Changing times for information governance in the NHS
Source: NHE Nov/Dec 16
Stephen Elgar from the Information Governance Alliance (IGA) reflects on the changes and challenges facing information governance professionals in the NHS.
Cyber security threats, the need for innovations and increasing pressure on back-office staff to deliver greater efficiencies are three of the biggest challenges facing information governance (IG) professionals in the NHS, NHE has been told.
Speaking ahead of the IGA Conference, Stephen Elgar reflected on the growing cyber security threat facing all organisations, and individuals, working in the sector.
Cyber security risk
He focused on the growing threat of malware and Ransomware attacks on the service, which can result in criminals taking over entire file servers. In fact, as NHE went to print, Lincolnshire and Goole NHS FT and United Lincolnshire Hospitals NHS Trust had to cancel a number of operations after a virus infected their systems.
Discussing how trusts can improve their security, Elgar referred to the recent Caldicott Review, which stressed the need for ‘cyber essentials’ and attention to delivering “secure infrastructure”.
Caldicott noted that the National Technical Authority for Information Assurance’s (CESG’s) Cyber Essentials, and the 10 Steps to Cyber Security, are available to use without expenditure on materials.
These are focused on organisations taking steps towards creating and implementing controls to address the threats posed by network connectivity and internet-facing systems and services.
However, while the review team found evidence of the CESG’s Cyber Essentials scheme being implemented successfully within 20 health and social care organisations, it is not yet widely used in health and care.
Innovation and data sharing
A further challenge facing the system is that of innovation, which Elgar said could be put under three headings: big data, apps and patient empowerment.
The Caldicott Review recently noted that in the NHS, clinicians perceive that security is an obstacle to introducing innovation and digital healthcare, and that the present standards do not reflect the obligations of the health workforce.
Reflecting on this, Elgar explained that big data offers a potential for people to join information together to deliver health improvements, and the way technology has matured has led to an influx of apps. There is a drive to enable patient empowerment with access to their information, allowing them to repeat prescriptions and to book appointments but interest in using these is likely to vary between different patient groups.
All these developments come with IG implications, he said, and it is essential that the NHS explains what it does with patient information and that an effective dialogue is held with patients.
“The NHS Information Board has commissioned this dialogue,” added Elgar. “We would like to see an informed debate so that when a healthcare professional says ‘are you happy for your information to be used for purposes other than your direct care’ that this is based on a common understanding.”
By the next financial year, the IGA expects that the language for such discussions will be validated and articulated. This will then help shape a new consent model for the sharing of NHS information.
Elgar added that another challenging area is the growing pressure on back-office staff for greater efficiencies.
“All back-office functions are being looked at to see if they can be done more efficiently,” he said. Reflecting on this, he noted that in the local government arena many councils have pooled their IG professionals into a central team – rather than having an IG specialist for each aspect of its business.
“I think something similar will happen, and is probably happening already, in the NHS, a merger of governance and compliance teams,” he added.
Asked about the impact of the 44 draft STPs, Elgar said it was likely to lead to big challenges for IG professionals.
“The STPs mean that there is a plan for financial balance, and lowering costs in areas,” he said. “And I think there will be a drive for merging back-office services across trusts and also outsourcing – all of which have an IG dimension.”
NHE was told that, historically, IG focused on compliance, but it is going to have to change with the increased cyber security risk, and the need to be flexible and nimble in supporting the changes of business process that will come out of STPs.
Asked whether the profession could handle this, Elgar said: “I think IG people will play their part in this period of change. I think it is going to be a very difficult time. Fundamentally, it [STPs] is about lowering cost, so it is going to be a stressful time for everyone.”
Discussing the recent National Data Guardian Review and the role of Caldicott Guardians, Elgar added that their role is shifting to have a greater emphasis on supporting appropriate sharing of information.
“Historically organisations had relatively few channels for information to be shared. Going forward, they will have to have ways of tracking what is being shared routinely and assessing that it is being shared and handled appropriately,” said Elgar.
He understands that the Guardians will be supported by a “refreshed manual”. “They have a national council and there are currently half a dozen local groups and we are hoping for much wider coverage. The Council and the IGA are here to answer difficult questions from the frontline.”
Although Elgar identified challenging times were ahead of IG professionals in the NHS, he was confident about the new world it will help shape: “It looks as if we are not going to accept an NHS without strong technology.”
FOR MORE INFORMATION
Tell us what you think – have your say below or email email@example.com