Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incident Reporting Webinar Begins at 12.30

Published byArthur Brauer Modified over 6 years ago

Similar presentations

Presentation on theme: "Incident Reporting Webinar Begins at 12.30"— Presentation transcript:

1 Incident Reporting Webinar Begins at 12.30
Data Security and Protection Toolkit Incident Reporting Webinar Begins at 12.30 Presented by: John Hodson NHS Digital

2 Incident reporting For both GDPR Breach Reporting and Network and Information Systems incidents GDPR Breach  “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised. disclosure of, or access to, personal data transmitted, stored or otherwise processed” More than just data loss.

3 Data Security and Protection Toolkit in numbers
Active Users 8,900+ 33 development sprints completed 9,800+ active user organisations Feedback items Integrated GDPR + NIS Incident notification for streamlined automated reporting 3,500 GP Practices Registered 500 25 GP Practices have published Takes in account other recognised Certifications and systems 8 Bugs 336 GDPR Incidents Reported to ICO Reported and fixed

4 Incident Reporting Tool launched
Guidance published Worked with ICO DHSC, NHS England and NHS Guidance updates including guidance on annual reports. Any comments or suggestions about the guidance us on Launch Guidance Update to guidance typos/consistency etc.,

5 What is changing? The scoring system of SIRI has been changed
Level 2 is no longer the trigger for reporting Number of people effected not a sensitivity factor anymore Trigger for reporting is harm and impact Notification System not an Incident Management System. Explain previous and new IR process

6 Feedback Top requests for NHS organisations:
Withdraw / update facility Export the detail of the incident Add some text to an incident after notification. ICO An increased number of incidents are being reported. report-sharp-rise-in-complaints-after-gdpr

7 What is reportable ? ICO - The incident is assessed that it is (at least) likely that there is a risk to individual rights and freedoms (harm) and that the impact is (at least) minor. DHSC - The incident is assessed that it is (at least) likely that there is a risk to individual rights and freedoms (harm) and that the impact is (at least) serious. Where the 72 hours (real hours) deadline is not met an organisation must provide an explanation. Things to consider when thinking about whether you need to report:

8 Factors to consider Type of breach
Nature, sensitivity and volume of personal data How easy it would be identify the individuals Potential consequences Look at the examples at the back of the guidance.

9 What to report - not ideal
A patient letter was sent to the wrong address.

10 What to report - a bit better
A letter was sent to a single patient of the physiotherapy service on 10 August. It has come to light that this was sent to the wrong address. The letter was opened, and all of the information included in the letter was read by another person who had no reason to view this data. The letter has been sent back to the Trust and returned to the department.

11 What to report - A bit better
A physiotherapy appointment letter was sent from the Hospital dated 10 of August. This letter contained demographic details of the patient, a summary of the medical condition of the patient, a brief patient history and a list of other appointment’s that the patient has in the next few months as a reminder. This will contain sensitive personal information. The person who opened the letter has the same surname as the patient and may be a family member. An initial investigation has identified that this was an individually typed letter so the issue is unlikely to be replicated widely across the service. It was individual letter as the appointment was being rearranged. As the patient didn’t receive information about the appointment they missed their appointment, so it will have to be rearranged delaying the start of their treatment. The DPO , Caldicott Guardian have been informed and the incident has been recorded on the internal incident reporting system. We are speaking to the Physio service manager and the patient to provide the earliest possible appointment to minimise the impact. We have spoken to the patient to explain what has happened and apologies. A written apology is also being drafted to be signed by the Head of Service. Key contacts for the incident is

12

Download ppt "Incident Reporting Webinar Begins at 12.30"

Similar presentations

1 CIFTclinic 1.1 Software for Clinics. 2 CIFTclinic Software for Medical Clinics, which addresses the requirements of practicing doctors to automate Medical.

1 CIFTclinic 1.1 Software for Clinics. 2 CIFTclinic Software for Medical Clinics, which addresses the requirements of practicing doctors to automate Medical.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.

AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
NHS Accessible Information Standard Provider Forum Briefing Carol Williams Adult Social Care Practice and Safeguarding Team 3 May 2016.

NHS Accessible Information Standard Provider Forum Briefing Carol Williams Adult Social Care Practice and Safeguarding Team 3 May 2016.
Information Governance A refresher for all staff who have previously gone through the full course.

Information Governance A refresher for all staff who have previously gone through the full course.
REFLECT: Recovery Following Intensive Care Treatment

REFLECT: Recovery Following Intensive Care Treatment
Information Governance Support Information Governance Services

Information Governance Support Information Governance Services
Running a Privacy Impact Assessment (PIA)

Running a Privacy Impact Assessment (PIA)
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – What’s it all about???

GDPR – What’s it all about???
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation (GDPR

General Data Protection Regulation (GDPR
General Data Protection Regulation

General Data Protection Regulation
Running a Privacy Impact Assessment (PIA)

Running a Privacy Impact Assessment (PIA)
About the national data opt-out

About the national data opt-out
Service-centric policies – Update (NA3.2)

Service-centric policies – Update (NA3.2)
INTRODUCTION TO GDPR 19/09/2018.

INTRODUCTION TO GDPR 19/09/2018.
The session will commence at Please mute your microphone

The session will commence at Please mute your microphone

Similar presentations

Ads by Google