The Evolution of NHS Scotland into a World-Class Healthcare Provider

Similar documents
View the Replay on YouTube. The ICO s take on Information Sharing in the NHS. FairWarning Ready Executive Webinar Series 27 June 2013

NHS financial performance 2012/13

Scottish Diabetes Survey Scottish Diabetes Survey Monitoring Group

Child and Adolescent Mental Health Services Waiting Times in Scotland

Review of Residential Drug Detoxification and Rehabilitation Services in Scotland.

Child and Adolescent Mental Health Services Waiting Times in Scotland

Remote access to GP. Dr Paul Miller SCIMP

Accident and Emergency. Performance update

NHS HDL (2003) 49 abcdefghijklm. Health Department Directorate of Performance Management & Finance

certificate in corporate governance

NHSScotland Complaints Statistics 2014/15

Health Care Needs Assessment of Services for Adults with Rheumatoid Arthritis

TITLE PAGE. Title: Determining Nursing Staffing Levels for Stroke Beds in Scotland. Authors: Scottish Stroke Nurses Forum:

Delivery of ehealth Strategy Annual Review

DATA HANDLING IN GOVERNMENT JUNE 2008

Home Safe Home. Report on Home Accidents in Scotland. Art work courtesy of North Lanarkshire Council

HIV Therapy Key Clinical Indicator (KCI)

Management of patients on NHS waiting lists. Audit update

NHS SCOTLAND PERSONAL HEALTH RECORDS MANAGEMENT POLICY FOR NHS BOARDS

Statistical Bulletin

Key messages. Asset management in the NHS in Scotland

Management of patients on NHS waiting lists

Application for Police Officer

improve Listening and Learning welcome support connect apologise talk

Community planning. Turning ambition into action

Scottish Diabetes Survey Scottish Diabetes Survey Monitoring Group

Transport for health and social care

SQA s support for colleges during regionalisation

Accessing Personal Information on Patients and Staff:

Diagnostic Waiting Times

Drug and alcohol services in Scotland

GH/B&B sample sizes 2014

NHS in Scotland 2015 Prepared by Audit Scotland

Review of housing benefit overpayments 2008/09 to 2011/12

Consultation on revised draft Indicative Sanctions Guidance List of parties consulted (*denotes those who have responded)

Online publication date: 15 March 2010

NHS Efficiency and Productivity Programme/ National Benchmarking Programme

Asset management in the NHS in Scotland

NHSScotland Staff Survey National Report

Professional Advice, Guidance and Support. NHSScotland National Cleaning Compliance Report

A review of telehealth in Scotland

Code of Practice for Social Service Workers. and. Code of Practice for Employers of Social Service Workers

International Carers Conference Carer Positive. Supporting working carers in Scotland. Sue McLintock Senior Policy Officer, Carers Scotland

Leadership and management for all doctors

Continued upgrades to the Patient Transport Service

EFFICIENT GOVERNMENT FUND

NHSScotland Staff Survey National Report

help with health costs?

Section 2: Analysis of the LSA annual reports to the NMC...18

Scottish Inpatient Patient Experience Survey 2014 Volume 1: National Results

How can we make a difference? Annual Conference 2009

Examining Access: Survey of GP practices in Scotland

The Sharing Intelligence for Health & Care Group Inaugural report

NHS Scotland Accident and Emergency Waiting Times

ehealth Architecture Principles

Auditor certification of the 2014/15 criminal justice social work services financial returns. Technical guidance note GN/CJS/15

SCOTTISH TECHNOLOGY INDUSTRY SURVEY _ 2015

Information for registrants. What happens if a concern is raised about me?

SurvivorScotland and Talking Mats: Supporting people with learning disability to disclose issues of concern

Raising and escalating concerns. Guidance for nurses and midwives

IVF Waiting Times in Scotland

Injecting Equipment Provision in Scotland Survey 2013/14

Course Brochure From the UK s leading e-learning provider. Providing specialist online training to the healthcare sector

Recovering Your Identity. Advice for victims of identity crime

Delivering Quality in Primary Care National Action Plan. implementing the Healthcare Quality Strategy for NHSScotland

Supply chain analysis of remote rural and island areas Executive summary

2007 No. LOCAL GOVERNMENT. The Local Government Finance (Scotland) Order 2007

The Centre for International Public Health Policy

Borrowing and treasury management in councils

Personally Controlled Electronic Health Record System: Legislation Issues Paper

2014 POLICE STAFF STRESS SURVEY REPORT

Codes Of Practice. For Social Care Workers. Web and print-friendly version

How to complain about a doctor

Scottish Diabetes Survey

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

Complaints. against nurses and midwives. Record keeping. Guidance for nurses and midwives. Helping you support patients and the public

Shredding. Security. Recycling

Public Records (Scotland) Act Fife NHS Board Assessment Report. The Keeper of the Records of Scotland. 27 September 2013.

Guidance on professional conduct. For nursing and midwifery students

Local Government Self-evaluation arrangements 2011/12

Social Enterprise Mapping Study

In some cases, whistleblowers may bring a case before an employment tribunal, which can award compensation.

SECTION H: FRAMEWORK OF GOVERNANCE: SOUTH EAST AND TAYSIDE (SEAT) REGIONAL PLANNING GROUP

Competitive tendering in the Scottish National Health Service Was it compulsory, and did it make a difference?(*)

JOINT DIRECTOR OF PUBLIC HEALTH JOB DESCRIPTION

Data Protection Act. Conducting privacy impact assessments code of practice

Appendix 10: Improving the customer experience

Qualification Information Profiles (QIPs) for Access to HE Diploma and Scottish Wider Access Programme (SWAP)

Services for children and young people in North Ayrshire 28 October Report of a pilot joint inspection

Crime and Justice. Service Evaluation of Scotland s National Take-Home Naloxone Programme

NSPCC s Share Aware Teaching Guidance

incommmsec Whitepaper: Increasing role of employee monitoring within public and private sector organisations.

(Other psychology careers are available ) Dr. Jill Cossar Clinical Psychologist/ Lecturer in Clinical Psychology

1. Understanding Big Data

Frequently Asked Questions on new guidance for in NHSScotland

WELCOME TO FULL COVER AND DAMAGE COVER - MOBILE PHONE AND TABLET INSURANCE FOR LARGE BUSINESS

Overview of mental health services

Superfast broadband for Scotland. A progress report

How to complain about a doctor. England

How to revalidate with the NMC Requirements for renewing your registration

Transcription:

View the Replay on YouTube The Evolution of NHS Scotland into a World-Class Healthcare Provider FairWarning Executive Webinar Series 15 May 2013

Today s Panel Dr. Daniel Beaumont Information Assurance Lead Scottish Government (Health) Daniel.Beaumont@scotland.gsi.gov.uk Ian Merritt Information Governance Lead NHS Borders Ian.Merritt@borders.scot.nhs.uk Tim Dunn Executive Vice President FairWarning Software Limited Tim.Dunn@FairWarning.com

A New Era for Healthcare in the United Kingdom

Major Change in Healthcare Markets: In UK and Internationally The Patient has more power - where they go for treatment, who can see their records Commercial viability and competitive strength are a reality for federal run healthcare systems, as well as private sector markets Fraud is becoming a major global concern and healthcare is seen as an easy target Electronic (paperless?) records are critical to effective 21 st century healthcare Regulation, audits and penalties are increasing at a UK, European and International level

What s Next for the NHS? Is the NHS ready to become best in class globally for Health Service Delivery? How can the NHS offer patients an integrated National Service? What is the current state in NHS and what needs to happen next to meet the challenges and opportunities? What role will Information Governance play in the evolution of the NHS (and where should it sit in the priorities)? What impact will Caldicott 2 and the Francis Report have on Information Governance teams?

Using privacy breach detection tools as part of an Information Assurance Strategy: Case study of NHS Scotland and FairWarning Dr. Daniel Beaumont Information Assurance Lead, Scottish Government (Health) Ian Merritt (Information Governance Lead, NHS Borders)

What is NHS Scotland? National Health Service (NHS) one of the most recognisable brands and UK citizens can avail of it wherever they are BUT health is a devolved area and there are now many differences in how health is funded and organised in the four parts of UK Overall policies on confidentiality are broadly the same, but there are differences in how England, Northern Ireland, Scotland and Wales approach improving standards in confidentiality NHS Scotland has 22 health boards (14 in territorial areas) 165,000 employees and 5 million+ patients in Scotland

NHS Scotland ehealth Strategy 1) To maximise efficient working practices, minimise wasteful variation, bring about measurable savings and ensure value for money 2) To support people to communicate with the NHS Scotland, manage their own health and wellbeing, and to become more active participants in the care and services they receive 3) To contribute to care integration and to support people with long term conditions 4) To enhance the availability of appropriate information for healthcare workers and the tools to use and communicate that information effectively to improve quality 5) To improve the safety of people taking medicines and their effective use 6) To provide clinical and other local managers across the health and social care spectrum with the timely management information they need to inform their decisions on service quality, performance and delivery

Information assurance strategy In order to explain why we invested in FairWarning it is worth giving background on overall information assurance strategy: Trust is a massive building block in health care, and once lost, is difficult to recover Without trust, there is less ability to do data sharing between organisations and more ambitious things in ehealth ( if you misuse my data in the hospital then why should I consent to online access etc. ) Do need to make clearer to patients that in modern healthcare there are a very large number of participants (medical and administrative) who have a legitimate need to access

What is legitimate access? NHS Scotland policy on what constitutes legitimate access: one can see these a bit like ten spokes on a wheel.

So how much access is inappropriate? NHS has poor press regarding handling personal data Staff fully aware of Internet monitoring, but still perceive that other IT access is not checked Common view: the system allows me to see the data; so surely I can therefore chose to access anything on it. This can easily lead to complacency and despair: culture is so bad; genie is out the bottle, nothing can be done to get people to respect confidentiality in the workplace.

Ignoring...is accepting defeat There are three reasons why we cannot simply park this issue: 1) Issue is just too important (Hippocratic Oath) and confidentiality and trust are key building blocks of health care 2) Examples in other sectors where there was similar problem and has been markedly improved (e.g. police national databases) 3) Vast majority of NHS staff are honest and trustworthy and it is they who want us to crack down on the minority who misuse data

What types of control would not work? Relying totally on guidance and training and no technology [this would be too complacent; given what we know about scale of problem] Other extreme, relying on technology with strict locked down rolebased access approach [has been tried in England and elsewhere, and has been shown to be bureaucratic and almost unworkable]

Permission does not = technical permission Scottish strategy here takes view that a permission (backed up the access wheel shown earlier) is not always the same as technical permission This is because the health care applications need that degree of flexibility (i.e. you change roles almost every hour, so should not need to keep ringing IT or your manager) But, with this flexibility a trust based IT landscape comes the higher risk of inappropriate access So, how do you reduce this risk while maintaining the benefits of wider access through tools like Single Sign On and Clinical Portals?

Part of the answer is more robust audit/reporting But there are some barriers here: 1) Some of the oldest apps do not have useful audit trails 2) Majority of apps which do, have a super-abundance of data which is not easy to extract and interpret. Additionally, it is very time consuming finding information on specific individuals. 3) An audit trail does not of course give an early warning ; it is something you tend to go to after the event.

What were we looking for in procurement? Get good reports, which are meaningful and could pre-empt misuse Easy to set up, ease of use, flexibility to tailor reports Will take minimal amount ISO s time A tool which could, in conjunction with training, have best chance of changing behaviour for the better

FairWarning chosen National license (so it can be used by all health boards) All territorial boards at different stages of implementation NHS produced implementation pack

Early decisions and actions (1) How are you going to communicate with staff, HR, unions? Who is going to run the tool (IT security officer?) Which clinical apps are you going to link up to FairWarning? Which of those apps acts as the identifier for staff? Which reports do you want (FairWarning offers thousands of permutations such postcode employee/patient exact match)? How often to run reports (daily, weekly, monthly) to ensure data is not too voluminous to handle?

Early decisions and actions..(2) How are you going to filter for false positives? Are you going to send potential breach info direct to line managers, HR or somewhere else (if line managers how do you know who they are)? Have HR processes been adapted to cope with higher volumes of cases, to do triage? How are you going to do the quantitative analysis, and plot out graphs which show positive changes in behaviour?

Early lessons learned Perception that FairWarning is more difficult to put and resource intensive than it really is (this has meant implementation has been put in a queue behind projects which have a more obvious front-line benefit such as SSO) HR concerns about opening lid on a whole can of worms and not being resourced to deal with it Need to reassure people that after initial investment, potential breaches (and therefore work for all concerns) begin to diminish as word about FairWarning gets around and letters are generated Massive deterrent factor

NHS Borders The Experiences of NHS Borders Lessons Learned

About NHS Borders 1 Ayrshire and Arran 2 Borders 3 Fife 4 Greater Glasgow and Clyde 5 Highland 6 Lanarkshire 7 Grampian 8 Orkney 9 Lothian 10 Tayside 11 Forth Valley 12 Western Isles 13 Dumfries and Galloway 14 Shetland

Implementation Project Board Information Governance IT Resource Developers HR/Partnership Communications Clinical Representation

Method of use Scenarios Surname Address Colleague False Positive Check Mail to Line Manager Guidance developed

Process Flow

Findings Lots of False positives Rural location Local communities Common surnames Some actual incidents Self look-ups Being helpful HR Involvement

Incidents trends Incident Totals Investigated Confirmed Incidents Number of incidents 1 2 3 4 5 6 7 8 9 10 1112 13 1415 16 1718 19 2021 22 2324 25 2627 28 2930 Week number 31 3233 34 3536 37 3839 40 4142 43 4445 46 4748 49 5051 52 53

Incident types Incidents by type Postcode Self Family Member Co-Worker

Final thoughts We agree with the strap-line of the FairWarning tool (which is to Trust but Verify ), to have set of tools with maximum amount of flexibility/trust to help us with our strategic aims to provide better access to health-care data But also to create an IT landscape where there is robust audit and a very powerful deterrent to any inappropriate access *(even when it is only technically possible to monitor a minority of applications) Choose carefully which FairWarning reports are created as some have proven to be much more useful than others in health boards Integrate into the normal working week of an information security professional

Keep an eye on future potential of FairWarning Often a privacy breach investigation leads to awareness other things going on (e.g. workplace bullying, misuse of other IT tools, fraud, etc.) We still have a challenge in tying up evidence from different workplace spheres (e.g. privacy breach data from FairWarning, audit trails from IT apps not monitored by FairWarning, internet and telephone usage data, CCTV, swipe card data, etc.) IT security officers, physical security officers, HR and Finance need to start working together much more closely Need to think how we get an early warning of behaviour that leads to financial crime, collusion with those seeking to carry out identity thefts, etc.

Contact Information Dr. Daniel Beaumont Information Assurance Lead Scottish Government (Health) Daniel.Beaumont@scotland.gsi.gov.uk Ian Merritt Information Governance Lead NHS Borders Ian.Merritt@borders.scot.nhs.uk Tim Dunn Executive Vice President FairWarning Software Limited Tim.Dunn@FairWarning.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information