New measures have been proposed to strengthen security of healthcare data and help people make informed choices about how their data is used.
In the National Data Guardian’s report, Review of Data Security, Consent and Opt-Outs, outlines how the NHS can eliminate vulnerabilities in their IT systems.
New measures have been proposed to strengthen security of healthcare data and help people make informed choices about how their data is used.
In the National Data Guardian’s report, Review of Data Security, Consent and Opt-Outs, outlines how the NHS can eliminate vulnerabilities in their IT systems.
In particular the report says, “CCGs should use an appropriate tool to identify vulnerabilities such as dormant accounts, default passwords and multiple logins from the same account”.
The NDG report also recommends an extensive dialogue with the public about how their healthcare information is used and the benefits of data sharing.
The report highlights the little public awareness of how this information is used.
To facilitate awareness, the report recommends a new opt-out to make it clear to patients how their information can be used and when they can opt out of it being shared.
Research in the review found that people tend to support their information being used where they can see the benefit, but want to be given a choice.
The NDG report includes 10 new data security standards, such as ensuring “that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form”.
Furthermore the report says: “All access to personal confidential data on IT systems can be attributed to individuals.”
Dame Fiona Caldicott, national data guardian, said: ”My recommendations centre on trust. Building public trust for the use of health and care data means giving people confidence that their private information is kept secure and used in their interests.
“Citizens have a right to know how their data is safeguarded. They should be included in conversations about the potential benefits that responsible use of their information can bring.”
Jeremy Hunt, the Secretary of State for Health, commissioned two data reports last year, one from the CQC to review existing levels of data security across the NHS and the other from the National Data Guardian (NDG) to recommend new data security standards for health and social care.
The recommendations from the CQC report, Safe data, safe care, advise “strengthened” data security auditing in all health care settings, amounting to more stringent CQC IT system inspections.
It also recommends, “clear ownership and responsibility for data security” to the standard of clinical and financial management and accountability.
The CQC also said in its list of recommendations that it would begin inspecting data security against “the new data security standards” set out in the NDG report.
David Behan, chief executive of the CQC, said: ”The ability of NHS organisations to access and share patient information is crucial to the delivery of safe, effective care.
“But without robust processes, there’s a risk that information may be compromised, may not be accessible when it’s needed, or may not be kept confidential.
He added: “CQC has set out six recommendations aimed at improving arrangements for protecting personal data, and assuring the new standards proposed by the National Data Guardian. These recommendations focus on three main themes that are fundamental to the secure handling of data: people, processes and technology.
“Ultimately, however, it is for NHS leaders to demonstrate clear ownership and responsibility for data security, just as they do for clinical and financial management and accountability.”
