“Privacy is a right not a privilege. In a world where our personal data can drive everything from the healthcare we receive to the job opportunities we see, we all deserve to have our data treated with respect.”
Those are the words of the UK’s Information Commisioner, John Edwards, who leads the Information Commissioner's Office (ICO) – the independent regulatory body in charge of upholding information rights in the interest of the public.
With confidentiality the cornerstone of good medical practice and central to the trust between doctors, colleagues and patients, The Health Informatics Service (THIS) is drawing on its experience of forging new ways of working during the pandemic to influence the future of NHS Information Governance (IG) and Registration Authority (RA) services.
THIS’ RA service currently provides support to over 400 customer organisations, which equates to approximately 40,000 active Smartcards. Its clients include its host trust, the the Calderdale and Huddersfield NHS Foundation Trust (CHFT), other NHS foundation trusts, Clinical Commissioning Groups (CCGs), GP practices, pharmacies, local authorities, social enterprises, hospices and universities.
Among the biggest upheavals faced into by Yorkshire-based THIS during the pandemic was the suspension of face-to-face RA sessions, which called for key considerations to be factored into all operational services to minimise potential security breaches. This resulted in the creation of new guidance documents covering working from home and the use of Microsoft Teams.
“Microsoft Teams is our preferred communication platform as it is UK-hosted, General Data Protection Regulation (GDPR) compliant, ISO/27001 compliant and provides integration with other CHFT software such as Outlook and ultimately Office 365. It is a secure, moderated collaboration tool that combines voice and video conferencing with WhatsApp style chat and instant messaging,” explains Melanie Hill, THIS’ Information Governance and Registration Authority Manager.
“It was vitally important we adopted some basic security principles that would protect confidentiality while maintaining ‘business as usual’, especially as the use of Microsoft Teams was being encouraged to carry out consultations with patients and service users to reduce the spread of Covid-19.”
As the acute threats of the pandemic recede, NHS Digital is considering new ways of working based on the lessons learnt throughout the pandemic. One proposed solution is a self-service registration portal and THIS has been asked to contribute to the consultation process.
Melanie Hill: “Ideally, we would like to resort to seeing clients face-to-face but there is no doubt Microsoft Teams appointments and posting out Smartcards has relieved the pressure on our RA service in the circumstances.
“Posting out Smartcards had been requested of us before the pandemic but never agreed, it just wasn’t something we would consider. But in the context of the pandemic, posting out a Smartcard was no greater risk than posting out a bank card.
“Going forward, I think a combination of face-to-face and Microsoft Teams appointments are a good compromise. In fact, Teams appointments, the potential option to self-register and removing the restriction of a face-to-face meeting provides us with an opportunity to overcome geographical restrictions of new Smartcard users having to meet with us in person, making it more of a viable proposition to provide services to organisations anywhere in the UK.”
The proliferation in remote working also proved a test of cyber security. Phishing, when criminals use scam emails, text messages or phone calls to trick victims, increased exponentially.
In one period of just two months, THIS’ host trust received 46,600 phishing emails and 34,600 spam emails that resulted in 1,658 malicious websites being blocked, and the blocking of 1,432 malwares.
Helen McNae, THIS’ Data Protection Officer, says: “I think there are two reasons for this. Firstly, criminals know more people are working from home and the potential to catch them off-guard has increased. Second is the use of personal equipment being used at home to link into work, which people can do, but they might not have the same security inbuilt into their personal equipment.
“Our information security team can identify the IP addresses and the source of the emails. We are constantly blocking emails, websites and malware. We are constantly reminding our own teams and those of our clients to be more vigilant.”
Covid-19 has honed the skills of THIS’ IG team, which has drawn on its collective experience to provide the best possible service to internal and external customers and ultimately have a positive influence on patient care.
Helen McNae: “This success has been made possible by good communication, trusting our colleagues, changing the way in which we lead and rapid decision-making.
“We have embarked on a journey and have embraced new ways of working in Teams, across organisations and sectors, and this has been supported by rapidly deployed technology. The use of video conferencing has enabled us to collaborate with colleagues far and wide and cut down considerably on travel time, meetings overrunning and unnecessary bureaucracy. Agile/remote working, I believe, is here to stay.”
Click here to find out more about THIS’ RA and IG services. Its team of specialists is also available to discuss operational requirements and provide demonstrations. Get in touch here to see how THIS can help.