Dame Fiona Caldicott, the National Data Guardian for Health and Care (NDG), today publishes recommendations to strengthen the security of health and care information secure and to help the public make informed choices about how their data is used.
This review by the National Data Guardian for Health and Care (NDG), Dame Fiona Caldicott, makes recommendations of ten new data security standards to apply to all organistaions which hold health or care information to the Secretary of State for Health. These are aimed at strengthening the safeguards for keeping health and care information secure and ensuring the public can make informed choices about how their data is used.
The report focuses "on two aspects of people’s trust. Firstly, it looks at whether data security is good enough. Are there adequate systems in place to prevent people’s confidential information falling into the wrong hands? Can those systems be made strong enough to protect against known and potential dangers without being so restrictive that information cannot be shared appropriately among staff providing care? Secondly, the report looks at the basis upon which information is shared. Do people understand who will have legitimate access to their personal confidential data? When is the individual’s specific consent required? When can people consent to or opt out from information being used and when may this be overruled? Are the current arrangements protecting people’s confidentiality adequately upheld, and do they allow for appropriate information sharing to benefit patients, service users and the entire health and care system?"
Dame Fiona is calling on leaders of health and social care organisations to demonstrate clear accountability and responsibility for data security, just as they do for clinical and financial management and accountability. Dame Fiona’s report also argues that the public should be engaged about how their information is used and safeguarded, and the benefits of data sharing, with a wide-ranging consultation on her proposals as a first step.
The review is clear that it will be important to hear the views of patients, health and care professionals, researchers, commissioners and others in this consultation and beyond.
One of the recommendations states: “All health and social care organisations should provide evidence that they are taking action to improve cyber security; … a strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework”. The review states that “as systems became more digital, breaches could affect greater numbers of people and the external cyber threat is becoming a bigger consideration… The Review heard that in most cases, breaches or cyber-attacks are unwittingly facilitated by the behaviour of employees who can be classed as ‘non-malicious insiders’, primarily motivated to get their job done and often working with ineffective technologies or processes… Beyond human error, the Review found that the main threat to the public and private sectors is from basic cyber-attacks, which use hacking tools that can be purchased readily and cheaply online and exploit publicly known vulnerabilities. Recent observations report significant increases in the volumes and sophistication of unsolicited emails in global circulation, many containing ‘malware’ or hidden software, designed to cause harm, by exploiting unmanaged technical weaknesses and/or human naivety”.
Full copy of Review of data security, consent and opt-outs.
Healthcare Conferences UK's series of healthcare information management conferences and masterclasses focus on the appropriate and effective management and handling of patient information, data and records.
We are currently offering an increased group booking discount of 30% off all but the first person, simply book your group online any time in July and the discount will be applied automatically
Caldicott Guardian Training Course
Wednesday 21 September 2016, Friday 21 October 2016 and Wednesday 7 December 2016, London
Caldicott Guardians: National Annual Conference
Thursday 6 October 2016, The Studio, Birmingham
Cyber Security in Healthcare: Assuring and securing information in the NHS
Monday 7 November 2016, Hallam Conference Centre, London
Caldicott Guardian Training Course for Beginners
Tuesday 22 November 2016, Hallam Conference Centre, London
Date for your Diary: Implementing the National Data Security Recommendation Conference
Friday 2 December 2016, London (programme in development)
For a full list of our conferences and masterclasses visit the website.
