Presentation is loading. Please wait.

Presentation is loading. Please wait.

Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison.

Published byCandace Andrews Modified over 8 years ago

Similar presentations

Presentation on theme: "Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison."— Presentation transcript:

1 Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison Emslie, IT Security Manager and IG Specialist Advisor

2 Partners in improving local health To inform VONNE members on IG and IT security, in particular on –Data Protection/Caldicott Principles –IG Toolkit –IT Security (inc encryption) To explain NECS’ role in IG and IT security To offer a Q&A opportunity for VONNE members NHS Unclassified– Slide 2 Objectives

3 Partners in improving local health North of England Commissioning Support (NECS) are an NHS Commissioning Support Unit (CSU) Hosted by NHSE, employed by NHS Business Services Authority (BSA) Formed in 2013 following the new Health and Social Care Act which saw the creation of CCGs, CSUs, and the demise of PCTs and SHAs On a path to autonomy since 2013, expectation of being fully autonomous in 16-17 We are funded from contracts and SLAs with CCGs, NHSE, FTs, LAs, AQPs, etc. NHS Unclassified– Slide 3 NECS – our role and our path

4 Partners in improving local health Commercial approach being monitored and assessed, competing with private sector Increasingly our contracts are won via bidding processes on procurement frameworks Our role in IG and IT is to deliver services and projects to our customers, to advise, to protect and keep safe We serve all NE & Cumbria CCGs, all 400 GP practices in the NE, several FTs and LAs We have one IT system and network which all customers are connected to NHS Unclassified– Slide 4 NECS – our role and path (cont.)

5 Partners in improving local health DP Act requires every data controller (eg organisation) who is processing personal information to register with the ICO Appropriate DP registration for NHS business inc FOI Transfers outside EEA Public Register of Data Controllers NHS Unclassified– Slide 5 Data Protection Registration

6 Partners in improving local health Under the Data Protection Act, you must: only collect information that you need for a specific purpose keep it secure ensure it is relevant and up to date only hold as much as you need, and only for as long as you need it allow the subject of the information to see it on request Slide 6 Data Protection Principles

7 Partners in improving local health Requests for personal information (DP) Patients have rights to see their personal information. They can make a subject access request to see the personal information you hold about them. Subject access code of practice Access Aware toolkit for health Slide 7 DP Requests

8 Partners in improving local health Apply to the handling of patient-identifiable information: justify the purpose(s) of every proposed use or transfer don't use it unless it is absolutely necessary use the minimum necessary access to it should be on a strict need-to-know basis everyone with access to it should be aware of their responsibilities understand and comply with the law Duty to share information can be important as the duty to protect confidentiality Slide 8 Caldicott Principles

9 Partners in improving local health Requests for non confidential information (FOI) The Freedom of Information Act means that you must disclose official (NHS) information when people ask for it and reply within 20 working days. Slide 9 FOI Requests

10 Partners in improving local health GC21 Patient Confidentiality, Data Protection, Freedom of Information and Transparency Information Governance – General Responsibilities 21.1 The Parties acknowledge their respective obligations arising under FOIA, DPA and HRA, and under the common law duty of confidentiality, and must assist each other as necessary to enable each other to comply with these obligations. 21.2 The Provider must complete and publish an annual information governance assessment using the NHS Information Governance Toolkit and must achieve a minimum level 2 performance against all requirements in the relevant Toolkit. 21.3 The Provider must: 21.3.1 nominate an Information Governance Lead; 21.3.2 nominate a Caldicott Guardian and Senior Information Risk Owner, each of whom must be a member of the Provider’s Governing Body; 21.3.3 ensure that the Co-ordinating Commissioner is kept informed at all times of the identities and contact details of the Information Governance Lead, Caldicott Guardian and the Senior Information Risk Owner; and 21.3.4 ensure that NHS England and HSCIC are kept informed at all times of the identities and contact details of the Information Governance Lead, Caldicott Guardian and the Senior Information Risk Owner via the NHS Information Governance Toolkit. Slide 10 NHS Standard Contract

11 Partners in improving local health Comprehensive IG self-assessment (inc IT Security) Different versions for types of organisations Levels of compliance: –Level 1 = policy in place –Level 2 = policy implemented –Level 3 = implementation of policy audited All requirements level 2 (66%)= satisfactory NHS Unclassified– Slide 11 IG Toolkit - Overview

12 Partners in improving local health Requirement Description Guidance Attainment Levels Knowledge Base Resources Training Requirement Origins Slide 12 IGT Requirement Format

13 Partners in improving local health Slide 13 IGT Requirement Screenshot 1

14 Partners in improving local health Slide 14 IGT Requirement Screenshot 2

15 Partners in improving local health 13-304 Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use 13-316 There is an information asset register that includes all key information, software, hardware and services 13-317 Unauthorised access to the premises, equipment, records and other assets is prevented 13-318 The use of mobile computing systems is controlled, monitored and audited to ensure their correct operation and to prevent unauthorised access 13-319 There are documented plans and procedures to support business continuity in the event of power failures, system failures, natural disasters and other disruptions 13-320There are documented incident management and reporting procedures 13-321 There are appropriate procedures in place to manage access to computer-based information systems 13-325 Policy and procedures are in place to ensure that Information Communication Technology (ICT) networks operate securely Slide 15 IGT – IT Security Requirements

16 Partners in improving local health Level 1 - There is documented procedure for allocating and managing access to computer-based information systems. AA procedure has been documented that sets out how access to computer- based information systems will be allocated and managed. Evidence Required: Documented procedure. BResponsibility for allocating and removing access rights to the system has been assigned. Evidence Required: A named individual's job description, or a signed and dated note or e-mail assigning responsibility. CThe procedure has been approved by a senior member of staff. Evidence Required: Minutes of meetings, or in a document or email or a personal endorsement in writing from an appropriately senior manager. Slide 16 IGT Requirement 321

17 Partners in improving local health In Transit –NHS Mail –Encrypted attachment –Encrypted USB stick/mobile device At rest –Encrypted laptops/PCs in public areas Slide 17 Encryption

18 Partners in improving local health IG Toolkit https://nww.igt.hscic.gov.uk/ https://nww.igt.hscic.gov.uk/ Information Commissioners Office –(for Data Protection & FOI) https://ico.org.uk/ https://ico.org.uk/ –Data Protection Public Register https://ico.org.uk/esdwebpages/search https://ico.org.uk/esdwebpages/search NHS Guide to Caldicott & DP https://www.google.co.uk/?gfe_rd=ssl&ei=Z5TpVqfcDcGBaMm-pIgD#q=caldicott+principles https://www.google.co.uk/?gfe_rd=ssl&ei=Z5TpVqfcDcGBaMm-pIgD#q=caldicott+principles Encryption guidance –NHS use of http://systems.hscic.gov.uk/infogov/security/encryptionguide.pdf http://systems.hscic.gov.uk/infogov/security/encryptionguide.pdf –Implementation in the NHS http://systems.hscic.gov.uk/infogov/security/infrasec/iststatements/dataenc_html http://systems.hscic.gov.uk/infogov/security/infrasec/iststatements/dataenc_html NHS Unclassified– Slide 18 Useful Links

19 Partners in improving local health NHS Code of Practice on Information Security http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidanc e/DH_074142 NHS Mail – guidance on sending encrypted email to non-secure addresses http://systems.hscic.gov.uk/nhsmail/secure/senders.pdf Online IG Training https://www.igtt.hscic.gov.uk/ https://www.igtt.hscic.gov.uk/ NHS contract https://www.england.nhs.uk/nhs-standard-contract/ https://www.england.nhs.uk/nhs-standard-contract/ –(for IGT compliance statement) Slide 19 Useful Links - continued

20 Partners in improving local health Questions Slide 20

Download ppt "Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison."

Similar presentations

Nomination of IM&T Lead and Caldicott Guardian. Click hereClick here for guidance on the Caldicott Guardians Responsibilities. Work through the Information.

Nomination of IM&T Lead and Caldicott Guardian. Click hereClick here for guidance on the Caldicott Guardians Responsibilities. Work through the Information.
Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.

Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.
Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.

Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.
Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.

Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.
Information Governance Peter McKenzie Information Governance Manager NHS Tayside

Information Governance Peter McKenzie Information Governance Manager NHS Tayside
Information Governance. “ensuring the confidentiality, accuracy and availability of patient information” Why Information Governance?

Information Governance. “ensuring the confidentiality, accuracy and availability of patient information” Why Information Governance?
Document management Rev. Description Author Date 0.0 First draft

Document management Rev. Description Author Date 0.0 First draft
Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.

Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.
Freedom of Information Act 2000 and the PCT Audit Procedure Background: The Act was passed in November 2000. The Act will be fully in force by January.

Freedom of Information Act 2000 and the PCT Audit Procedure Background: The Act was passed in November The Act will be fully in force by January.
Information Governance – Who Cares? Alistair Stewart Information Governance Co-ordinator.

Information Governance – Who Cares? Alistair Stewart Information Governance Co-ordinator.
The International Security Standard

The International Security Standard
Clare Sanderson Executive Director of Information Governance The NHS Information Centre for health and social care.

Clare Sanderson Executive Director of Information Governance The NHS Information Centre for health and social care.
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Data Protection.

Data Protection.
Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.

Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.
Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.

Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Security Controls – What Works

Security Controls – What Works
Information Governance

Information Governance

Similar presentations

Ads by Google