Government data security consultation

The Government has been conducting a data security review, run by Dame Fiona Caldicott, the National Data Guardian for Health and Care. A report has now been produced with ten proposed standards:

  1. All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form. Personal confidential data is only shared for lawful and appropriate purposes.
  2. All staff understand their responsibilities under the National Data Guardian’s Data Security Standards including their obligation to handle information responsibly and their personal accountability for deliberate or avoidable breaches.
  3. All staff complete appropriate annual data security training and pass a mandatory test, provided through the revised Information Governance Toolkit.
  4. Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required. All access to personal confidential data on IT systems can be attributed to individuals.
  5. Processes are reviewed at least annually to identify and improve processes which have caused breaches or near misses, or which force staff to use workarounds which compromise data security.
  6. Cyber-attacks against services are identified and resisted and CareCERT security advice is responded to. Action is taken immediately following a data breach or a near miss, with a report made to senior management within 12 hours of detection.
  7. A continuity plan is in place to respond to threats to data security, including significant data breaches or near misses, and it is tested once a year as a minimum, with a report to senior management.
  8. No unsupported operating systems, software or internet browsers are used within the IT estate.
  9. A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.
  10. Suppliers are held accountable via contracts for protecting the personal confidential data they process and meeting the National Data Guardian’s Data Security Standard.

The Government are seeking feedback on the proposed ten standards via an online survey, which is open until 7 September 2016.

Last updated : 19 Jul 2016
 

Enrolling now for December 2018 cohort - Londonwide LMCs' Practice Manager Training Programme (05 Sep 2018)

 
Read more »

Your experience of digital health services (22 Aug 2018)

With increasing moves toward digital access and service provision in general practice, we want to gather information on the differing platforms and pilots offering online access, including whether and how...
Read more »

Londonwide LMCs' August 2018 newsletter (22 Aug 2018)

...
Read more »

Subject access request survey reports increased requests to half of practices (21 Aug 2018)

There are some interesting results coming from the current survey on subject access requests (SARs) received by practices that is has been designed by Dr Paul Cundy, a GP in...
Read more »

Doctors of the World Safer Surgeries toolkit (20 Aug 2018)

Doctors of the World (DOTW) has launched the Safe Surgeries toolkit, a single site to provide GP practices with resources helping them to better understand the regulations and best practice...
Read more »

Top tips for GP trainees (20 Aug 2018)

This month a new cohort of GP trainees take up their posts. We share some top tips from a current GP trainee and a GP trainer.  If you work in...
Read more »

Premises update August 2018 (20 Aug 2018)

This update is applicable to practices who are leasing their premises from Community Health Partnerships (CHP) or NHS Property Services (NHSPS). Urgent - Occupancy Agreement letters We are aware that...
Read more »

Blue badge applications – success in east London (17 Aug 2018)

After concerns raised by Waltham Forest LMC, the local council are now telling blue badge applicants not to contact their GP to support their application. The letter states: “Please note...
Read more »

Charging patients who fail to attend non-NHS medicals (17 Aug 2018)

GPs and practice staff often find it frustrating when a non-NHS medical (or other chargeable non-NHS work) has been booked, such as for a taxi licence, and the patient fails...
Read more »

GP Partnership Review (17 Aug 2018)

If you would like to provide feedback to the GP Partnership Review please send us your thoughts before 30 August: info@lmc.org.uk. On 30 July 2018 Dr Nigel Watson and...
Read more »
Next Page »
« Previous Page