Presentation is loading. Please wait.

Presentation is loading. Please wait.

Devon LMC workshop Kai Winterbottom, Group Manager, Good Practice Jonathan Kay, Lead Auditor, Good Practice Maria Dominey, Team Manager, Good Practice.

Published byAnne Cummings Modified over 8 years ago

Similar presentations

Presentation on theme: "Devon LMC workshop Kai Winterbottom, Group Manager, Good Practice Jonathan Kay, Lead Auditor, Good Practice Maria Dominey, Team Manager, Good Practice."— Presentation transcript:

1 Devon LMC workshop Kai Winterbottom, Group Manager, Good Practice Jonathan Kay, Lead Auditor, Good Practice Maria Dominey, Team Manager, Good Practice 22 April 2015

2

3

4 Dispel myths Objectives AlertTools

5 Data Protection Act 1998

6 Activity 1 Being the Regulator

7

8 Scenario A charity’s website has been hacked. Contact details such as names and telephone numbers have been obtained from the site. The charity estimates that up to 50 000 data subjects’ details may have been obtained. The charity have been unable to advise the ICO what technical security measures they had in place to keep the website secure as they say they do not know and had left it up to a third party IT company.

9 Further information received Further information has now been received by the ICO – the number of individuals affected is approx 10 000. The nature of the charity’s work has also been established - they provide advice and information about sexual health, contraception, abortion services, and similar related matters. The hacker is now threatening to publish the information.

10 And finally.. It has been confirmed that the data is just contact details as originally reported – names, tel. nos, DOBs and addresses - of individuals who have requested information from the charity. There is no contract in place with the IT company. Further investigation reveals that the hacker was easily able to gain access to the website and the data.

11 Decisions ?

12 Coffee Self assessment toolkit Back at your tables for 12.15 please!

13 Activity 2 Practice specific issues & concerns

14 Scenario themes Data sharing – what idea do surgeries have of the security processes which will apply to the information they are going to share? What assurances are requested or provided? Fair processing - GPs are the patient’s first point of contact and the face that they put on ‘the NHS’. This makes getting the right balance with fair processing difficult, but you’ll be the first person they complain to as well if it goes wrong… Faxes – remain in wide use in the healthcare sector, and represent a risk. Where safer alternatives exist they should be used, and where not, the risk should be minimized. Confidence – Consequences of a breach may not be being sued, or ‘liability’, but instead undermine patient confidence.

15 Scenario themes Access to records I – There is no such thing as a trivial breach of confidence. Systems should make it as difficult as possible, and should log activity. Staff should never be able to say that they did not understand or were not trained. Access to records II – the same processes that protect against a curious member of staff can help protect against an intruder, but basic security should reduce the opportunity for them. Access to records III – patient access to their records needs to be carefully managed, and with greater patient scrutiny of their records will come more challenges on accuracy.

16 Lunch Self assessment toolkit Back at your tables for 2.15pm please! 18 November 2014

17

18 I mplementing ICO guidance Practical tips

19 GP outcomes report Analysis of Advisory visits to multiple GP surgeries in 2013/14 GPs’ ongoing responsibility for ensuring appropriate contracts are in place with all third parties who process patient data on their behalf. Many arrangements were set up and managed by PCTs who no longer exist. Fair processing - GPs have to be especially careful their patients are aware of how and why their information is used and shared - especially in relation to websites – often the new ‘front desk’. Manage records storage and secure disposal of confidential waste.

20 GP outcomes report Unsecured USB ports creating a risk of unauthorised removal of personal data or introduction of malware and viruses to the network. Fax machines – policies and procedures vary, as does staff awareness, even though fax errors can produce serious breaches of the DPA and result in CMPs. Incident management often not geared towards IG breaches or reporting of these. Have in place processes for managing access control for leavers, especially where smartcards and NHS spine access is involved.

21 Community Healthcare report Analysis of Community providers’ Serious Incidents 2013/14 5 top tips – 1.Know what you have and where 2.Ensure staff awareness of basic security 3.Training 4.Guidelines for taking patient information off site 5.Central oversight of the records management

22 Community Healthcare report Have a consistent and properly-recorded means of disposing of confidential waste. Make sure that the risk of taking patient information off site is managed with appropriate controls Ensure that physical records are secure, and properly managed. If you must use Faxes, adopt a safe haven approach. If there are more secure alternatives, use those. Induction and training should be consistent and supported by checklists, procedures and other materials.

23 Guidance and resources

24 Dispel myths Objectives AlertTools

25 www.twitter.com/iconews Keep in touch Subscribe to news feeds, blogs or our e-newsletter at www.ico.gov.uk and find us on…

Download ppt "Devon LMC workshop Kai Winterbottom, Group Manager, Good Practice Jonathan Kay, Lead Auditor, Good Practice Maria Dominey, Team Manager, Good Practice."

Similar presentations

Re:Act Coordinating Virtual Team Matt Scott, MSW Amanda Brown, MSW.

Re:Act Coordinating Virtual Team Matt Scott, MSW Amanda Brown, MSW.
Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.

Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.
The Data Quality Team Information Governance Ext 8168 The Importance Of Data Quality High Data Quality is Important to: * Improve Patient Care * Reduce.

The Data Quality Team Information Governance Ext 8168 The Importance Of Data Quality High Data Quality is Important to: * Improve Patient Care * Reduce.
Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.

Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.
Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.

Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.
Speak Up and make the difference Presented by: Claire Batty, Policy Manager.

Speak Up and make the difference Presented by: Claire Batty, Policy Manager.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.

Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Primary Care: Working on a new set of standards

Primary Care: Working on a new set of standards
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.

Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.
Practical Information Management

Practical Information Management
Freedom of Information Workshop & Briefing 5 th March 2014 Welcome.

Freedom of Information Workshop & Briefing 5 th March 2014 Welcome.

Similar presentations

Ads by Google