Government data security consultation

The Government has been conducting a data security review, run by Dame Fiona Caldicott, the National Data Guardian for Health and Care. A report has now been produced with ten proposed standards:

  1. All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form. Personal confidential data is only shared for lawful and appropriate purposes.
  2. All staff understand their responsibilities under the National Data Guardian’s Data Security Standards including their obligation to handle information responsibly and their personal accountability for deliberate or avoidable breaches.
  3. All staff complete appropriate annual data security training and pass a mandatory test, provided through the revised Information Governance Toolkit.
  4. Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required. All access to personal confidential data on IT systems can be attributed to individuals.
  5. Processes are reviewed at least annually to identify and improve processes which have caused breaches or near misses, or which force staff to use workarounds which compromise data security.
  6. Cyber-attacks against services are identified and resisted and CareCERT security advice is responded to. Action is taken immediately following a data breach or a near miss, with a report made to senior management within 12 hours of detection.
  7. A continuity plan is in place to respond to threats to data security, including significant data breaches or near misses, and it is tested once a year as a minimum, with a report to senior management.
  8. No unsupported operating systems, software or internet browsers are used within the IT estate.
  9. A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.
  10. Suppliers are held accountable via contracts for protecting the personal confidential data they process and meeting the National Data Guardian’s Data Security Standard.

The Government are seeking feedback on the proposed ten standards via an online survey, which is open until 7 September 2016.

Last updated : 19 Jul 2016
 

Mword - Issue 26 - December 2015 now available (22 Dec 2015)

  22 December 2015 Christmas 2015 edition  Dear Colleague, Christmas is upon us, and trying not to sound...
Read more »

Data protection and your practice - responsibilities and risks workshop for GPs and Practice Staff - February 2016 (14 Dec 2015)

Read more »

Nursing and Midwifery Council registration fee (10 Dec 2015)

In November Nursing and Midwifery Council registration rukes changed. It is now the case that practice nurses who have not paid their 2015 registration renewal fee and submitted their renewal...
Read more »

LMC Special Crisis Conference (10 Dec 2015)

As you will have seen from Michelle’s M Word 24 and M Word 25 and other communications The General Practitioners Committee (GPC) of the BMA has voted for a Special...
Read more »

Londonwide LMCs' December 2015 Newsletter now available (10 Dec 2015)

Read more »

Flu guidance update - December 2015 (10 Dec 2015)

Our updated flu guidance can be read here. The latest Department of Health London seasonal influenza bulletin can be read here. Details of our Buying Group's new flu vaccine suppliers...
Read more »

Display Energy Certificate (DEC) - change in requirements (09 Dec 2015)

The Energy Performance of Buildings Regulations 2012 requires Display Energy Certificates (DEC) in public buildings. It covers buildings where the total useful floor area of the building exceeds 250...
Read more »

Buying Group - December 2015 update (09 Dec 2015)

New supplier – Flu vaccine The LMC Buying Group has concluded negotiations with flu vaccine companies for the 2016/17 season and can now announce the joint first preferred suppliers...
Read more »

Courses and training events round-up (09 Dec 2015)

We have recently run the following events and courses to support GP practice staff in meeting the challenges of working in modern general practice. Effective Medical Chaperoning This course was...
Read more »

Avoiding Unplanned Admissions update (09 Dec 2015)

Submitting data for the Avoiding Unplanned Admissions Directed Enhanced Service (DES) The following information has been recieved from NHS England. CQRS (Calculating Quality Reporting Service (CQRS)) has informed NHS England...
Read more »
Next Page »
« Previous Page