Health Service Focus

02.12.16

Tackling old and new threats to data security

Source: NHE Nov/Dec 16

Andrew Rose, senior policy officer at the Information Commissioner’s Office (ICO), discusses what actions NHS organisations can do to improve their data security compliance.

Cyber-attacks are a growing concern in the NHS, but the majority of data security breaches are still down to manual issues, according to the ICO. 

Recently the regulator released its data security incident and trends statistics for Q1 in 2016-17, which, once again, showed that the health sector continued to account for the most data security incidents. 

Andrew Rose, senior policy officer at the ICO, noted that this is due to the combination of the NHS making it mandatory to report incidents, the size of the health sector, and the sensitivity of the data processed. 

However, the latest data saw a 26% increase in the number of data security incidents in the health sector compared to the previous quarter (from 184 in Q4 2015-16 to 232 in Q1 2016-17). 

Asked what the main incidents were, Rose explained that the top three included data being posted or faxed to the wrong recipient; loss or theft of paperwork; and data being sent by email to the incorrect recipient. 

“A lot of these incidents could be avoided,” he said, adding that improving training is one of the big issues that have come out of a number of its enforcements. 

“I think that organisations need to make sure it [training] is happening and is relevant to the job role if they can,” explained Rose. “It doesn’t mean designing a course for every department, but it should be something that is a little bit more nuanced than e-learning once a year. It also shouldn’t be done once and forgotten.” 

Earlier this year, Dame Fiona Caldicott’s review recommended that the CQC should integrate measures for compliance with updated data security standards into their ‘Well-Led Inspections’ regime. This is a move that the regulator is taking forward.

Rose added that the CQC picking up on information governance in its inspection regime “should help enforce the fact that this stuff needs to happen. You need to record that the training is happening”. 

The ICO policy officer added that NHS organisations must also look at the policies and procedures they have in place. If you think about things being sent to the wrong recipient, Rose said, is that the fact that someone has not been trained or isn’t there a procedure in place for them to follow.Although the regulator produces a lot of advice and guidance, which helps NHS organisations understand what the issues are in terms of data and helps them with the questions to ask, Rose noted that it won’t help them with what solutions need to be put in place. 

“That is where CareCERT comes in, and they have the link with the National Cyber Security Centre,” he said. “That should be a key route to support. 

“I think that is where NHS organisations should get the expert advice from CareCERT, because they are set up and geared-up to provide that.” 

Despite there being an increased threat of cyber-attacks, especially Ransomware attacks against the NHS, which should not be neglected, Rose told NHE that as well as putting measures in place to mitigate these threats, the NHS must address the issue that the “majority of incidents still come down to manual errors”.

Tell us what you think – have your say below or email opinion@nationalhealthexecutive.com

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

latest healthcare news

Cancer Drugs Fund delivered ‘no meaningful value’ to patients

28/04/2017Cancer Drugs Fund delivered ‘no meaningful value’ to patients

The Cancer Drugs Fund (CDF) set up by David Cameron to pay for medicine for over 100,000 people was not good value for money, despite costing the... more >
Health committee urges DH to draw up plan for post-Brexit uncertainty

28/04/2017Health committee urges DH to draw up plan for post-Brexit uncertainty

The Department of Health (DH) have been told to put contingency plans in place to prepare for the effect that Brexit could have on the health and... more >
STPs will not succeed where BCF has failed, warn MPs

28/04/2017STPs will not succeed where BCF has failed, warn MPs

MPs have slammed the government for the failure of the Better Care Fund (BCF) to achieve any of its objectives, arguing that they are unconvinced... more >

editor's comment

22/03/2017New additions and unexpected announcements

As NHE went to press, many of us were still recovering from the chancellor’s unexpected health announcements in his last Spring Budget.   While the sector welcomed Philip Hammond’s revelations, centered on capital funding for advanced sustainability and transformation plans (STPs) and A&E triage schemes (page 24)... read more >

last word

Foreign patient charges are a distraction from the real issues

Foreign patient charges are a distraction from the real issues

Vivek Kotecha, research officer at the Centre for Health and the Public Interest (CHPI), explains why the charging of foreign patients distracts from our home-grown NHS issues.  The Dep... more > more last word articles >
681 149x260 NHE Subscribe button

the scalpel's daily blog

Labour’s pledge to raise wages for ‘underpaid and overworked’ NHS staff

26/04/2017Labour’s pledge to raise wages for ‘underpaid and overworked’ NHS staff

Shadow health secretary Jonathan Ashworth will today outline a major campaign pledge to axe the NHS pay cap, saying that staff are “underpaid and overworked”. The change is predicted to cost the NHS around £1bn, however Labour say that this is the price the government should pay to show hardworking NHS staff that they are being appreciated. Speaking at the Unison Health Conference in Liverpool, Ashworth will say: ... more >
read more blog posts from 'the scalpel' >

comment

A single approach for purchasing HCTEDs

11/04/2017A single approach for purchasing HCTEDs

Andy Leary, finance director of specialised commissioning (National) at NHS England, discusses the new system for buying and supplying high-cost ... more >
Filling the void and standardising security

07/04/2017Filling the void and standardising security

Jayne King, chair of the National Association for Healthcare Security (NAHS) and head of security, portering and reception services at Guy’... more >
Fear barriers to help-seeking in the UK

07/04/2017Fear barriers to help-seeking in the UK

Jon Paxman, 2020health senior researcher, explains why reducing fear barriers may be essential to promoting timely help-seeking, improving health... more >
Considerable scope for improving how local areas tackle smoking

07/04/2017Considerable scope for improving how local areas tackle smoking

Amanda Sandford, information manager at Action on Smoking and Health (ASH), discusses the need to strengthen local relationships in tackling smok... more >
LDRs: a critical part of STPs and sharing cross-border learning

04/04/2017LDRs: a critical part of STPs and sharing cross-border learning

Dr Masood Nazir, national clinical lead – digital transformation of general practice at NHS England and information lead & senior infor... more >

interviews

Tight timetable for nursing associate  regulation

28/03/2017Tight timetable for nursing associate regulation

Jackie Smith, chief executive at the Nursing and Midwifery Council (NMC), talks to NHE’s David Stevenson about the challenges her organisat... more >
Improving the flow

13/02/2017Improving the flow

Glen Burley, chief executive of South Warwickshire NHS FT, explains how his organisation has been able to improve patient flow through its emerge... more >
Leadership development should be for all in health and care

07/12/2016Leadership development should be for all in health and care

Back in August, Stephen Hart joined Health Education England (HEE) as the organisation’s new director of leadership development, which incl... more >
The powerful link between staff and patient satisfaction

03/10/2016The powerful link between staff and patient satisfaction

David Behan CBE, chief executive of the Care Quality Commission (CQC), talks to NHE about the correlation between high rates of staff satisfactio... more >
Dame Fiona Caldicott: We’re not quite ready for sharing back-office function on data security

07/07/2016Dame Fiona Caldicott: We’re not quite ready for sharing back-office function on data security

NHE’s David Stevenson talks to Dame Fiona Caldicott following her much-awaited Review of Data Security, Consent and Opt-Outs. In the f... more >