Your SlideShare is downloading. ×
  • Like
Medical Clinic - Daragh O Brien
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Medical Clinic - Daragh O Brien



Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • One point to make here is that by reaching the DP target, SSC would likely be considered “Advanced” in the Healthcare context because of the generally poor standards that exist in Irish Healthcare sector.The improved governance of Information will contribute to improvements in data quality as a by-product of care and attention.
  • This is akin to not having a fire drill and not having a hygiene policy. A process must be defined that ensures the organisation not only can tick the box of having a policy but can effectively execute the process and procedures should an incident happen.You do not wait for a fire before figuring out how to evacuate the building and who is responsible for doing what.
  • Policies, Procedures, Metrics and Evidence are very important and will align with objectives under other Quality Assurance criteria.


  • 1. Medical ClinicData Protection & Data Quality Review
  • 2. Agenda• Background and Overview• Summary of Report Findings – Maturity Ranking – The Good (Things to be commended) – The Bad (Issues causing concern) – The Ugly (Serious Compliance issues/risks)• Recommendations
  • 4. Context• Data Protection Compliance = Risk – Risk to Trust – Risk to Revenue – Risk to Brand• Data Quality Issues = Cost + Risk – Risk of wrong treatment – Risk of underutilised resources – Cost of checking and rechecking data
  • 5. The MethodologyFace to Face Qualitative InterviewsObservations made while on-siteResearch & Review of Best Practice
  • 7. Summary of FindingsSome good things found.12 areas of concern/weakness6 critical risks to Compliance found
  • 8. Maturity Assessment Value Centric Management Optimising State of the Art Practices & Outcomes Information Value quantified and communicated Advanced Practices and outcomes well above industry average Interactions formalised for critical processesData Protection Target Intermediate Transparent Investment Decisions Basic IT Services being delivered Basic Some interactions/processes formalisedData Protection Maturity No formal processes Initial Ad hoc Management Based on IVI IT-CMF framework
  • 9. CRITICAL RISKS Data Controller (??) Data Processor (??)
  • 10. Critical Risks Patient file: Mr Smith• Patient data being transferred by email without encryption/security• Email forwarding to external services a concern
  • 11. CRITICAL RISKNo defined Data Security Breach Process
  • 12. CRITICAL RISK Personal and Sensitive Personal data being managed and transferred in Spreadsheets
  • 13. CRITICAL RISK Little or no segregation of inbound and outbound patient data
  • 14. CRITICAL RISKRegistry Entry for Hospital with DPC is inaccurate
  • 15. Compliance Issues Classification/Categorisation of InformationNo Formal Governance framework for Data Policies/Procedures/Process • Absent or poorly defined • May not reflect DP Obligations
  • 16. Compliance Issues No training in Data Protection No consistency in formal training in systems – a lot of ‘informal’ learning The absence of “role based” access to personal data in systems is a concern
  • 17. Compliance Issues No verifiable evidence of good behaviours being followedNo formal or consistent “Leavers/Movers”process to restrict access to records CCTV Signage does not meet DPA requirements
  • 19. 12 Step Plan Governance & Policy Issues Training and AwarenessTechnical & Technology Issues
  • 20. Governance Issues Formalise Data Controller/DataProcessor Relationships Implement formal Define appropriate Information Governance Policies, Procedures & Metrics Review appropriateness of email forwarding. Define Leaver/Movers Define clear policyprocess to encompass allsystems and manual data Conduct Audit of Manual Data Storage/Disposal Review existing (Clean Desk Policies) Disclosure policies to ensure DPA requirements met.
  • 21. Technology Issues Implement Role basedaccess to electronic data (where possible) Implement Segregation between “Data In” and “Data Out” Inspect Data Redundancy (e.g. Spreadsheets)Assess need and secure Review existing Disclosure policies to ensure DPA requirements met.
  • 22. Training & Awareness Issues Implement Training on DP/DQ to key target audiences Coupled with the roll out and implementation of Training, we would recommend that supporting activities be developed to help make culture change stick e.g.: • “Story” development to lock in the learning • Internal Communication plans • Continuous Improvement
  • 24. Governance Model 1 Advisory External Expert Chair CEO Consultants (DPO) HR IT Information Governance Bus Steering Group Patient Svcs Apps JCI Nursing Radiology Finance
  • 25. Governance Model 2 Chair External CEO Expert Consultants (DPO) HR IT Information Governance Bus Steering Group Patient Svcs Apps JCI Nursing Radiology Finance
  • 26. Governance Model 3 External Expert Bus Apps Consultants (DPO) IT HR Information Governance CEO Steering Group Patient Svcs JCI Nursing Radiology Finance Effective Model for Project ManagementLeast Preferred Option for on-going Governance
  • 27. Evolving from Excellent Project to Effective Governance Project GovernanceGovernance Model 1 Governance Model 2 Governance Model 3 Project Execution Transition & Bed-in Operational & Effective
  • 28. Summary1. Ensure all staff know WHAT needs to be done – (Policies, Procedures & Training)2. Ensure all staff know WHY it needs to be done – (Culture change, align with values)3. Ensure all staff know HOW it needs to be done – Governance, Policies, Training)4. Ensure all staff know WHO is doing it – (Governance, Policies, Contractual issues)5. Ensure the Clinic can demonstrate THAT IT HAS been done – (Metrics, Governance, Reporting)
  • 29. In conclusion.... Best efforts are essential. Unfortunately, best efforts, people charging this way and that way without the guidance of principles, can do a lot of damage.W. Edwards Deming Think of the chaos that would come Out of the Crisis if everyone did his best, not knowing what to do.