trust and governance in health and social care
TRANSCRIPT
Trust and Governance in Health and Social CareProf William J BuchananTwitter: @billatnapierWeb: http://asecuritysite.comhttp://thecyberacademy.org
Changing face of health care
2
Barriers to Information Sharing
Records are
often static
Different
systems/
formatting
used for data
Limited/
difficult access
methods …
lack of trust
Lack of
integration
between health
and social
care
Lack of
integration with
carers, trusted
people and
families
Requirements
for 24/7 support
with real-time
response
Data often
aggregated
and context is
often lost
Strong demand
to consume
health/social
care data
Lack of
information
sharing across the
public sector
Poor access
control to data
Societal
Technical
Information Sharing
Risk Assessors
Health Care
Data
Social Care
Data
Education
Data
Police
Data
Child at
Risk
Records:
Child’s Action Plan
Risk Assessors:
Posted Concerns
Attendance Records
Health Problems
Crime Trace
Named Person
Trust Access to Action Plan
for the Required Time Limit
Health Care
Data
Social Care
Data
Education
Data
Police
Data
Strong Governance
Infrastructure
Health/
Social Care
Records:
Personal Health Record
Risk Assessors:
Frailty Index
Early Warning Score
Appointments Missed
Named Person (GP)
Possible Trust Access to parts of
the Electronic Health Record
Rights granted
Information Sharing
Human
TrustDigital
Trust
Identity
Rights Health/Social
Services
Strong
Governance
Education
Health Care
Police/Law
Enforcement
Social Care
Translation of rights
Translation of identities
Strong Governance Policy
Infinite
possiblities
Primary
Health Care
(role-based)
Secondary
Health Care
(role-based)
Assisted Living (Circle of
Trust)
Family might ask: Who are the
people responsible the action plan?
GP might ask: How often does the team
meet to discuss the child?
Social Care might ask: When is the
next formal review of the case?
Trust Model
Data source 1
Data source 2
Data source 3
Trusted Platform
Symphonic TrustProf William J BuchananTwitter: @billatnapierWeb: http://asecuritysite.comhttp://thecyberacademy.org
Translation Gateway
Governance PolicyHealth and Social Care
Domain
Governance
Policy
Translation
Gateway
Domain Ontology,
Roles, and Well-
managed Services
Exposed
Data elements
Law Enforcement
Domain
Domain
Ontology, Roles,
and Services
Exposed
Data elements
Human Readable Policy
defined for access
(based on role,
relationship and identity)
Roles
Federated Identity Attribute,
and Relationship
Management
[Unit]
[Dept]
Domain Ontology
Governance and Trust
Police/Law
EnforcementSocial Care
Governance Policy
Translation
Gateway
Governance and Trust
Police/Law
EnforcementSocial Care
Governance Policy
Translation
Gateway
Governance
model
Translator of roles,
services, and rights
Governance Policy
Translation
Gateway
Automated generation
Information
Sharing Policy
Document
Real-time
implementation
ENU e-Health Cloud Architecture
12
Service Claims
Policy Syntax
14
London Data SharingProf William J BuchananTwitter: @billatnapierWeb: http://asecuritysite.comhttp://thecyberacademy.org
London Digital Programme
• London Digital Programme – As part of Healthy London initiative, the Health and Social Care ecosystem in London is piloting new ways to provide a data sharing environment to allow the 7,000 diverse organisation involved in patient care to access patient records. Symphonic Software is delivering the key governance layer to this important programme to ensure that any data access meets with data controller agreements, which codify the inter-organisational rules for patient data access, and also allowing citizens to express their own data sharing preferences.
Scope
Ref: London Data Sharing Partnership, Mike Park
Dimensions of Integrated Care
Ref: London Data Sharing Partnership, Mike Park
Activated Citizen
Ref: London Data Sharing Partnership, Mike Park
Digital enabled care
Ref: London Data Sharing Partnership, Mike Park
London Data Sharing
London Digital Program
Ref: London Data Sharing Partnership, Mike Park
Sharing AgreementsProf William J BuchananTwitter: @billatnapierWeb: http://asecuritysite.comhttp://thecyberacademy.org
Background
• Five years academic research motivated by CaldicottReport
• Software to improve patient care through trusted data sharing:
• Across organisation & application boundaries
• Using trust-based access models
• Protecting patient information
• With built-in information governance
• Patient consent and preference
• Aligning IT and service delivery in data security
Common Authorisation Layer
Symphonic Trust:• Interoperability• Accelerated Service
Delivery• Holistic view• Dynamic Access
Management
Implementing Data Sharing
• Capture landscape• Who – “users” of the ecosystem• What – to-be-shared data and resources• Policies – Data Sharing Agreements
• Define Policies & Data Ownership• Organisation• Patient Consent
• Management Reporting• Rights• Usage• Policy Change
Define who has access
• Different domains• Different organisational structures• Capture End points and synchronisation
Define data and services
• Different domains• Different technologies• Define endpoints and access methods
Attribute as a service
• Resolve rules “on-the-fly”
Define identity providers
• Different identity providers• Define “trust”• Different provisioning policies
Define policy documents
• Relate IT access methods to business policy• Data Sharing Agreements
Store policies
• Centralise policy management
Define basic policy
• Business User driven (Data Controller)• API suite for policy management by user apps
Define advanced policy
• Capture advanced policy requirements• Time, Geo, device type, IP Address etc
Management Reporting
• Full set of management reports• User Entitlements
• Access reporting• Permits
• Denies
• Policy Changes
• Information “obligations” on access; SMS, email, etc
• Meets compliance and regulatory needs
• Aligned to Data Sharing Agreements
Trust and Governance in Health and Social CareProf William J BuchananTwitter: @billatnapierWeb: http://asecuritysite.comhttp://thecyberacademy.org