Devon LMC workshop Kai Winterbottom, Group Manager, Good Practice Jonathan Kay, Lead Auditor, Good Practice Maria Dominey, Team Manager, Good Practice.

Slides:



Advertisements
Similar presentations
Re:Act Coordinating Virtual Team Matt Scott, MSW Amanda Brown, MSW.
Advertisements

Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.
The Data Quality Team Information Governance Ext 8168 The Importance Of Data Quality High Data Quality is Important to: * Improve Patient Care * Reduce.
Introduction to Information Governance (IG)
Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.
Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.
Speak Up and make the difference Presented by: Claire Batty, Policy Manager.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
The Data Protection (Jersey) Law 2005.
Data Protection.
Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Primary Care: Working on a new set of standards
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.
Practical Information Management
Freedom of Information Workshop & Briefing 5 th March 2014 Welcome.
COMPLAINING ON BEHALF OF SOMEONE ELSE Please note that LEICESTER MEDICAL GROUP keeps strictly to the rules of medical confidentiality. If you are complaining.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Business Continuity Guide EPS 2 NHS Sussex V0.2 25/06/2012.
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.
NHS England & Customer Contact Centre FOI Introduction 2013.
Care.Data an ICO Update EMIS National User Group Conference East Midlands Conference Centre Nottingham 3 rd October 2013 Lynne Shackley Lead Policy Officer.
Can technology save the NHS? An alternative view Cleveland Henry, Delivery Director, NHS Choices 2 June 2015.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
1 Final Version© Ipsos MORI Final Version Evaluation of Adult Cancer Aftercare Services Quantitative and Qualitative Service Evaluation for NHS Improvement.
SOCIAL PRESCRIBING WORKSHOP 4 th December Social prescribing in Bexley Funded by CCG and Council Lots of support politically Initial pilot in Clocktower.
PROVIDER FORUM BOSTON 13 th October 2009 Advocacy in Lincolnshire.
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.
Data Protection and Elected Members A Round Table Event From Bradford Council and iNetwork The Banqueting Hall, Bradford 11 th November 2013 Useful links.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
Public Protection Unit (PPU). Division B… PPU PPU workstreams Suicide prevention Mental health Youth welfare Sexual offences Domestic Violence Antisocial.
25th April 2006Southend-on-Sea PCT1 Healthcare Core Standards ANNUAL HEALTHCHECK Final Declaration 4 th May ’06 Community Services Scrutiny Committee
Training for New DLPs 23 rd April Prayer Colette Stevenson.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.
©PCaW CIPFA NW Audit Risk and Governance Group 9 October 2015.
Improving Lives In Our Communities Records Management CQC Inspection Alan Ferguson: Records Manager & Quality Facilitator Records Management CQC Briefing.
Complaints in General Practice SHAHKUR SHABIR GP HALF DAY RELEASE PRESENTATION 2 nd March 2011.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Community surgery : staying out of trouble. Miss Nicola Lennard : 12 June 2015:
Data protection for commissioners Vicky Cetinkaya, Senior Policy Officer, Strategic Liaison Katie Hanrahan, Lead Auditor, Good Practice 2 July 2015.
Collaborative Working & Best Practice A Seminar by the Public Services Ombudsman for Wales.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Incident Report Form Training Presentation Risk Department 6 Sterne Road Tatchbury Mount Calmore SO40 2RZ
Datix Training Submitting an issue/incident. Datix System This is an online system which allows practices to report an incident or quality issue to the.
The Evolving IG Lead Role Phil Walker IGA. The IG Lead Role I am constantly surprised by the breadth and variety of work undertaken by IG Leads, but there.
January 2009: PRS Template Presentation PRS for Music Code of Conduct.
Training for organisations participating in Peer Review of Paediatric Diabetes.
Middle Managers Workshop 2: Measuring Progress. An opportunity for middle managers… Two linked workshops exploring what it means to implement the Act.
Information Governance A refresher for all staff who have previously gone through the full course.
Making the Connection ISO Master Class An Overview.
Non-contentious disposals
Consent, Capacity and Confidentiality
Medicines Management Tips & Preparing for your CQC Inspection with Gerry Devine Practice Management Advisor.
Collaborative Working & Best Practice
The session will commence at Please mute your microphone
Information Governance
G.D.P.R General Data Protection Regulations
Information for Patients Please return to reception
Keeping your data, money & reputation safe
Detecting, reporting & investigating data breaches under GDPR
Collaborative Working & Best Practice
Academy Medical Centre
The Early Help Assessment Journey. How to Assure a Quality Journey.
Medicines in Adult Social Care Care homes & Care at Home
The Early Help Assessment Journey. How to Assure a Quality Journey.
Presentation transcript:

Devon LMC workshop Kai Winterbottom, Group Manager, Good Practice Jonathan Kay, Lead Auditor, Good Practice Maria Dominey, Team Manager, Good Practice 22 April 2015

Dispel myths Objectives AlertTools

Data Protection Act 1998

Activity 1 Being the Regulator

Scenario A charity’s website has been hacked. Contact details such as names and telephone numbers have been obtained from the site. The charity estimates that up to data subjects’ details may have been obtained. The charity have been unable to advise the ICO what technical security measures they had in place to keep the website secure as they say they do not know and had left it up to a third party IT company.

Further information received Further information has now been received by the ICO – the number of individuals affected is approx The nature of the charity’s work has also been established - they provide advice and information about sexual health, contraception, abortion services, and similar related matters. The hacker is now threatening to publish the information.

And finally.. It has been confirmed that the data is just contact details as originally reported – names, tel. nos, DOBs and addresses - of individuals who have requested information from the charity. There is no contract in place with the IT company. Further investigation reveals that the hacker was easily able to gain access to the website and the data.

Decisions ?

Coffee Self assessment toolkit Back at your tables for please!

Activity 2 Practice specific issues & concerns

Scenario themes Data sharing – what idea do surgeries have of the security processes which will apply to the information they are going to share? What assurances are requested or provided? Fair processing - GPs are the patient’s first point of contact and the face that they put on ‘the NHS’. This makes getting the right balance with fair processing difficult, but you’ll be the first person they complain to as well if it goes wrong… Faxes – remain in wide use in the healthcare sector, and represent a risk. Where safer alternatives exist they should be used, and where not, the risk should be minimized. Confidence – Consequences of a breach may not be being sued, or ‘liability’, but instead undermine patient confidence.

Scenario themes Access to records I – There is no such thing as a trivial breach of confidence. Systems should make it as difficult as possible, and should log activity. Staff should never be able to say that they did not understand or were not trained. Access to records II – the same processes that protect against a curious member of staff can help protect against an intruder, but basic security should reduce the opportunity for them. Access to records III – patient access to their records needs to be carefully managed, and with greater patient scrutiny of their records will come more challenges on accuracy.

Lunch Self assessment toolkit Back at your tables for 2.15pm please! 18 November 2014

I mplementing ICO guidance Practical tips

GP outcomes report Analysis of Advisory visits to multiple GP surgeries in 2013/14 GPs’ ongoing responsibility for ensuring appropriate contracts are in place with all third parties who process patient data on their behalf. Many arrangements were set up and managed by PCTs who no longer exist. Fair processing - GPs have to be especially careful their patients are aware of how and why their information is used and shared - especially in relation to websites – often the new ‘front desk’. Manage records storage and secure disposal of confidential waste.

GP outcomes report Unsecured USB ports creating a risk of unauthorised removal of personal data or introduction of malware and viruses to the network. Fax machines – policies and procedures vary, as does staff awareness, even though fax errors can produce serious breaches of the DPA and result in CMPs. Incident management often not geared towards IG breaches or reporting of these. Have in place processes for managing access control for leavers, especially where smartcards and NHS spine access is involved.

Community Healthcare report Analysis of Community providers’ Serious Incidents 2013/14 5 top tips – 1.Know what you have and where 2.Ensure staff awareness of basic security 3.Training 4.Guidelines for taking patient information off site 5.Central oversight of the records management

Community Healthcare report Have a consistent and properly-recorded means of disposing of confidential waste. Make sure that the risk of taking patient information off site is managed with appropriate controls Ensure that physical records are secure, and properly managed. If you must use Faxes, adopt a safe haven approach. If there are more secure alternatives, use those. Induction and training should be consistent and supported by checklists, procedures and other materials.

Guidance and resources

Dispel myths Objectives AlertTools

Keep in touch Subscribe to news feeds, blogs or our e-newsletter at and find us on…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.