Clare Sanderson Executive Director of Information Governance The NHS Information Centre for health and social care.

Slides:



Advertisements
Similar presentations
The RCP Health Research Support Service (HRSS) The approach to transitioning the HRSS Governance Framework : Presentation for the National Information.
Advertisements

NIGB NATIONAL INFORMATION GOVERNANCE BOARD Harry Cayton, Chair, National Information Governance Board.
The Mental Capacity Act and Deprivation of Liberty Safeguards Implications for Commissioners and Care Providers Bruce Bradshaw Patient Experience Manager.
Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.
Working with Information Governance
Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.
Introduction to Information Governance (IG)
Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.
Information Governance. “ensuring the confidentiality, accuracy and availability of patient information” Why Information Governance?
Document management Rev. Description Author Date 0.0 First draft
Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.
Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.
Health Records Management Practitioner
Southern Institute for Health Informatics Portsmouth 5 th September Dame Fiona Caldicott The power of information – sharing for patients and wider society.
Information: to share or not to share? BCS HC 2012 Conference London 2 nd May Dame Fiona Caldicott.
Child Safeguarding Standards
Information Governance – Who Cares? Alistair Stewart Information Governance Co-ordinator.
Confidentiality & Records Management. What is Information Governance? What is Records Management?
Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.
Managing the Performance of Homecare Medicines Services Jane Kelly, Procurement Project Pharmacist Mick Butterfield, Specialist Technician: Homecare Medicines.
The situation The requirements The benefits What’s needed to make it work How to move forward.
Data Linkage Service Garry Coleman, Health and Social Care Information Centre.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works
Information Governance in Commissioning Mental Health Commissioners Collaborative.
Promoting Excellence in Family Medicine Enabling Patients to Access Electronic Health Records Guidance for Health Professionals.
Session 3 – Information Security Policies
24 th April 2013 Scottish Accord Information Sharing Protocols (SASPI) Dr Edward Coyle Director of Public Health, NHS Fife Chair of Caldicott Guardian.
1 CHCOHS312A Follow safety procedures for direct care work.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
National Standards for Safer Better Healthcare
Safeguarding Adults Board 6 th Annual Conference Adult Safeguarding and the NHS Alison Knowles Commissioning Director NHS England, West Yorkshire.
Clinical Audit for Board Assurance Anne H Lawson Director of Governance – HDFT Visiting Fellow – Loughborough University.
Organ donation Peter Bishop Clinical lead for organ donation.
The Policy Company Limited © Control of Infection.
Advancing Quality in Primary Care – What is Quality Improvement? 10 March 2011 Powys THB/IRH Paul Myres- Chair Primary Care Quality Forum.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
A Regional Approach to Improvement Julie Branter Associate Director for Clinical Governance and Patient Safety 21 September 2010 South West Strategic Health.
Patient Safety Friendly Hospital Intiative Purpose Implementation of a set of patient safety standards in hospitals Implementation of a set of patient.
Your Ambulance Service Foundation Trust Consultation.
COMMISSIONING DEVELOPMENT PROGRAMME NHS CB Establishment Programme – Primary Care Commissioning Sam Illingworth – Dental, Pharmacy and Optometry Lead NHSCB.
1 GOVERNANCE in COMMUNITY ORGANISATIONS Community Solutions- NESB Community Safety Development and Coordination Project Auspiced by Illawarra Forum Inc.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
CALDICOTT PRESENTATION. History Caldicott report published in 1997 and implemented in 1999 Inquiry chaired by Dame Fiona Caldicott.
Access to data for local authority public health AGW Public Health Network Training Event: Public Health Data, Information and Intelligence 11 th November.
We are a group of national health and care organisations working together to provide a joined up and consistent approach to information governance. We.
SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.
Maximising professionalism Module 6. Contents The tasks The roles The collaboration between staff The communication between staff and patients The physical.
Selling Your Service – Creating and promoting your Records Management Policy James Sparrock Tuesday 19 th March 2013.
What data are available, and how are they accessed?
Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Information Sharing for Integrated Care A 5 Step Blueprint.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
The Evolving IG Lead Role Phil Walker IGA. The IG Lead Role I am constantly surprised by the breadth and variety of work undertaken by IG Leads, but there.
Sharing Personal Information Programme Wales Accord on the Sharing of Personal Information (WASPI) for organisations involved in the protection, safety,
 Pharmaceutical Care is a patient-centered, outcomes oriented pharmacy practice that requires the pharmacist to work in concert with the patient and.
What data are available, and how are they accessed?
Powered down?. Every Child Matters: Children and young people have told us that 5 outcomes are key to well-being in childhood and later life – Being healthy,
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
Data access for public health, the current position, next steps and implications of Caldicott 1 Presented by Andy Sutherland.
Information Governance A refresher for all staff who have previously gone through the full course.
IGA Conference Tuesday 22 November 2016
Information Sharing for Integrated care A 5 Step Blueprint
About the national data opt-out
The session will commence at Please mute your microphone
Patient Safety Friendly Hospital Intiative
Data Security and Protection Toolkit Assurance 2018/19
About the national data opt-out
Presentation transcript:

Clare Sanderson Executive Director of Information Governance The NHS Information Centre for health and social care

Agenda The NHS Information Centre for Health and Social Care Who we are What we do Protecting Patient Confidentiality Information Governance Controls What

Who we are Established in 2005,The NHS Information Centre is the central authoritative source of health and social care information, acting as a ‘hub’ for high-quality, national and local, comparative data for all ‘secondary uses’

Our products and services The NHS Information Centre provide a wealth of products and services to help commissioners and providers improve patient and client care within the following areas: Workforce Finance and performance Social care Commissioning Clinical Public Health Our products and services

What we do for Research Medical Research Information Service Current status Long term follow up List Cleaning Studies include: The Million Women Study Mortality of Gulf War Veterans Avon Longitudinal Study of Parents and Children (ALSPAC!!!)

What we do for Research Trusted Data Linkage Service Data Linkage Services Linkage to Hospital Episode Statistics & ONS Death data Pseudonymisation Services Data linkage studies include: Linking data on road traffic accidents to HES Linking hospital prescribing data to HES Lining GP data to HES & ONS

Patient Confidentiality – why bother? Confidentiality is fundamental to medical practice Enshrined in the hippocratic oath and international laws The patient/ health care professional relationship is based on trust

Headlines that worry the public 'Unacceptable' level of data loss – NHS ‘worst offenders’ says Information Commissioner THE Daily Planet Prime Minister Gordon Brown has said he "profoundly regrets" the loss of 25 million child benefit records Over twenty years worth of personal information relating to workers at Queen Mary's Hospital in Sidcup has gone missing. A hospital trust in Cambridgeshire has been ordered to tighten security after a memory stick with medical treatment details of 741 patients went missing. The information commissioner has told the NHS to improve its data security, after breaches involving the loss of thousands of personal medical records

The ‘Confidentiality Continuum’ Patient Identifiable Data Effectively Anonymised Data Explicit Patient Consent / Section 251 support De-identified / Pseudonymised / technology protected data Terms and conditions to protect & control use Publicly available

Section 251 Support – for NHS data in England Allows the Secretary of State for Health to make regulations to set aside the common law duty of confidentiality for medical purposes where it is not possible to use anonymised information and where seeking individual consent is not practicable.

Requirements for Section 251 Support  Details of the Organisation  Details of the data required, what is to be done with it and for what purpose  Justification for using patient identifiable data  How the proposed use of the data will improve patient care or serve the wider public interest  Justification for not obtaining patient consent  Involvement of other stakeholders  Details of security and audit measures used to secure access to, and limit use of, patient identifiable information  Details of system security  Details of the exit strategy !

Legal Compliance in England Common Law Duty of Confidentiality National Health Service Act 2006 Data Protection Act 1998 The Human Rights Act 1998 Freedom of Information Act 2000 ??? Copyright Designs and Patents Act 1988 Re-Use of Public Sector Information Regulations 2005

What is Information Governance? “the structures, policies and practice of the DH, the NHS and its suppliers to ensure the confidentiality and security of all records, and especially patient records, and to enable the ethical use of them for the benefit of individual patients and the public good”.

Information Governance Framework In Collaboration with the Research Capability Programme

IG Framework Themes Organisational - standards that provide assurance that the organisations have good and reliable internal processes Security - standards that apply to processing, storing, reporting and transmitting information Service - standards that apply to key processes such as linkage and pseudonymisation Developmental – progress toward compliance with Internationally recognised standards

Organisational Theme Annually reviewed, board approved IG policies Appropriate job specific IG training Documented process for serious security incidents Assigned responsibility for DPA Processes to support confidential service Caldicott Guardian and resourced Caldicott function Contracts include IG requirements and staff understand Access to PID controlled, monitored and audited Appropriate disaster recovery plans Business continuity plans for business critical systems Evidence required: IGT 112 Level Level level 3 and / or Training programme and attendance lists Measures to evaluate training effectiveness Reviews and update of materials Appropriate training for information quality and records management staff Quality system training for all staff Confidentiality and security training for all staff

IG Toolkit v9 Includes a new organisation type – Hosted Secondary Use Team Total of 14 requirements for this type For each requirement:  Identifies the requirement  Describes the background  Provides a knowledge base for achieving target  Three levels of achievement  Overall achievement measured through % score

Hosted Secondary Use Team Responsibility for IG assigned to an appropriate member of staff IG policy for overall requirements of IG All contracts clearly identify IG responsibilities All staff trained appropriately on IG PID only used lawfully & dissent treated appropriately Confidentiality audit monitors access to PID PID outside UK complies with the DPA & DH policy Transfer of PID & sensitive information is secure Security of mobile computing & teleworking Availability of information asset register Security of premises, equipment, records & assets Incident management & reporting Pseudonymisation & anonymisation used where appropriate Presence of Safe Haven Ensure that appropriate IG training is made available to all staff, including temps, locums and volunteers. There should be a clearly documented and communicated process for making all staff aware of the availability and importance of training. NHS IG Training Tool provides a valuable base. It comprises a structured e-learning programme with Introductory, Foundation and Practitioner level modules covering all aspects of IG. Exemplar materials include guidance available for use in training – e.g. Information Security - NHS Code of practice. Training scenarios provided for local adoption / adaption Achievement Level 0 – no evidence 1 – appropriate training provided inc induction for starters 2 - All staff have completed IG training & training needs are regularly reviewed 3 - Staff understanding of IG tested & support provided where needs are identified. Training provision is regularly reviewed.

What is the Alternative? Use of ‘Honest Broker’ Services including: Anonymisation Services Pseudonymisation Services De-pseudonymisation Services Derivation services Cohort management s 251 Application Support (where applicable) Data linkage services – deterministic / probabilistic Data sets management and expertise……..

Any Questions?

Security Theme Ability to detect and remove malicious code Secure operation of communications networks Secure and structured implementation of new assets Secure mobile working Controlled, audited access to PID New processes comply with confidentiality and DPA requirements

Security Theme ctd Independently audited Information Risk assessment & Management Formal Information Risk hierarchy Documented data flows for PID Safe Haven procedures implemented Effective management & control of software assets Effective encryption of PID Appropriate asset access control with regular reviews

Service Theme Confidentiality of PID protected through de-identification techniques Appropriate standard of data linkage adopted Documented records Management processes Board consideration of ethics and validity of research question Robust legal basis for processing IG included in contractual arrangements Board agreed protocol for sharing PID ALL PID processed outside EU complies with DPA; DH etc Documented and and available FOI process

Developmental Theme Organisational commitment to achieving: ISO Information Security Management Highest standards of business continuity and disaster recovery ISO IT service management Part 1 ISO9000 – Quality Management Code of Practice Development of new standards when required

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.