information governance jym bates head of information assurance
Post on 25-Dec-2015
214 Views
Preview:
TRANSCRIPT
Information GovernanceInformation Governance
Jym BatesJym Bates
Head of Information Head of Information AssuranceAssurance
What Is Information What Is Information Governance?Governance?
Data ProtectionData Protection Freedom Of InformationFreedom Of Information Information SecurityInformation Security
Relevant PoliciesRelevant Policies Data Protection Act 1998 (and subsequent Special Information Data Protection Act 1998 (and subsequent Special Information
Notices)Notices) Human Rights Act 1998Human Rights Act 1998 Access to Health Records act 1990 (where not superseded by the Access to Health Records act 1990 (where not superseded by the
Data Protection Act 1998)Data Protection Act 1998) Computer Misuse Act 1990Computer Misuse Act 1990 Copyright, Designs and Patents Act 1988 (as amended by theCopyright, Designs and Patents Act 1988 (as amended by the Copyright (Computer Programs) Regulations 1992).Copyright (Computer Programs) Regulations 1992). Crime & Disorder Act 1998Crime & Disorder Act 1998 Electronic Communications Act 2000Electronic Communications Act 2000 Regulation of Investigatory Powers Act 2000 (& Lawful BusinessRegulation of Investigatory Powers Act 2000 (& Lawful Business Practice Regulations 2000Practice Regulations 2000 Freedom of Information Act 2000Freedom of Information Act 2000 Gender Recognition Act 2004Gender Recognition Act 2004
EmailEmail
Ownership of emailsOwnership of emails Addressing emailsAddressing emails Personal emailsPersonal emails Freedom of informationFreedom of information AttachmentsAttachments SpamSpam
• Why it occursWhy it occurs• Actions to takeActions to take
Internet UseInternet Use Personal accessPersonal access
• Out of working hoursOut of working hours Monitoring - Disciplinary Monitoring - Disciplinary
ActionAction Not to be viewedNot to be viewed
• Adult/Sexually explicit Adult/Sexually explicit topic topic
• HackingHacking• Alcohol & Tobacco Alcohol & Tobacco • SpywareSpyware• Intolerance & HateIntolerance & Hate
• Criminal Activity Criminal Activity • GamblingGambling• Personals & Dating Personals & Dating • Tasteless & OffensiveTasteless & Offensive• Glamour & Intimate Glamour & Intimate
Apparel Apparel • Illegal DrugsIllegal Drugs• Violence Violence • WeaponsWeapons• Streaming Media Streaming Media
DownloadsDownloads• ChatChat
Data Protection ActData Protection Act
Security of Person Identifiable Security of Person Identifiable Information (PII)Information (PII)
ConfidentialityConfidentiality StorageStorage TransferTransfer
Principles of the Data Protection Principles of the Data Protection ActAct
Fairly and lawfully processed Fairly and lawfully processed Processed for limited purposes Processed for limited purposes Adequate, relevant and not excessive Adequate, relevant and not excessive Accurate and up to date Accurate and up to date Not kept for longer than is necessary Not kept for longer than is necessary Processed in line with your rights Processed in line with your rights Secure Secure Not transferred to other countries Not transferred to other countries
without adequate protectionwithout adequate protection
ConfidentialityConfidentiality
Security risksSecurity risks• Not following the clear desk policyNot following the clear desk policy• Not logging off a PC when it is not being Not logging off a PC when it is not being
usedused• Talk e.g. the canteenTalk e.g. the canteen• Telephone conversations e.g. open wardTelephone conversations e.g. open ward• Patients seeing their own notesPatients seeing their own notes
Storage of PII - ElectronicStorage of PII - Electronic
PII must not be stored on: -PII must not be stored on: -• Unencrypted laptopsUnencrypted laptops• Non Biometric USB memory sticks Non Biometric USB memory sticks • CDROM / DVD unless encryptedCDROM / DVD unless encrypted• External hard drives unless encryptedExternal hard drives unless encrypted• Any home PC Any home PC • Any PC not on central storageAny PC not on central storage
Storage of PII - PaperStorage of PII - Paper
Medical notes must be held in Medical notes must be held in Medical Records, in a locked office or Medical Records, in a locked office or in a locked notes trolleyin a locked notes trolley
Any PII should always be locked in a Any PII should always be locked in a filing cabinet or desk drawer unless it filing cabinet or desk drawer unless it is in a secure officeis in a secure office
Transfer of PII – ElectronicTransfer of PII – Electronic
Whenever possible PII should not be Whenever possible PII should not be transferredtransferred
Email should not be used unless it is Email should not be used unless it is encryptedencrypted
PII should only be uploaded to secure PII should only be uploaded to secure web sitesweb sites
For support please contact ISC Help For support please contact ISC Help DeskDesk
Transfer of PII – Paper / LettersTransfer of PII – Paper / Letters Whenever possible PII should not be Whenever possible PII should not be
transferredtransferred Ensure that the correct information is Ensure that the correct information is
being sent to the correct personbeing sent to the correct person Any letters containing PII should be clearly Any letters containing PII should be clearly
addressed addressed ‘Private & Confidential’ ‘Private & Confidential’ and and only this & the contact details should be only this & the contact details should be visiblevisible
Requests for tests etc must always be Requests for tests etc must always be sealed in an envelopesealed in an envelope
Use of Fax Machines should be Use of Fax Machines should be discourageddiscouraged
Transfer of PII – Medical NotesTransfer of PII – Medical Notes
The location of medical records The location of medical records should always be entered on the PAS should always be entered on the PAS tracking systemtracking system
Medical records must always be Medical records must always be sealed in an envelopesealed in an envelope
Staff should not ferry casenotes to Staff should not ferry casenotes to other locations in their carsother locations in their cars
VirusesViruses
A virus is a malicious code that can A virus is a malicious code that can affect an individual PC or entire affect an individual PC or entire networknetwork
The Trust has a comprehensive virus The Trust has a comprehensive virus scanning and damage control system scanning and damage control system that starts up when a PC is turned onthat starts up when a PC is turned on
Major sources are: -Major sources are: -• Unsolicited emailsUnsolicited emails• Unlicensed softwareUnlicensed software
PasswordsPasswords
You must You must nevernever let anyone use the let anyone use the password to your PC or any software password to your PC or any software you useyou use
Do not keep lists of your passwordsDo not keep lists of your passwords Regularly change your passwordRegularly change your password Passwords must contain at least one Passwords must contain at least one
number, one lowercase letter and number, one lowercase letter and one uppercase letter.one uppercase letter.
Unlicensed SoftwareUnlicensed Software
The only software allowed on Trust The only software allowed on Trust PCs are the systems purchased by PCs are the systems purchased by the trustthe trust
You are not allowed to load any You are not allowed to load any software onto a Trust PCsoftware onto a Trust PC
Please contact ISC Help Desk if you Please contact ISC Help Desk if you require a programme for your workrequire a programme for your work
PII and Audit / ResearchPII and Audit / Research
Always review the need for PII. Could Always review the need for PII. Could you just use an allocated patient you just use an allocated patient identifieridentifier• The NHS number with no further PII is The NHS number with no further PII is
acceptableacceptable Do not Do not pull offpull off PII from a system unless PII from a system unless
you are allowed to do so. you are allowed to do so. • Requests for reports should go through ISC Requests for reports should go through ISC
Help Desk or individual Business Help Desk or individual Business Information SpecialistsInformation Specialists
GuidanceGuidance
Check the Trust’s Information Check the Trust’s Information Governance Policies on Synapse in Governance Policies on Synapse in
EmailEmail• InformationSecurity&xxxxxxxxxxxxxx@
xxxx.xxx.xx TelephoneTelephone
• (0161 20) 62601 (0161 20) 62601
top related