NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
FO
R H
EALT
H A
ND
SO
CIA
L C
AR
E NIGB IG Collaborative Workshops
The Reality of Delivering the Information Revolution
Leeds – Birmingham - London
Time Exhibitor Room
11.00 – 11.30
Metacompliance - Policy Enforcement Management
Herschel
Egress Switch – Secure Communication Voisey
Meeting requirement 206 with Fairwarning and Customer
Lethaby
13.30 – 14.00
Imprivata – Enabling Healthcare Securely Voysey
Mastek – Pseudonymisation that works Lethaby
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
FO
R H
EALT
H A
ND
SO
CIA
L C
AR
E
NIGB IG Collaborative Workshops
The Reality of Delivering the Information Revolution
Leeds – Birmingham - London
Neil Churchill
Housekeeping• Toilets – signposted and on (almost) every
floor• Fire: continuous ringing – follow signs
– Test at 13.00– Assemble
• Tea, coffee and lunch in exhibition area– Three queues – staggered if possible
• Mobile phones off or silent• Moving between rooms: quickly and when
here using both staircases
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
FO
R H
EALT
H A
ND
SO
CIA
L C
AR
E
No free lunch
Leeds – Birmingham - London
This event is made possible through our exhibitors and sponsors
Demonstrations and Q&A will be taking place throughout the day
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
FO
R H
EALT
H A
ND
SO
CIA
L C
AR
E NIGB IG Collaborative Workshops
The Reality of Delivering the Information Revolution
Leeds – Birmingham - London
Time Exhibitor Room
11.00 – 11.30
Metacompliance - Policy Enforcement Management
Herschel
Egress Switch – Secure Communication Voysey
Meeting requirement 206 with Fairwarning and Customer
Lethaby
13.30 – 14.00
Imprivata – Enabling Healthcare Securely Voysey
Mastek – Pseudonymisation that works Lethaby
Breakouts
• Stream 1: Commissioners and Transition – in here
• Stream 2: Consultation – Herschel• Stream 3: Information Risk –Voysey• Stream 4: Information Strategy &
Governance – Lethaby
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Programme Changes
• Stream 1: Commissioning and Transition– Deborah Terry – Transition Guidance– David Evans – 12.00– Clare Sanderson – 12.30
• Advisory Clinic – Lethaby– Q&A
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Networking
• Drinks in courtyard at 16.30pm• Pub: Lord John Russell
– Opposite Brunswick centre (down road opposite)
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Today’s workshop – setting the scene
• Strategic themes• Preparing for the ‘new world’• How to do ‘more for less’• Moving towards solutions• Challenging current thinking• Q&A –Expert Panel
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Today’s workshop - housekeeping
• Q&A Panel – place your question at registration
• Break out sessions• Speed dating – time limited
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Context: Changing health & social care landscape
• Health & Social Care Act 2012• Move from central to local• Integration • New organisational structures• Patient / citizen centred e.g. access to records• No decision about me without me• Increased competition
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Health and Social Care Act 2012 Key considerations
• Changes to the legal bases for information processing • IG roles and responsibilities of organisations in the new landscape• Provision for the NHS Information Centre to request confidential patient information from health and social care bodies
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Health and Social Care Act 2012Key considerations• Balance between Confidentiality and Information Sharing - risks and issues• Impact of Organisational Change - risks and issues• Regulation in the ‘new world’• National bodies need to consider whether identifiable
information is really needed - Privacy Impact Assessments
• Concerns have been raised over interim IG arrangements – NIGB transition guidance (November 2011)
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Context: Changing Information Governance landscape
• Future model development – IG Operating Model
• IG Review on behalf of the Secretary of State• Organisational changes – need to ensure
system wide consistency• IG Levers
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Moving forward: IG levers
• Contract Terms with providers and the oversight management and enforcement of contractual provisions•Information Standards to the extent they are applicable to information governance but they have the benefit of being health and social care system wide•CQC registration criteria – currently limited scope in relation to enforcement - future role for NIGC?•Legal enforcement through the Information Commissioner’s Office in relation to the Data Protection Act 1998
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Future model - practicalities (1)
•Culture & context – paper records will continue; technology needs to be user friendly – otherwise people will find way to circumvent controls!•Storage and retention issues become different in electronic environment – both paper and electronic health records need to be effectively managed•Understanding the importance of IG•Shared electronic records – will become the norm, with challenges in relation to data controllership, maintaining data quality and the integrity of the record (Royal College of General Practitioners Guidance)
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Future model - practicalities (2)• Managing and sharing patient and service user
identifiable information for secondary uses – challenges of implementing individual’s wishes
• Pressure to make efficiencies through increased use of electronic communication – how to ensure IG adequate and difficulties of doing so in a resource constrained environment
• Online patient access can reduce patient demands and increase satisfaction
• Telemedicine – useful for some groups / locations• Increased risk from more people with access but also
harm from not sharing
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Future model – assurance and controls
• Managing robust access controls where multiple agencies staff need access understanding that “sharing” is “disclosure”• Sharing across health & social care – consent and appropriate controls in place to ensure patient / citizen interests are protected• Collaboration & engagement• Strong IG standards - need to be embedded • Use of the Care Record Guarantee – uptake of organisations in health & social care has been varied – future of the CRG?
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
Future model –enabling patient access to their records•Clinician willingness•Information about other individuals or provided by other individuals in the record•Handling seriously harmful information and when to consider that the potential for serious harm has passed •What patients value most is the transactional aspects – booking appointments, requesting repeat prescriptions, getting test results, messaging the GP. • Important to do this in a stepped way, perhaps starting with the transactional aspects
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
FO
R H
EALT
H A
ND
SO
CIA
L C
AR
E
NIGB IG Collaborative Workshops
The Reality of Delivering the Information Revolution
Leeds – Birmingham - London
#NIGB#HSCIG
Information Governance Review
Karen Thomson
IG Review - Scope
• Terms of Reference on website• Full scope still to be finalised – focus has been on
evidence gathering• Key issue to address concerns Consent and
ensuring that all activities have a secure basis in law
• IG in the new landscape – how to have effective internal and system wide IG
• Specific cross-sector IG issues affecting individuals and organisations
IG Review - Membership
• Panel – 15 members in total• Process of selection – key areas were
identified and then relevant organisations were approached for suggestions
• Members appointed in their own right not as representatives
• Monthly meetings• Additional evidence gathering sessions
• when is explicit consent needed?• what is needed for valid implied consent?• are there activities that need a secure legal
basis but for which consent is not appropriate or feasible?
• If so, how should they be supported?• the consent process – how to seek consent and
what to record• implementation through technical architecture
Consent and lawful processing
IG Review Process
• Timetable: intention to feed into NHS Constitution consultation for October
• Autumn 2012: interim report and then final report
• Earl y 2013: final report
Evidence gathering themes• direct care, including
sharing across H & SC and with independent sector
• Commissioning• Public Health• LA / Adult, Children and
Family Social care uses including safeguarding
• Research• Consent
• Linkage and identifiability• Patient and Public rights
in law – EU Regulation and what services need to tell people
• Workforce education, training and regulation
• Issues related to genetic and genome information
• Issues related to new and emerging technologies
Next steps
• Careful thought to working out the practicalities of change
• Collaboration & partnership• Future approach to IG needs to promote
excellence in health and social care • Consistency of approach across health and
social care, research and public health
How you can be involved
• Happy to receive written submissions by email (or post)
Website in development: www.Caldicott2.dh.gov.uk
Contact: [email protected] - 020 7972 3734
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
FO
R H
EALT
H A
ND
SO
CIA
L C
AR
E
NIGB IG Collaborative Workshops
The Reality of Delivering the Information Revolution
Leeds – Birmingham - London
#NIGB #HSCIG
The role of the Information Commissioner’s
Office
•David Evans, Senior Policy Officer
• The Information Commissioner’s Office is the UK’s independent authority set up to
uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals
What the Information Commissioner isresponsible for
• Data Protection Act• Freedom of Information Act• Privacy and Electronic Communications Regulations• Environmental Information Regulations• INSPIRE (Infrastructure for Spatial Information in the
European Community) Regulations
The role of the Information Commissioner
• “It shall be the duty of the Commissioner to promote the following of good practice by data controllers and, in particular, so to perform his functions under this Act to promote the observance of the requirements of this Act by data controllers.” S 51 (1) DPA
• “It shall be the duty of the Commissioner to promote the following of good practice by public authorities and, in particular, so to perform his functions under this Act as to promote observance of
a) the requirements of this Act, andb) the provisions of the codes of practice under sections 45 and 46.”• S 47 (1) FOIA
What do we do
• Educate• Decide• Enforce• Prosecute
Prosecutions• Former health worker guilty of unlawfully
obtaining patient information by accessing the medical records of 5 members of her ex-husband’s family in order to obtain their new telephone numbers - £500 fine & £1,000 costs
• Receptionist who unlawfully obtained her sister-in-law’s medical records in order to find out about her medication found guilty – 2 yr conditional discharge & over £600 costs
Is it enough?• Former gambling industry worker who unlawfully obtained and sold
personal data relating to over 65,000 online bingo players guilty of committing three offences – 3yr conditional discharge, £1,700 compensation & over £800 costs.
• Bank cashier illegally accessed the personal details of a sex attack victim. The cashier’s husband had been convicted of carrying out the attack and was jailed - £800 fine & £400 costs.
• A personal injury claims company employee guilty of illegally obtaining NHS patients’ information over a four month period - £1,050 fine & £1,160 costs.
One that didn’t get away• June 2011 - two former employees of UK mobile
operator T-Mobile who illegally stole and sold select customer data from the company in 2008 ordered to pay a total of £73,700 in fines and confiscation costs or serve prison sentences by default.
By January 2012 – paid up in full!
• Carried out under the Proceeds of Crime Act and the ICO gets a proportion of this to use for the prevention and detection of crime
Enforcement• Feb 2012 – Staffordshire County Council –
“failed subject access”.• Dec 2011 – Powys County Council –
Enforcement and Civil Monetary Penalty.- CMP – data breach - Enforcement – to compel training to
ensure no repeat of the data breach• Undertakings – committing an organisation to a
particular course of action in order to improve its compliance
Decisions• Freedom of Information
• Dept of Health’s transition risk registers• Cost of the swine flu vaccination programme• Copies of papers from the “closed” sessions of
the meetings of a Foundation Trust board• Compelling the CQC to provide “advice and
assistance” to an FOI requestor• MP’s expenses
Educate
• Codes of Practice • Guidance• Audits• Work with stakeholders• Advice
- telephone helpline- respond to written enquiries- suggest how to deal with issues that
are identified through case work
Codes of Practice
• CCTV Code of Practice (2008)• Assessment Notices Code of Practice
(2010)• Data Sharing Code of Practice (2011)• Employment Code of Practice (revised
2011)• Personal Information Code of Practice
(2010)• Privacy Notices Code of Practice (2010)• Anonymisation Code of Practice –
currently under consultation
Guidance - DP
• The Guide to Data Protection• Guide to ICO data protection audits• Identifying data controllers and data
processors• Training checklist for small and medium
size organisations• Monetary penalties – statutory guidance• Privacy be design
- Privacy impact assessments- Privacy enhancing technologies
• Subject access to health records by members of the public
Guidance - FOI
• The Guide to Freedom of Information• When is information caught by the FOI Act• Access to information about public
authority employees• Access to information about the deceased• Destruction of requested information• Detailed guidance on individual
exemptions• Freedom of information and research• The prejudice test• The public interest test• Publication schemes• Request handling• Vexatious requests
Contact us
• Helpline - 0303 123 1113 or 01625 545745• Textphone and translation service - 01625
545860• Website - http://www.ico.gov.uk/ and
[email protected]• Advice about the law -
[email protected]• Notification queries -
• www.twitter.com/iconews
Keep in touchSubscribe to our e-newsletter at www.ico.gov.uk
or find us on…
NIGBN
ATIO
NA
L IN
FOR
MAT
ION
GO
VER
NA
NC
E B
OA
RD
FO
R H
EALT
H A
ND
SO
CIA
L C
AR
E NIGB IG Collaborative Workshops
The Reality of Delivering the Information Revolution
Leeds – Birmingham - London
Time Exhibitor Room
11.00 – 11.30
Metacompliance - Policy Enforcement Management
Herschel
Egress Switch – Secure Communication Voysey
Meeting requirement 206 with Fairwarning and Customer
Lethaby
13.30 – 14.00
Imprivata – Enabling Healthcare Securely Voysey
Mastek – Pseudonymisation that works Lethaby