Government data security consultation

The Government has been conducting a data security review, run by Dame Fiona Caldicott, the National Data Guardian for Health and Care. A report has now been produced with ten proposed standards:

  1. All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form. Personal confidential data is only shared for lawful and appropriate purposes.
  2. All staff understand their responsibilities under the National Data Guardian’s Data Security Standards including their obligation to handle information responsibly and their personal accountability for deliberate or avoidable breaches.
  3. All staff complete appropriate annual data security training and pass a mandatory test, provided through the revised Information Governance Toolkit.
  4. Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required. All access to personal confidential data on IT systems can be attributed to individuals.
  5. Processes are reviewed at least annually to identify and improve processes which have caused breaches or near misses, or which force staff to use workarounds which compromise data security.
  6. Cyber-attacks against services are identified and resisted and CareCERT security advice is responded to. Action is taken immediately following a data breach or a near miss, with a report made to senior management within 12 hours of detection.
  7. A continuity plan is in place to respond to threats to data security, including significant data breaches or near misses, and it is tested once a year as a minimum, with a report to senior management.
  8. No unsupported operating systems, software or internet browsers are used within the IT estate.
  9. A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.
  10. Suppliers are held accountable via contracts for protecting the personal confidential data they process and meeting the National Data Guardian’s Data Security Standard.

The Government are seeking feedback on the proposed ten standards via an online survey, which is open until 7 September 2016.

Last updated : 19 Jul 2016

 

Premises update January 2019 (23 Jan 2019)

Our main update this month concerns Rent Agreement Letters. The rest of this item re-iterates advice provided in previous premises updates, which remains relevant to practices in NHS Property Services...
Read more »

Final pay control for 1995 pension scheme (23 Jan 2019)

The government introduced an employer's charge for pensionable salaried pay rises which are over the allowable amount, for employees who are members of the 1995 pension scheme.  We are aware...
Read more »

Practices instructed to begin ordering licensed flu vaccines for next winter (23 Jan 2019)

In November NHS England, Public Health England and the Department of Health and Social Care wrote to practices instructing them to begin ordering currently licensed flu vaccines. In January NHS...
Read more »

GP Partnership Review recommendations published (23 Jan 2019)

Throughout it’s recommendations the Review’s findings broadly support the investment in workforce and other central planks of NHS England policy. We have summarised the recommendations which fall outside existing policy....
Read more »

Tips of the month January 2019 (22 Jan 2019)

We provide weekly tips based on common queries which come through to us from London GPs and practice teams. These are shared via social media and collated for...
Read more »

Tackling loneliness and social isolation this Christmas (19 Dec 2018)

This time of year can see the problems loneliness and isolation at their worst for many people, the consequences of which are often seen in GP consultations. Zaidee O’Dell, Compassionate Neighbours London...
Read more »

NHS England Practice Manager Development Coaching and Mentoring Support – expression of interest (19 Dec 2018)

NHS England has commissioned ‘Beyond Coaching’ to provide coaching and mentoring support to practice managers who are playing a key role in supporting practices experiencing challenges, assisting change/improvement in general...
Read more »

GP representation required on the Independent Group Advising on the Release of Data (IGARD) (18 Dec 2018)

NHS Digital is recruiting specialist members to join IGARD, an independent group that considers applications for health and care data.  IGARD advice ensures compliance with the relevant law and ethical...
Read more »

Ipsos Mori interim report on the independent evaluation of Babylon GP at Hand (18 Dec 2018)

The interim report of Ipsos Mori’s independent evaluation of Babylon GP at Hand mostly covers the methodology and data sources which the evaluation will use. It does not provide any...
Read more »
Next Page »
« Previous Page