Secure Standard Introduction for Health and Social Care Organisations

Slides:



Advertisements
Similar presentations
A Joint Code of Practice Objectives and Summary Presentation
Advertisements

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Secure Standard Introduction for Health and Social Care Organisations 09 June 2014 Clive Star 1.
Secure Standard Introduction for IT Suppliers 09 June 2014 Clive Star 1.
Common Assessment Framework for Adults Demonstrator Site Programme Event to Support Expressions of Interest.
Future of Payment by Results (PbR) PCT network – 19 Feb 2007.
Conformity Assessment Practical Implications InterAgency Committee on Standards Policy June 2007 Gordon Gillerman Conformity Assessment Advisor Homeland.
1 GCSX and NHS Anna Smith Implementation & Service Delivery Manager, Government Connect October 2010.
First Practice - Information Security Management System Implementation and ISO Certification.
Information Governance in Commissioning Mental Health Commissioners Collaborative.
NHS England & Customer Contact Centre FOI Introduction 2013.
ISO. ISO 9000 is a family of standards for quality management systems. ISO 9000 is maintained by ISO, the International Organization for Standardization.
WHY CONFORMITY ASSESSMENT?. What is conformity assessment?  Conformity assessment is the name given to processes that are used to demonstrate that a.
Certification Approaches EAC Meeting Miami, FL August 2008 Gordon Gillerman Conformity Assessment Advisor Homeland Security National Institute of Standards.
2008 New York - Member Forum Council for Responsible Jewellery Practices, Ltd. Overview of CRJP.
© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.
HIT Policy Committee Information Exchange Workgroup NwHIN Conditions for Trusted Exchange Request For Information (RFI) May 15,
Workshop BEWAG Entity in charge of Maintenance Brussels, 01 st of December /11/2010J-M DECHAMPS.
NHS Connecting for Health A National Framework For Implementing Electronic SAP Summary of Recommendations.
1 Understanding CQC registration Summer Introduction to CQC.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
DICOM and ISO/TC215 Hidenori Shinoda Charles Parisot.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Improving the IG Toolkit (IGAF 2) presented by Mark Reynolds SCCI, September 2015.
Secure into Care Homes Toolkit October 2015.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
Internal Auditing ISO 9001:2015
Phil Mason, who made £1million in the timber industry by the age of 25.
Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison.
Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
International Organization for Standardization Develops voluntary standards to help promote international trade Network of national standards bodies Has.
Articulate the major security risks and legal compliance issues for a Fire and Rescue Service. Identify and justify technical controls for securing remote.
Software Process Improvement Initiative
NHSmail: social care overview
Secure Standard Introduction for IT Suppliers
Introduction to the Federal Defense Acquisition Regulation
GDPR Awareness and Training Workshop
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Technology in care homes -
The session will commence at Please mute your microphone
The session will commence at Please mute your microphone
The session will commence at Please mute your microphone
Data Security Protection Toolkit – Overview
The session will commence at Please mute your microphone
Data Security and Protection Toolkit
The session will commence at Please mute your microphone
Standard of Electronic Health Record
Data Security and Protection Toolkit
NextGen Access Control Platform
Data Security Protection Toolkit – Top Tips
NHSmail and HSCN Lorraine Amor
The session will commence at Please mute your microphone
Premises Assurance Model
The session will commence at Please mute your microphone
IT & Security Training Skills.
Our New Integrated Business Management System [“IMS”]
Outline of the Norms and Standards Regulations applicable to Different Categories of Health Establishments 30 October 2018.
Working in Collaboration across the Health and Care System
The session will commence at Please mute your microphone
Information Governance
ISO
DSC Contract Management Committee Meeting
ISO 9001.
Internet First presented by Gill Foley Engagement Lead.
Introduction to the PACS Security
NHS Digital Katie Thorn: nhs.mail Accounts for Social Care Providers.
Better Information sharing?
The ARTC Safety Management System Presentation 1/3
Data Security and Protection Toolkit Assurance 2018/19
Presentation transcript:

Secure Email Standard Introduction for Health and Social Care Organisations 09 June 2014 Clive Star

Background Developed to support the secure exchange of sensitive information between Health and Social Care Organisations using secure email services Builds on the Information Governance Toolkit organisations already complete with some additional enhancements on a few of the individual baseline controls Developed with a potential to step up to meet Public Sector accreditation requirements

Scope Applies to health, public health & social care organisations in England Under the 2012 Health Act, organisations must have “due regard” for standard Standard covers email services for personal and sensitive data only

The Specification The Secure email standard is available at: http://www.isb.nhs.uk/documents/isb-1596/amd-34-2012 Contains: The Information Standards Notice The Specification The Baseline Control Set

Principles Aligned to ISO 27001 Independent accreditation Supports insourced and outsourced systems Organisation compliance System/Service provider compliance Clinical safety approval for the email service Organisations with Public Sector (HMG) certification do not need to accredit to this standard as well

Health & Care Conformance Evidence of a security risk assessment for the email service i.e. to consider whether is contains personal & sensitive data or not One of either the Information Governance Toolkit (IGT) / Public Services Network (PSN) Code of Connection or an Information Security Management System (ISMS) conforming to ISO 27001 Published policies and procedures for the use of secure email using mobile devices Evidence provided by the email service provider that they have met this standard. Clinical safety approval for the email service Published policies for the use of email with insecure systems

Interoperability - How it will work Secure email will communicate via the Government Secure Intranet (GSi) / PSN infrastructure All email services will need to conform to pan-government standards The HSCIC will create and administer 3 domains: @orgname.nhs.net / @nhs.net – NHSmail @orgname.secure.nhs.uk – Secure NHS systems TBC – Secure care systems

IT Services that meet the Standard Health and Social Care using .nhs.net - NHSmail Local Government / Social Services .gcsx.gov.uk Central Government .gsi.gov.uk, .gse.gov.uk, gsx.gov.uk Criminal and Justice .cjsm.net, .scn.gov.uk, .pnn.police.uk Military .mod.uk http://systems.hscic.gov.uk/nhsmail/secure

Next Steps Determine if your email service contains personal or sensitive data Register with nhs-mail2@nhs.net so we can include you in future targeted updates Seek evidence of conformance to health & care requirements Ensure email service conforms to supplier aspects of standards. If you host your own email you are the supplier Self-certify conformance. Good practice is to publish this, as with NHSmail: (http://systems.hscic.gov.uk/nhsmail/emailstandards).