19.05.16
Named individuals needed at board level to manage NHS data, say Caldicott
NHS trusts must take more action to secure patients’ data, the National Data Guardian has said ahead of publishing the results of her data security review.
In a letter sent to providers, Dame Fiona Caldicott and David Behan, chief executive of the CQC, said that during their reviews they had found “widespread commitment” to keeping data secure, but more needed to be done.
Last year, the CQC was asked to undertake a review of data security in the NHS. The National Data Guardian for Health and Care was asked to develop new data security standards.
The reviews found three key themes that are fundamental to secure data handling: people, processes and technology.
In particular, Dame Fiona said that it was important for organisations to identify appropriate leaders as “responsibility and accountability for data security is vital, just as it is for clinical and financial management and accountability”.
“We would encourage you to ensure you have individuals in the roles of the Senior Information Risk Owner (SIRO) and the Caldicott Guardian at board or equivalent level, and that they are registered with the HSCIC,” the communication read.
In a new set of data security standards, which are to be published shortly, Dame Fiona and the CQC will also recommend that organisations give staff on all levels data management training to a national standard. The HSCIC is to examine how this requirement can be met from suitably qualified suppliers.
There is also a recommendation that organisations have processes to prevent data security breaches, deal with near misses and keep IT security up-to-date. It was noted that HSCIC’s CareCERT service is able to provide the latest advice and guidance in this area.
The new guidelines, which will apply to all organisations from hospitals to GP practices, will also include a new ‘opt-out’ model of sharing data for purposes beyond direct care.
New figures from the HSCIC, released yesterday, show that 1 in 45 patients are already choosing to opt out of data sharing.
Have you got a story to tell? Would you like to become an NHE columnist? If so, click here.