must have approved release and be in agreement with the way in which data is processed Section 251 exemption may be required, application for this is likely to be in agreement with the Data Controller of the source. …

12 Information Sharing Agreement template Page 12 Talk 15 mins Discussion 20 mins Information Sharing Agreement template – based on Information Commissioners Office Format: the purpose for sharing; the organisations involved, potential recipients or types of recipient and the circumstances in which they will have access; the data to be shared & legal & professional basis for sharing: data quality – accuracy, relevance, usability etc; data security; retention of shared data; individuals rights – procedures for dealing with access requests, queries and complaints; review of effectiveness/termination of the sharing agreement; and sanctions for failure to comply with the agreement or breaches by individual staff;

13 Small Group Discussions (1 hour) Privacy Impact Assessment (40 minutes) Is this template useful? If not how can it be improved? What is missing? Are there alternative approaches Information Sharing Agreement (20 minutes) Is this template useful? If not how can it be improved? What is missing? Are there alternative approaches Page 13

14 Morning Workshop Summary (40 minutes) Page 14

15 References NHS IGT https://www.igt.connectingforhealth.nhs.uk/https://www.igt.connectingforhealth.nhs.uk/; GMC Confidentiality Guidance ICO London RA website National RA & training User Identity Management & National RA guidance Page 15

16 Contact Details London Queries and issues


Download ppt "London Public Health Transition Delivery Board Information & Intelligence Task-to-finish Group Workshop 7 th Nov 2012 Date: 07.11.2012 Version: 0.1."

Similar presentations


Ads by Google