Government data security consultation

The Government has been conducting a data security review, run by Dame Fiona Caldicott, the National Data Guardian for Health and Care. A report has now been produced with ten proposed standards:

  1. All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form. Personal confidential data is only shared for lawful and appropriate purposes.
  2. All staff understand their responsibilities under the National Data Guardian’s Data Security Standards including their obligation to handle information responsibly and their personal accountability for deliberate or avoidable breaches.
  3. All staff complete appropriate annual data security training and pass a mandatory test, provided through the revised Information Governance Toolkit.
  4. Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required. All access to personal confidential data on IT systems can be attributed to individuals.
  5. Processes are reviewed at least annually to identify and improve processes which have caused breaches or near misses, or which force staff to use workarounds which compromise data security.
  6. Cyber-attacks against services are identified and resisted and CareCERT security advice is responded to. Action is taken immediately following a data breach or a near miss, with a report made to senior management within 12 hours of detection.
  7. A continuity plan is in place to respond to threats to data security, including significant data breaches or near misses, and it is tested once a year as a minimum, with a report to senior management.
  8. No unsupported operating systems, software or internet browsers are used within the IT estate.
  9. A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.
  10. Suppliers are held accountable via contracts for protecting the personal confidential data they process and meeting the National Data Guardian’s Data Security Standard.

The Government are seeking feedback on the proposed ten standards via an online survey, which is open until 7 September 2016.

Last updated : 19 Jul 2016
 

Future GP workforce plans for London (19 Sep 2017)

The Mayor of London, Sadiq Khan commissioned The King’s Fund and Nuffield Trust to undertake an independent analysis of sustainability and transformation plans (STP) in London.   The full 98...
Read more »

BMA Ballot (19 Sep 2017)

GP leaders are to use a BMA survey, revealing more than half of practices are willing to close lists to new patients due to workload pressure, to push the Government to...
Read more »

Cyber Essentials (19 Sep 2017)

Cyber Essentials is a government and industry supported scheme to help organisations protect themselves against common cyber-attacks. The award of a Cyber Essentials certificate to Londonwide LMCs should assure you...
Read more »

Website review survey (19 Sep 2017)

We know how important a good website is in communicating with our GPs and practice teams. As our current site has been around for some time we would like your...
Read more »

Practice Managers’ Blended Learning Programme (19 Sep 2017)

Londonwide LMCs are delighted to be launching a brand new blended learning programme for general practice managers at the Practice Manager Conference taking place this November.  The innovative course, which...
Read more »

Extended access data collection now open (19 Sep 2017)

As NHS England will have informed you recently, the third bi-annual extended access collection is now open for submission until the end of Friday 29 September 2017. As set out...
Read more »

MDO reimbursement (indemnity) (19 Sep 2017)

Londonwide LMCs Guidance for Sessional GPs and Indemnity Reimbursements from NHS England As part of the...
Read more »

Electronic Referral System: help or hindrance? (19 Sep 2017)

First, we had choose and book, now this has morphed into electronic referral system (eRS).  This is a system that is being pushed by NHSE as part of the digital...
Read more »

Updated statement for practices using TPP SystmOne (19 Sep 2017)

Following detailed discussions between the ICO, TPP, NHS Digital and NHS England, TPP has now identified some changes which are intended to address the ICO’s concerns about the fair and...
Read more »

Primary care working at scale Master Classes in September (24 Aug 2017)

There are a series of Master Classes throughout September which will support GP providers in their journey and development as Working at Scale organisations. The events have been organised...
Read more »
Next Page »
« Previous Page