Health Service Focus

02.12.16

Tackling old and new threats to data security

Source: NHE Nov/Dec 16

Andrew Rose, senior policy officer at the Information Commissioner’s Office (ICO), discusses what actions NHS organisations can do to improve their data security compliance.

Cyber-attacks are a growing concern in the NHS, but the majority of data security breaches are still down to manual issues, according to the ICO. 

Recently the regulator released its data security incident and trends statistics for Q1 in 2016-17, which, once again, showed that the health sector continued to account for the most data security incidents. 

Andrew Rose, senior policy officer at the ICO, noted that this is due to the combination of the NHS making it mandatory to report incidents, the size of the health sector, and the sensitivity of the data processed. 

However, the latest data saw a 26% increase in the number of data security incidents in the health sector compared to the previous quarter (from 184 in Q4 2015-16 to 232 in Q1 2016-17). 

Asked what the main incidents were, Rose explained that the top three included data being posted or faxed to the wrong recipient; loss or theft of paperwork; and data being sent by email to the incorrect recipient. 

“A lot of these incidents could be avoided,” he said, adding that improving training is one of the big issues that have come out of a number of its enforcements. 

“I think that organisations need to make sure it [training] is happening and is relevant to the job role if they can,” explained Rose. “It doesn’t mean designing a course for every department, but it should be something that is a little bit more nuanced than e-learning once a year. It also shouldn’t be done once and forgotten.” 

Earlier this year, Dame Fiona Caldicott’s review recommended that the CQC should integrate measures for compliance with updated data security standards into their ‘Well-Led Inspections’ regime. This is a move that the regulator is taking forward.

Rose added that the CQC picking up on information governance in its inspection regime “should help enforce the fact that this stuff needs to happen. You need to record that the training is happening”. 

The ICO policy officer added that NHS organisations must also look at the policies and procedures they have in place. If you think about things being sent to the wrong recipient, Rose said, is that the fact that someone has not been trained or isn’t there a procedure in place for them to follow.Although the regulator produces a lot of advice and guidance, which helps NHS organisations understand what the issues are in terms of data and helps them with the questions to ask, Rose noted that it won’t help them with what solutions need to be put in place. 

“That is where CareCERT comes in, and they have the link with the National Cyber Security Centre,” he said. “That should be a key route to support. 

“I think that is where NHS organisations should get the expert advice from CareCERT, because they are set up and geared-up to provide that.” 

Despite there being an increased threat of cyber-attacks, especially Ransomware attacks against the NHS, which should not be neglected, Rose told NHE that as well as putting measures in place to mitigate these threats, the NHS must address the issue that the “majority of incidents still come down to manual errors”.

Tell us what you think – have your say below or email opinion@nationalhealthexecutive.com

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

latest healthcare news

Three CCGs slapped with NHS England legal directions

18/08/2017Three CCGs slapped with NHS England legal directions

Three CCGs have been slapped with NHS England legal directions requiring them to produce urgent improvement and financial plans, as well as hire ... more >
Numbers placed into nursing courses drops by 8% since 2016

18/08/2017Numbers placed into nursing courses drops by 8% since 2016

Nurses have today warned that there are not enough new workers being trained to keep pace with demand as UCAS figures showed that there had been ... more >
London trust told to improve for third time in three years

17/08/2017London trust told to improve for third time in three years

A major London NHS trust has been told by inspectors that it needs to urgently improve after it received its third ‘Requires Improvement&rs... more >

editor's comment

13/06/2017Tackling the major challenges facing the NHS

As you will have gathered from the front cover, a theme that runs throughout this edition of NHE is about empowering and involving the workforce in order to deliver innovative change across the system.  Professor Jane Dacre, president of the Royal College of Physicians, highlights on page 16 the importance of sustainability and trans... read more >

last word

Your personality, your leadership

Your personality, your leadership

Deirdre Wallace, clinical skills manager at UCL Medical School, discusses the importance of learning about leadership and self while at medical school. Approximately five years ago, I was ch... more > more last word articles >
681 149x260 NHE Subscribe button

the scalpel's daily blog

Turbo-boosting STPs? It’s time we got serious about ‘partnership’

27/07/2017Turbo-boosting STPs? It’s time we got serious about ‘partnership’

Merron Simpson, chief executive New NHS Alliance, argues we’re missing the point of what ‘partnership working’ truly means if we refuse to recruit help from those outside the health service. Jeremy Hunt and Simon Steven’s recent announcement to ‘turbo-boost’ sustainability and transformation partnerships (STPs) provides a welcome shot-in-the-arm for those across the system who are ... more >
read more blog posts from 'the scalpel' >

comment

Changing our digital culture and safeguarding patient data

08/08/2017Changing our digital culture and safeguarding patient data

Joanna Smith, chief information officer at Royal Brompton & Harefield NHS FT (RBHT), says that as the NHS becomes more digital it has to get ... more >
A centre for medicines optimisation research and education

04/08/2017A centre for medicines optimisation research and education

Dr Yogini Jani, a consultant pharmacist at University College London Hospitals NHS FT (UCLH), discusses a collaboration with UCL School of Pharma... more >
Unlocking the benefits of age-friendly cities

04/08/2017Unlocking the benefits of age-friendly cities

Stefanie Buckner, Calum Mattocks and Louise Lafortune from the Cambridge Institute of Public Health, alongside Melanie Rimmer from the School of ... more >
A community service

04/08/2017A community service

Louise Watson, NHS England director of the New Care Models programme, discusses the emerging success stories from the vanguard areas across the c... more >
Diabetes Professional Care launches 2017 Conference programme

03/08/2017Diabetes Professional Care launches 2017 Conference programme

An outstanding line-up of practitioners and thought leaders will share their expertise and knowledge with healthcare professionals from across th... more >

interviews

Improving care at the touch of a screen

08/08/2017Improving care at the touch of a screen

When it comes to dementia, having a calm and safe environment can have a substantial impact on a patient’s quality of life. NHE’s Jos... more >
A new approach to talent management

25/07/2017A new approach to talent management

Martin Hancock, national lead for talent management at NHS Leadership Academy, and Gill Rooke, the organisation’s senior operations manager... more >
Enabling greater integration through ACSs

25/07/2017Enabling greater integration through ACSs

At this year’s NHS Confed, Simon Stevens revealed the first wave of accountable care systems (ACSs). NHE speaks to Ian Dodge, the director ... more >
How NHS organisations can protect themselves against cyber crime

25/07/2017How NHS organisations can protect themselves against cyber crime

On 12 May, a global cyber-attack occurred on an unprecedented scale. It affected organisations across the globe and, though it did not specifical... more >
Working collectively to improve cancer outcomes for patients

20/06/2017Working collectively to improve cancer outcomes for patients

Last year, the cancer vanguard established the Pharma Challenge. Rob Duncombe, pharmacy director at the Christie NHS FT, gives NHE an update on t... more >