Welcome Guest | Login | Register | Why Register? |
Newsletter RSS Twitter
13 March 2010 | 18:56 GMT

E-Health-Insider E-Health Europe E-Health Jobs (UK only) E-Health Insider Events
HOME | CONTACT | NEWS | DOCUMENT LIBRARY | FEATURES | OPINION & ANALYSIS | EVENTS | RESEARCH REPORTS | CASE STUDIES

Nicholson highlights GP data risks

Tags: Choice   Contract   GP   GPs   Information Commissioner   Information Governance   NHSmail   PCTs   Security  

30 Sep 2008

The Information Commissioner has identified GPs as a data security risk, according to David Nicholson, chief executive of the NHS.

Nicholson has written to NHS chief executives, asking them to check that their organisations are encrypting removable data and re-emphasising that information risk management should be high on their agendas.

In the letter, Nicholson also says that Information Commissioner Richard Thomas has identified a risk relating to “the dispersed nature of GPs and their independent status.”

The letter adds: “Each practice is legally responsible for holding data securely and we are looking at the national contract and considering how best to secure compliance with standards through contractual means in the future.”

In the meantime, he says primary care trusts should be reminded to conduct a risk assessment on the transport of patient identifiable data.

He adds that NHS Connecting for Health has negotiated “significant reductions on licence and installation prices” for back up tape encryption services under the GP Systems of Choice framework. PCTs are asked to order such services by the end of September so that a deadline can be set for installation across all PCTs.

Nicholson sets out a series of other steps PCTs should take to ensure data security at GP practices including:

• ensuring all practices sign a statement of compliance for key security requirements

• ensuring all practice use the NHS information Governance Toolkit

• making sure all practices are aware of the availibility of free encryption software for removable data

• encouraging all practices to move to NHSmail and making practices area of the N3 network and Gpo2Go for the transfer of data.

Survey: E-Health Insider has launched a survey on the security of mobile devices.

The survey, sponsored by Credant, explores whether NHS organisations have revised their security policies following recent security breaches and what action they are taking to support or enforce them. 

It also seeks to assess awareness of policies and whether people are continuing to carry unsecured, sensitive information on mobile devices in spite of them. 

"Data security is at the top of people's to do lists at the moment, as David Nicholson's letter demonstrates," said EHI editor Jon Hoeksma.

"However, the issues are complicated and have at least as much to do with staff behaviour as technology. This makes this survey very timely."

 

To participate in the Survey on Mobile Device Security, click below:

http://www.zoomerang.com/Survey/?p=WEB228AJSK6Q3C

 

 

Fiona Barr

© 2008 E-HEALTH-MEDIA LTD. ALL RIGHTS RESERVED.

Reader's Comments
Add a comment
Reader's Comments

1

Dispersed nature IMPROVES the risk

gerard@careprovider.com

30 Sep 08 22:09

David Nicholson says he has identified a risk relating to “the dispersed nature of GPs and their independent status.”

Those are the very things that make GPs the lower risk in the national scheme of things. Data is held on different clinical systems on differing servers within their practices. Each practice may take different security steps. Knowing how one surgery secures itself, and its clinical syastem will not help a criminal at another.

GPs are also subject to GMC professional ethics and sanctions, which helps to make sure GPs take extra care. GPs carry the can for their employees as well. Non-professionals and PCT chief executives do not have their livelihood at stake in the same way.

If there is a practice failure, then it affects a small number of patients. Alas, failures at PCTs, SHA, and the CFH have far more catastrophic results affecting patients across many surgeries or the UK.

GPs of course should not be putting things on their USB sticks, and if they do use Truecypt... free and approved. But then N3 tokens are cheap so one can connect securely from home or nursing home to the surgery system...there is no need to carry data.

Keep data in surgeries. Putting all together in one lump is the risk.

2

GP data risks

03 Oct 08 15:10

"Keep data in surgeries. Putting all together in one lump is the risk." and the evidence for that is ....... ??? The common feature of recent high publicity data losses in public sectors was that data was taken out of secure systems and placed onto non-secure portable storage media (whether DVD, USB or laptop). More disparate systems increase the chance of data being handled in this way.

3

"Keep Data In Surgeries"

grant.forrest@nhs.net

04 Oct 08 12:10

Was this comment made with tongue firmly in cheek ? What about this Brave New World of information sharing, accurate and contemporaneous summary medical history wherever and whenever it's needed ? If the view of the GPs is that it's far too risky to let any of their precious primary care data out of the door of the surgery then there is little hope for C4H. I'd like to see the Information Governance people talking about the benfits of proper role-based access control to health information that is kept in large, locked buildings with nightly back-up, on servers with resilience and redundancy technologies in place, and perhaps encryption to boot for the really sensitive stuff.

Search
News Features Jobs Newsletters

Past: 24 hrs|7 days|Month

Featured_recruiters
Featured_recruiters
About Us | Advertise | Privacy Policy | Terms & Conditions | RSS Feed
E-Health Insider Primary Care is managed and maintained by E-Health-Media.com ©2010 E-Health-Media Limited.