Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to the Summary Care Record (SCR)

Published byBertram Knight Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to the Summary Care Record (SCR)"— Presentation transcript:

1 Introduction to the Summary Care Record (SCR)
Privacy Officer Module Privacy Officer v

2 Investigation & Escalation
Contents Introduction Alerts Investigation & Escalation Summary

3 Introduction

4 Introduction This Privacy Officer module:
Is intended to build on information previously covered in the core and viewing modules Is designed for all staff with the responsibility of monitoring alerts and auditing viewing activity Summarises how to monitor alerts and audit viewing activity Home

5 Consent and Patient Choice Recap
Creation of an SCR: Patient can opt out or in at any time as often as they like Viewing SCRs: The patient asked permission to view before health professional can access their SCR Emergency Access is available to some users if permission cannot be obtained e.g. the patient is unconscious or confused Alerts are generated when Emergency Access is used A Privacy Officer needs to monitor these alerts Home

6 Privacy Officer Role and Responsibilities
The Privacy Officer role can be: Specifically for the purpose of SCR; or Incorporated into the existing IG function of an organisation The Privacy Officer should: Receive alert notifications Investigate alerts e.g. matching a self claimed LR alert to the local record of patient care or identifying unusual patterns of Emergency Accesses Escalate inappropriate accesses Ensure local IG processes incorporate SCR viewing activity e.g. Information Governance Policy, Confidentiality Policy Home

7 Alerts

8 Alert Generation Alerts will be generated when a healthcare staff member views an SCR and that action needs to be verified and/or investigated Alerts will identify the patient whose record has been viewed and the user that has viewed the record The following actions will generate an alert: Use of clinician self claimed LR Use of Emergency Access Home

9 SCR Legitimate Relationships (LRs)
Safeguarding records and ensuring staff only access records with a clinical need Patient self referred LR – confirmed by a different user to that viewing the SCR (e.g. call handler & clinician) NO IG ALERT IS GENERATED = NO PO WORK Clinician self claimed LR – a clinician confirms the relationship individually AN ALERT IS GENERATED EVERY TIME = PO WORK Home

10 Monitoring Alerts When an alert is generated, a notification will be created and sent to the person responsible for monitoring the alerts These notifications can be switched off (using the Spine User Directory or SUD) and reports should be run instead on a regular basis for monitoring and investigation The tool for monitoring and managing alerts is called the Alert Viewer Each organisation must ensure that they have a nominated responsible officer (normally the Privacy Officer), with the correct RBAC on their smartcard, to access this tool and manage the alert process Home

11 Alert Types Please note the name change of SCR override Alerts to Access Alert in Spine 2 All of the alert types will need to be managed but some are more common than others How they will be managed will be decided by the local organisations IG policies and procedures Create LR (Self Claimed) The alert is generated automatically when a user of the SCRa 2 uses their smartcard role to self claim access to the SCR. Dissent Override This Alert is triggered when a user activates the Emergency Access option in Non SCRa software. As best practice the user(s) should have entered some supplementary justification text in the free text box. Sensitive Data The alert is generated when an attempt is made to access S-Flagged patients demographics. S-flagged or Sensitive flagged records are records that have previously been marked to protect the patient e.g. witness protection Stop Noted Record Access ? Access Alert This Alert is triggered when a user activates the Emergency Access option and also if Access for Other reasons is used. As best practice user(s) should have entered some supplementary justification text in the free text box.

12 Alert Notification Text
Subject: Alert Notification urn:nhs:names:services:lrs: Create LR (Self Claimed) alert on 19-Jun :33:20 by This will be the site code Alert Id: 7E07F1A7-A924-4FF1-B8A9-D44FFA4FCB72 This message is sent automatically based on information held on the Spine user directory. To stop receiving alerts, please contact your local Spine administrator. Please do not reply to this .

13 Investigating Alerts IG alerts can be viewed using the TES Alert Viewer which enables: The recording and storage of IG alerts with the capability to search, view and close alerts The generation of IG alert notifications TES Alert Viewer is accessed using the Spine Portal or directly from the desktop Access is granted as part of the Privacy Officer RBAC role Home

14 Investigation & Escalation

15 Example Business Processes for POs
Business processes are needed for the Privacy Officer to define how to investigate alerts The following activities need to included in these processes: Receiving notifications or running reports Investigating alerts e.g. matching a self claimed LR alert to the local record or identifying unusual patterns of accesses Escalating inappropriate accesses to relevant parties Closing and updating the alert status Home

16 Example Business Process
Home

17 Auditing SCR Activities
NHS trusts are responsible for auditing accesses to their records and for providing responses to queries from patients requesting details of who has accessed their record Required by Care Record Guarantee In order to run audit reports for SCR viewing activity, Privacy Officers can use: The Spine Reporting Service (SRS) if the viewing system was SCRa (accessed via the Spine Portal) Reports on the host system if the viewing system was an integrated solution e.g. Adastra or Ascribe Symphony Home

18 Access is granted as part of the Privacy Officer RBAC role
Audit Reports When the viewing system is SCRa 2, audit Subject Access reports are available including: Users that have accessed a specific record Records accessed by a specific user Transaction detail report Access is granted as part of the Privacy Officer RBAC role Users that have accessed a specific record- these reports can be used if a patient reports suspected inappropriate accesses of their record Records accessed by a specific user - these reports can be used to monitor the viewing activity of specific users e.g. if a confidentiality breach was found and further investigation was required Transaction detail report - provides full details of Spine activities within specified search criteria and are much more detailed than those noted above e.g. PDS traces, SCR viewing Home

19 Summary

20 End to End Processes Users view SCRs by:
Creating a Legitimate Relationship (LR) Requesting Permission to View (PTV) Alert generated when: LR self claimed PTV over-ridden Privacy Officer investigates and manages alerts using TES Alert Viewer Privacy Officer can audit viewing activity using ERS or audit reporting functionality in integrated systems Home

21 Privacy Officer RBAC Role
S8002 : G8003 : R0001 Admin and Clerical : Admin and Clerical : Privacy Officer Activities : B Receive Self Claimed LR Alerts B Receive Legal Override and Emergency View Alerts B0018 – Receive Seal alerts Home

22 Email Notification in SUD

23 Additional Information
SCR IG Pages TES Alert Viewer user guides Authentication and Role Based Access Control Home

Download ppt "Introduction to the Summary Care Record (SCR)"

Similar presentations

Introduction to the Summary Care Record (SCR) GP Module SCR Concept Training GP Module Self Run v1.0 01-04-11.

Introduction to the Summary Care Record (SCR) GP Module SCR Concept Training GP Module Self Run v
GP2GP Electronic health record transfer 1. What is GP2GP? GP2GP is a software application that can be used to transfer a patient’s electronic health record.

GP2GP Electronic health record transfer 1. What is GP2GP? GP2GP is a software application that can be used to transfer a patient’s electronic health record.
© National Programme for Information Technology, London, 2004. All rights reserved. British Computer Society The Care Record Service and Information Governance.

© National Programme for Information Technology, London, All rights reserved. British Computer Society The Care Record Service and Information Governance.
Information Governance - Supporting National Systems ASSIST North West Branch Event Wrightington Conference Centre, Wigan 24 th June 2008 Charles Yeomanson.

Information Governance - Supporting National Systems ASSIST North West Branch Event Wrightington Conference Centre, Wigan 24 th June 2008 Charles Yeomanson.
Module 4: System Maintenance Intuit Financial Services University Internet Banking Certification Training.

Module 4: System Maintenance Intuit Financial Services University Internet Banking Certification Training.
EMIS Web Sorting out RBAC.

EMIS Web Sorting out RBAC.
© Safeguarding public health Adverse incident reporting now and the future, roles and responsibilities Mark Grumbridge.

© Safeguarding public health Adverse incident reporting now and the future, roles and responsibilities Mark Grumbridge.
Using portal technology to improve services 8 October 2014 Andrew Haw Head of Health Informatics Service.

Using portal technology to improve services 8 October 2014 Andrew Haw Head of Health Informatics Service.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
1 Welcome To Siebel Training Welcome To Siebel Training.

1 Welcome To Siebel Training Welcome To Siebel Training.
Privacy and Disclosure Directives in Panorama for End Users February 11, 2015 1.

Privacy and Disclosure Directives in Panorama for End Users February 11,
Proposed Meaningful Use Criteria for Stage 2 and 3 John D. Halamka.

Proposed Meaningful Use Criteria for Stage 2 and 3 John D. Halamka.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Moving Forwards with HealthSpace Gillian Braunold Clinical Director Summary Care Record & HealthSpace.

Moving Forwards with HealthSpace Gillian Braunold Clinical Director Summary Care Record & HealthSpace.
Www.england.nhs.uk NHS England Interoperability Programme Workshop Information Governance 16 th December 2014.

NHS England Interoperability Programme Workshop Information Governance 16 th December 2014.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
United Nations Economic Commission for Europe Statistical Division Applying the GSBPM to Business Register Management Steven Vale UNECE

United Nations Economic Commission for Europe Statistical Division Applying the GSBPM to Business Register Management Steven Vale UNECE
School of Public Health MyAurion - Approve a Timekeeper Form Tutorial & Teaching Support Staff.

School of Public Health MyAurion - Approve a Timekeeper Form Tutorial & Teaching Support Staff.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
NHS Summary Care Record (SCR) If an Out of Hours doctor is visiting you… If an ambulance is called… If you are taken to A & E…

NHS Summary Care Record (SCR) If an Out of Hours doctor is visiting you… If an ambulance is called… If you are taken to A & E…

Similar presentations

Ads by Google