Government data security consultation

The Government has been conducting a data security review, run by Dame Fiona Caldicott, the National Data Guardian for Health and Care. A report has now been produced with ten proposed standards:

  1. All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form. Personal confidential data is only shared for lawful and appropriate purposes.
  2. All staff understand their responsibilities under the National Data Guardian’s Data Security Standards including their obligation to handle information responsibly and their personal accountability for deliberate or avoidable breaches.
  3. All staff complete appropriate annual data security training and pass a mandatory test, provided through the revised Information Governance Toolkit.
  4. Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required. All access to personal confidential data on IT systems can be attributed to individuals.
  5. Processes are reviewed at least annually to identify and improve processes which have caused breaches or near misses, or which force staff to use workarounds which compromise data security.
  6. Cyber-attacks against services are identified and resisted and CareCERT security advice is responded to. Action is taken immediately following a data breach or a near miss, with a report made to senior management within 12 hours of detection.
  7. A continuity plan is in place to respond to threats to data security, including significant data breaches or near misses, and it is tested once a year as a minimum, with a report to senior management.
  8. No unsupported operating systems, software or internet browsers are used within the IT estate.
  9. A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.
  10. Suppliers are held accountable via contracts for protecting the personal confidential data they process and meeting the National Data Guardian’s Data Security Standard.

The Government are seeking feedback on the proposed ten standards via an online survey, which is open until 7 September 2016.

Last updated : 19 Jul 2016
 

Londonwide LMCs' November 2018 newsletter (21 Nov 2018)

Read more »

Tips of the Month November 2018 (20 Nov 2018)

We provide weekly tips based on common queries which come through to us from London GPs and practice teams. These are shared via social media and collated for...
Read more »

Winter access examples sought (20 Nov 2018)

We are looking for examples to highlight how people can access appropriate care from GP practices, wider primary care and other community based services this winter, to feed into a public awareness...
Read more »

Check CCG data against practice data with regard to immunisation targets (20 Nov 2018)

Practices are advised to check data presented to them by CCGs with regard to levels of service provision, especially in relation to PMS/GMS premiums. In particular, CCG immunisation levels data...
Read more »

Calling all health care support workers (19 Nov 2018)

We are exploring the possibility of creating a health care support worker (HCSW) forum and would like to gauge the views of any health care support workers in practice teams...
Read more »

Keep us up to date so we can represent you (19 Nov 2018)

You should have received an email from us around midday on Friday 2 November with this subject line: “Keep informed by keeping us informed (SSE/NWL/NCNE)” This email contains our current...
Read more »

It’s Movember, and a timely reminder that men shouldn’t be shy! (19 Nov 2018)

The Movember campaign runs each November with the aim of improving awareness of men’s health issues. Dr Anil Shah, of Newham LMC, explains how best to encourage men to monitor...
Read more »

Viewpoint - London general practices can overcome challenges by working together (19 Nov 2018)

Dr Jonty Heaversedge is Medical Director for Primary Care and Digital Transformation (London Region) NHS England and a GP in Southwark. Here he explains why he believes “The Next Steps...
Read more »

New GDPR and DPA 2018 compliant consent form for releasing health records (19 Nov 2018)

The BMA and The Law Society have published a new version of the consent form used for releasing health records under the General Data Protection Regulation (GDPR) and Data...
Read more »

November 2018 premises update (19 Nov 2018)

This month's update includes our new premises support group and the fact we will be making contact with practices who are flagged to us as being in need of urgent...
Read more »
Next Page »
« Previous Page