SlideShare a Scribd company logo

The Challenging and Changing Face of NHS Information Governance - Paper Delivered at the Information and Risk Management Society Conference, Brighton, May 2016

Download as PPT, PDF
A
Andrew Harvey BA (Hons), MA, CISMP

The paper started by assessing current definitions of NHS Information Governance (IG) and suggest an acceptable approach going forward. It continued by assessing what is to be learned from the challenges faced by NHS IG professionals and their colleagues, first in the macro environment, such as centrally-led changes from government and government agencies; changes in legislation, especially the pending Data Protection Act; confusion over responsibilities between agencies; and unhelpful centralised publicity over poorly-run communications and programmes. Andrew will then move the discussion into challenges within the micro environment, such as problems caused by staff lack in knowledge; accidents; process issues; careless breaches; malicious intent and evidence from internal audit. The paper concluded by suggesting a prioritised list of issues and concerns and some potential means to overcome them. The Learning Outcomes from the paper were that: 1. NHS IG is not united in its own definition. 2. Concerns come from at least 2 angles, internal and external to the organisation. 3. Significant issues from both angles will be identified and end assessed.

Healthcare
1 of 24
Western Sussex Hospitals NHS Foundation Trust The Challenging and Changing Face of NHS Information Governance Andrew Harvey Information Governance Lead Western Sussex Hospitals NHS FT Chair Sussex-Wide Information Governance Group IRMS Conference The Metropole Hotel, Brighton, 17 May 2016
Introduction… Achieving an acceptable definition Achieving an acceptable definition The macro environment – now and in the future The macro environment – now and in the future The micro environmentThe micro environment Somewhere in betweenSomewhere in between Prioritising the top 2 Prioritising the top 2 Methodology Methodology About me About me
PART 1: Achieving a Definition
Existing definitions (1/2)… “Allows organisations and individuals to ensure that personal information is handled legally, securely, efficiently and effectively, in order to deliver the best possible care. It additionally enables organisations to put in place procedures and processes for their corporate information that support the efficient location and retrieval of corporate records where and when needed, in particular to meet requests for information and assist compliance with Corporate Governance standards.” Health and Social Care Staff Members: What You Should Know About Information Governance, NHS Connecting for Health (2008) “Allows organisations and individuals to ensure that personal information is handled legally, securely, efficiently and effectively, in order to deliver the best possible care. It additionally enables organisations to put in place procedures and processes for their corporate information that support the efficient location and retrieval of corporate records where and when needed, in particular to meet requests for information and assist compliance with Corporate Governance standards.” Health and Social Care Staff Members: What You Should Know About Information Governance, NHS Connecting for Health (2008)
Existing definitions (2/2)… “The management discipline that exploits an organisation’s data whilst associated risks and costs are minimised.” David Stone, former Head of Information Governance, NHS South East CSU (2014) “The management discipline that exploits an organisation’s data whilst associated risks and costs are minimised.” David Stone, former Head of Information Governance, NHS South East CSU (2014) “[P]reservation of confidentiality, integrity and availability of information; in addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.” ISO 27000 (2009), Information Technology - Security Techniques - Information Security Management Systems “[P]reservation of confidentiality, integrity and availability of information; in addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.” ISO 27000 (2009), Information Technology - Security Techniques - Information Security Management Systems
Getting an acceptable definition… “Ensuring that the Trust and its staff have a person-centred approach to managing the personal and sensitive information of its patients and staff, treating it and the organisation’s corporate information in a similar manner to which they would expect their own Medical Records or banking information to be treated.” Andrew Harvey 02/2015, Western Sussex Hospitals FT’s Information Governance Mission Statement “Ensuring that the Trust and its staff have a person-centred approach to managing the personal and sensitive information of its patients and staff, treating it and the organisation’s corporate information in a similar manner to which they would expect their own Medical Records or banking information to be treated.” Andrew Harvey 02/2015, Western Sussex Hospitals FT’s Information Governance Mission Statement
Getting an acceptable definition… “An enabling discipline to ensure that the Trust and its staff have a person- centred approach to managing the personal and sensitive information of its patients and staff, treating it and the organisation’s corporate information in a similar manner to which they would expect their own Medical Records or banking information to be treated.” “An enabling discipline to ensure that the Trust and its staff have a person- centred approach to managing the personal and sensitive information of its patients and staff, treating it and the organisation’s corporate information in a similar manner to which they would expect their own Medical Records or banking information to be treated.”
PART 2: The Macro Environment
The Macro environment 2013-16 (1/4)… Despite IG safeguards in place, “The history of the past 15 years does not inspire confidence”. Dr Paul Hodgkin, CEO, Patient Opinion [Source: The Guardian, 10/04/2014] Despite IG safeguards in place, “The history of the past 15 years does not inspire confidence”. Dr Paul Hodgkin, CEO, Patient Opinion [Source: The Guardian, 10/04/2014] “The presumption we had a few years ago [that we have consent to] share data can no longer be presumed upon. We have to earn that trust again. We shouldn’t underestimate the concerns both from extremely vocal groups and the public as a whole.” Kingsley Manning, Chair, HSCIC [Source: e-Health Insider, 25/06/2014] “The presumption we had a few years ago [that we have consent to] share data can no longer be presumed upon. We have to earn that trust again. We shouldn’t underestimate the concerns both from extremely vocal groups and the public as a whole.” Kingsley Manning, Chair, HSCIC [Source: e-Health Insider, 25/06/2014]
The Macro environment 2013-16 (2/4)… Legislation (1/2): Health & Social Care Act 2012, disallowing CCGs to access PCD for commissioning purposes: DSCRO, ASH, CEfF [Source: www.legislation.gov.uk] Legislation (1/2): Health & Social Care Act 2012, disallowing CCGs to access PCD for commissioning purposes: DSCRO, ASH, CEfF [Source: www.legislation.gov.uk] Legislation (2/2): Health & Social Care (Safety & Quality) Act 2015: •Single identifier (NHS #) •Statutory basis for new Caldicott principle [Source: www.legislation.gov.uk] Legislation (2/2): Health & Social Care (Safety & Quality) Act 2015: •Single identifier (NHS #) •Statutory basis for new Caldicott principle [Source: www.legislation.gov.uk] “The duty to share information can be as important as the duty to protect patient confidentiality” Delayed guidance: e.g. Caldicott 3 Report on NHS InfoSec and Data Sharing stalled by EU referendum [Source: Digital Health Website, 20/04/2016] Delayed guidance: e.g. Caldicott 3 Report on NHS InfoSec and Data Sharing stalled by EU referendum [Source: Digital Health Website, 20/04/2016]
The Macro environment 2013-16 (3/4)… Compulsory ICO DP audits: From 02/2015, aimed at cutting number of breaches; intended as collaborative / voluntary, but… [Source: V3 website, 02/02/2015] Compulsory ICO DP audits: From 02/2015, aimed at cutting number of breaches; intended as collaborative / voluntary, but… [Source: V3 website, 02/02/2015] Poor programme management and PR: e.g. IIGOP advising Care.Data not fit-for- purpose but NHS England going ahead, wasting £1m [Source: Computing website, 07/01/2015] Poor programme management and PR: e.g. IIGOP advising Care.Data not fit-for- purpose but NHS England going ahead, wasting £1m [Source: Computing website, 07/01/2015] Process issues, e.g. 11/2014, HSCIC reviewing processes for releasing en masse non-clinical to police: 2.7k releases in financial year 2013-14 [Source: e-Health Insider, 09/12/2014] Process issues, e.g. 11/2014, HSCIC reviewing processes for releasing en masse non-clinical to police: 2.7k releases in financial year 2013-14 [Source: e-Health Insider, 09/12/2014] Outsourcing, e.g. 06/2013 Birmingham-based Diagnostic Health knowingly breaching basic IG rules: password sharing, not encrypting, use of Google drive [Source: BBC News website, 16/06/2014] Outsourcing, e.g. 06/2013 Birmingham-based Diagnostic Health knowingly breaching basic IG rules: password sharing, not encrypting, use of Google drive [Source: BBC News website, 16/06/2014] Programme to combine data from GPs and hospitals to identify areas where more work or investment might be needed.
The Macro environment 2013-16 (4/4)… Leaking data: NHS England-approved apps flout privacy standards [Source: BBC News website, 25/09/2015] Leaking data: NHS England-approved apps flout privacy standards [Source: BBC News website, 25/09/2015] More lack of consistency: •NHS England moving Medical Records without consent •ICO advising not sharing when needed is a breach [Sources: BBC News website, 04/09/2015; Digital Health website, 15/10/2015] More lack of consistency: •NHS England moving Medical Records without consent •ICO advising not sharing when needed is a breach [Sources: BBC News website, 04/09/2015; Digital Health website, 15/10/2015] Lack of consistency, e.g. ICO fines 2 HIV clinic email breaches differently: £250 v £180k [Sources: Computing website, 21/12/2015; BBC News website, 09/05/2016] Lack of consistency, e.g. ICO fines 2 HIV clinic email breaches differently: £250 v £180k [Sources: Computing website, 21/12/2015; BBC News website, 09/05/2016] Not all challenges: Positives for IT : •Carter: Meaningful use •Government promises >£4bn over 5 years [Sources: Digital Health website, 08/02/2016 and 09/02/2016] Not all challenges: Positives for IT : •Carter: Meaningful use •Government promises >£4bn over 5 years [Sources: Digital Health website, 08/02/2016 and 09/02/2016]
A big Macro problem: conflict re DoH push for digitalisation… CareCERT, new HSCIC cyber security service from 01/2016 [Source: Digital Health website, 03/09/2015] CareCERT, new HSCIC cyber security service from 01/2016 [Source: Digital Health website, 03/09/2015] Push for digitalisation, e.g. The Power of Information strategy, 05/2012 [Source: www.gov.uk] Push for digitalisation, e.g. The Power of Information strategy, 05/2012 [Source: www.gov.uk] 02/2015, Dawn Monaghan, former ICO Public Sector Group Manager: cyber attacks and ID theft will increase as more patient data online [Source: V3 website, 10/02/2015] 02/2015, Dawn Monaghan, former ICO Public Sector Group Manager: cyber attacks and ID theft will increase as more patient data online [Source: V3 website, 10/02/2015] NHS England promises full records access by 2018 – GPs largely achieved it with DCR by 03/2016 [Sources: Digital Health website, 17/06/2015 and 22/03/2016] NHS England promises full records access by 2018 – GPs largely achieved it with DCR by 03/2016 [Sources: Digital Health website, 17/06/2015 and 22/03/2016] Patients able to add data from wearable devices, e.g. Fitbit, to their electronic patient record by 2018 [Source: Digital Health website, 24/06/2015] Patients able to add data from wearable devices, e.g. Fitbit, to their electronic patient record by 2018 [Source: Digital Health website, 24/06/2015]
The Macro environment: unhelpful publicity… Secretary of State for Health: Jeremy Hunt, publishes photo on Twitter including patients’ names [Source: The Telegraph,18/07/2015] Secretary of State for Health: Jeremy Hunt, publishes photo on Twitter including patients’ names [Source: The Telegraph,18/07/2015] Unfortunate (or deliberate?) timing: HSCIC receives ICO Undertaking for failing to comply with patient opt outs… same day change name to ‘NHS Digital’ [Sources: ICO Website, 20/04/2016; www.gov.uk Website 20/04/2016] Unfortunate (or deliberate?) timing: HSCIC receives ICO Undertaking for failing to comply with patient opt outs… same day change name to ‘NHS Digital’ [Sources: ICO Website, 20/04/2016; www.gov.uk Website 20/04/2016]
The Macro environment looking forward: GDPR • Content agreed • 2 year run in to 05/2018 • 13 changes impacting NHS • Content agreed • 2 year run in to 05/2018 • 13 changes impacting NHS [Sources: ICO 12 Steps (2016); PDP Compliance (05/04/2016); Dilys Jones Associates Ltd (18/01/2016) and Silicone Republic (04/04/2016)] 1. Accountability to the DP principles 1. Accountability to the DP principles 2. Consent 2. Consent 3. Data breaches 3. Data breaches 4. Data portability 4. Data portability 5. Data processors 5. Data processors 6. DP by design 6. DP by design 7. DP Officer 7. DP Officer 8. Erasure of information 8. Erasure of information 9. Higher fines 9. Higher fines 10. Information asset management 10. Information asset management11. Privacy notices 11. Privacy notices12. Sensitive personal data12. Sensitive personal data 13. Subject access 13. Subject access2. Consent •Stronger rights to delete •Freely given, informed •Not implied •Verifying ages of children •Joined up work: IG and clinical 2. Consent •Stronger rights to delete •Freely given, informed •Not implied •Verifying ages of children •Joined up work: IG and clinical 4. Data Portability •Transferring data between services •Recognisable format •Joined up work: IG and IT 4. Data Portability •Transferring data between services •Recognisable format •Joined up work: IG and IT 5. Data Processors •Notifying DCs of breaches •Will it happen? •Write into contracts •Joined up work: IG, Contracting and Procurement 5. Data Processors •Notifying DCs of breaches •Will it happen? •Write into contracts •Joined up work: IG, Contracting and Procurement 8. Erasure of information •Totally clear what it means? •What can we delete? •Records Management CoP •Technicalities •Joined up work: IG and IT 8. Erasure of information •Totally clear what it means? •What can we delete? •Records Management CoP •Technicalities •Joined up work: IG and IT 9. Higher fines •2 tiers •Highest up to €20m / 4% previous year’s turnover – Trust of £400m = £16m! •Review IG Toolkit controls and undertake gap analysis 9. Higher fines •2 tiers •Highest up to €20m / 4% previous year’s turnover – Trust of £400m = £16m! •Review IG Toolkit controls and undertake gap analysis 13. Subject access •Shorter response times •Free – no backfill •Possibility to refuse •Cost benefit analysis of accessing Medical Records online – promoted anyway 13. Subject access •Shorter response times •Free – no backfill •Possibility to refuse •Cost benefit analysis of accessing Medical Records online – promoted anyway • Clarification for NHS needed: ICO, HSCIC, IGA, NDG • Huge amounts of work! • DPIA should be happening – Cabinet Office • Positive: creating more joined up working ! • Clarification for NHS needed: ICO, HSCIC, IGA, NDG • Huge amounts of work! • DPIA should be happening – Cabinet Office • Positive: creating more joined up working ! My mortgage keeps getting paid!  My mortgage keeps getting paid! 
PART 3: The Micro Environment
Overview of the Micro environment… Big Brother Watch, 2014 2011-2014: 7,255 NHS incidents. •3.46% (251) = inappropriate sharing with third party •3.25% (236) = data shared by email, letter or fax •1.42% (103) = lost or stolen •0.69% (50) = social media [Source: BBC News website, 14/11/2014] Big Brother Watch, 2014 2011-2014: 7,255 NHS incidents. •3.46% (251) = inappropriate sharing with third party •3.25% (236) = data shared by email, letter or fax •1.42% (103) = lost or stolen •0.69% (50) = social media [Source: BBC News website, 14/11/2014] www.cable.co.uk FOI, 2014 2013-14 financial year: 701 NHS incidents •21% (147) = erroneous disclosure •20% (137) = theft / loss •12% (83) = posted or faxed to wrong person [Source: Wired website, 25/11/2014] www.cable.co.uk FOI, 2014 2013-14 financial year: 701 NHS incidents •21% (147) = erroneous disclosure •20% (137) = theft / loss •12% (83) = posted or faxed to wrong person [Source: Wired website, 25/11/2014] Increase in Data Security Concerns Healthcare highest industry for data security breaches: •Criminal attacks ↑ 125% since 2010 •734 breaches in 2014 •ICO 517 healthcare investigations in 2015 [Source: Information Age website, 20/01/2016] Increase in Data Security Concerns Healthcare highest industry for data security breaches: •Criminal attacks ↑ 125% since 2010 •734 breaches in 2014 •ICO 517 healthcare investigations in 2015 [Source: Information Age website, 20/01/2016] Sophos Study, c.2015 250 NHS employed senior IT professionals: •76% cybercrime protection good •72% data loss is biggest concern •10% encryption well established •42% use of mobile devices ↑ [Source: Information Age website, 22/01/2016] Sophos Study, c.2015 250 NHS employed senior IT professionals: •76% cybercrime protection good •72% data loss is biggest concern •10% encryption well established •42% use of mobile devices ↑ [Source: Information Age website, 22/01/2016]
Problems within the Micro environment… Lack of knowledge, e.g. British Pregnancy Advisory Service 03/2012: £200k fine for hacker threatening to leak 10k patients PCD [Source: BBC News website, 07/03/2014] Lack of knowledge, e.g. British Pregnancy Advisory Service 03/2012: £200k fine for hacker threatening to leak 10k patients PCD [Source: BBC News website, 07/03/2014] Carelessness, e.g. Chelsea & Westminster NHS Trust 09/2015: 56 Dean Street) sending email to 800 users of HIV services: £180k fine [Sources: Sky News website, 02/09/2015; BBC News website, 09/05/2016] Carelessness, e.g. Chelsea & Westminster NHS Trust 09/2015: 56 Dean Street) sending email to 800 users of HIV services: £180k fine [Sources: Sky News website, 02/09/2015; BBC News website, 09/05/2016] Process issues, e.g. Blackpool Teaching Hospitals not checking details published on website, 03/2014: £185k fine [Source: Digital Health Website, 05/05/2016] Process issues, e.g. Blackpool Teaching Hospitals not checking details published on website, 03/2014: £185k fine [Source: Digital Health Website, 05/05/2016] Accidents, e.g. Brighton & Sussex University Hospitals Trust, 09/2015: ward handover sheet of 37 patients found in street [Source: The Argus, 30/09/2015] Accidents, e.g. Brighton & Sussex University Hospitals Trust, 09/2015: ward handover sheet of 37 patients found in street [Source: The Argus, 30/09/2015] Malicious intent, e.g. former Medical Centre Director accessing colleagues’ and family Medical Records, c. 2015: £435 (!) fine [Source: ICO Website, 10/12/2015] Malicious intent, e.g. former Medical Centre Director accessing colleagues’ and family Medical Records, c. 2015: £435 (!) fine [Source: ICO Website, 10/12/2015] Bizarre decisions, e.g. •Pharmacy2U selling data •Royal Free Trust sharing with Google [Sources: The Independent, 20/10/2015; BBC News Website, 03/05/2016; Business Insider Website, 12/05/2016] Bizarre decisions, e.g. •Pharmacy2U selling data •Royal Free Trust sharing with Google [Sources: The Independent, 20/10/2015; BBC News Website, 03/05/2016; Business Insider Website, 12/05/2016]
PART 4: ‘The Inbetweener’
A Replete IG Toolkit Concern…
PART 5: Conclusions
The Top Challenges… Macro: Lack of central coordination, resulting in wasted finances and a poor reputation for the IG discipline Macro: Lack of central coordination, resulting in wasted finances and a poor reputation for the IG discipline Locally: Listen to and research the best advice that is available on any situation at any given time and apply best practice compassionately Locally: Listen to and research the best advice that is available on any situation at any given time and apply best practice compassionately Micro: Accidental breaches and carelessness: PEOPLE Micro: Accidental breaches and carelessness: PEOPLE Locally: Ensuring an effective training, awareness and assurance programme, using IG and the IGT in the best possible way – not just ‘tick boxing’ Locally: Ensuring an effective training, awareness and assurance programme, using IG and the IGT in the best possible way – not just ‘tick boxing’
Summary… Achieving an acceptable definition Achieving an acceptable definition The macro environment – now and in the future The macro environment – now and in the future The micro environmentThe micro environment Somewhere in betweenSomewhere in between Prioritising the top 2 Prioritising the top 2
Western Sussex Hospitals NHS Foundation Trust

Recommended

Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentationAlan Teh
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance bookletGerardo Medina
 
DHHS ASPR Cybersecurity Threat Information Resources
DHHS ASPR Cybersecurity Threat Information ResourcesDHHS ASPR Cybersecurity Threat Information Resources
DHHS ASPR Cybersecurity Threat Information ResourcesDavid Sweigert
 
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Protection and immunity under Cybersecurity Information Sharing Act
Protection and immunity under Cybersecurity Information Sharing ActProtection and immunity under Cybersecurity Information Sharing Act
Protection and immunity under Cybersecurity Information Sharing ActDavid Sweigert
 
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Ann Cavoukian Presentation
Ann Cavoukian PresentationAnn Cavoukian Presentation
Ann Cavoukian PresentationCityAge
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanDavid Sweigert
 

Recommended

Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentationAlan Teh
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance bookletGerardo Medina
 
DHHS ASPR Cybersecurity Threat Information Resources
DHHS ASPR Cybersecurity Threat Information ResourcesDHHS ASPR Cybersecurity Threat Information Resources
DHHS ASPR Cybersecurity Threat Information ResourcesDavid Sweigert
 
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Protection and immunity under Cybersecurity Information Sharing Act
Protection and immunity under Cybersecurity Information Sharing ActProtection and immunity under Cybersecurity Information Sharing Act
Protection and immunity under Cybersecurity Information Sharing ActDavid Sweigert
 
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Ann Cavoukian Presentation
Ann Cavoukian PresentationAnn Cavoukian Presentation
Ann Cavoukian PresentationCityAge
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanDavid Sweigert
 
XDS and CDA with FHIR
XDS and CDA with FHIRXDS and CDA with FHIR
XDS and CDA with FHIRkwboone
 
Allscripts Webcast On Feb 18 Stimulus
Allscripts Webcast On Feb 18 StimulusAllscripts Webcast On Feb 18 Stimulus
Allscripts Webcast On Feb 18 StimulusDJMB207
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184David Sweigert
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MassEHealth
 
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentMohammed J. Khan
 
hitech act
hitech acthitech act
hitech actpadler01
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal datamohd kamal
 
A Robust Health Data Infrastructure (JASON, 2013)
A Robust Health Data Infrastructure (JASON, 2013)A Robust Health Data Infrastructure (JASON, 2013)
A Robust Health Data Infrastructure (JASON, 2013)Ilya Klabukov
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection ActsJoseph White MPA CPM
 
Critical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT ProjectsCritical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT ProjectsKaali Dass PMP, PhD.
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...
Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...
Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...Investnet
 
Quick visual guide to basic brompton maintenance
Quick visual guide to basic brompton maintenanceQuick visual guide to basic brompton maintenance
Quick visual guide to basic brompton maintenanceWoon Taiwoon
 
Management skills in difficult times by Ed Sweeney
Management skills in difficult times by Ed SweeneyManagement skills in difficult times by Ed Sweeney
Management skills in difficult times by Ed SweeneyAcas Comms
 
Mediation at Guy’s and St Thomas’ NHS Foundation Trust
Mediation at Guy’s and St Thomas’ NHS Foundation TrustMediation at Guy’s and St Thomas’ NHS Foundation Trust
Mediation at Guy’s and St Thomas’ NHS Foundation TrustAcas Comms
 
History of public health in malaysia
History of public health in malaysiaHistory of public health in malaysia
History of public health in malaysiaYong Xuan
 
Planning for New Hospital
Planning for New HospitalPlanning for New Hospital
Planning for New HospitalNc Das
 
Islamic leadership and the JKKK
Islamic leadership and the JKKKIslamic leadership and the JKKK
Islamic leadership and the JKKKRaja Aishah Raja Adnan
 
Review of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-OutsReview of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-OutsMohammad Al-Ubaydli
 
Care.data 17 09-13
Care.data 17 09-13Care.data 17 09-13
Care.data 17 09-13howch1961
 

More Related Content

What's hot

XDS and CDA with FHIR
XDS and CDA with FHIRXDS and CDA with FHIR
XDS and CDA with FHIRkwboone
 
Allscripts Webcast On Feb 18 Stimulus
Allscripts Webcast On Feb 18 StimulusAllscripts Webcast On Feb 18 Stimulus
Allscripts Webcast On Feb 18 StimulusDJMB207
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184David Sweigert
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MassEHealth
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentMohammed J. Khan
 
hitech act
hitech acthitech act
hitech actpadler01
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal datamohd kamal
 
A Robust Health Data Infrastructure (JASON, 2013)
A Robust Health Data Infrastructure (JASON, 2013)A Robust Health Data Infrastructure (JASON, 2013)
A Robust Health Data Infrastructure (JASON, 2013)Ilya Klabukov
 
Critical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT ProjectsCritical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT ProjectsKaali Dass PMP, PhD.
 

What's hot (12)

XDS and CDA with FHIR
XDS and CDA with FHIRXDS and CDA with FHIR
XDS and CDA with FHIR
 
Allscripts Webcast On Feb 18 Stimulus
Allscripts Webcast On Feb 18 StimulusAllscripts Webcast On Feb 18 Stimulus
Allscripts Webcast On Feb 18 Stimulus
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15
 
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP Alignment
 
hitech act
hitech acthitech act
hitech act
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal data
 
A Robust Health Data Infrastructure (JASON, 2013)
A Robust Health Data Infrastructure (JASON, 2013)A Robust Health Data Infrastructure (JASON, 2013)
A Robust Health Data Infrastructure (JASON, 2013)
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection Acts
 
Critical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT ProjectsCritical Success Factors in Leading Healthcare IT Projects
Critical Success Factors in Leading Healthcare IT Projects
 

Viewers also liked

How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...
Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...
Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...Investnet
 
Quick visual guide to basic brompton maintenance
Quick visual guide to basic brompton maintenanceQuick visual guide to basic brompton maintenance
Quick visual guide to basic brompton maintenanceWoon Taiwoon
 
Management skills in difficult times by Ed Sweeney
Management skills in difficult times by Ed SweeneyManagement skills in difficult times by Ed Sweeney
Management skills in difficult times by Ed SweeneyAcas Comms
 
Mediation at Guy’s and St Thomas’ NHS Foundation Trust
Mediation at Guy’s and St Thomas’ NHS Foundation TrustMediation at Guy’s and St Thomas’ NHS Foundation Trust
Mediation at Guy’s and St Thomas’ NHS Foundation TrustAcas Comms
 
History of public health in malaysia
History of public health in malaysiaHistory of public health in malaysia
History of public health in malaysiaYong Xuan
 
Planning for New Hospital
Planning for New HospitalPlanning for New Hospital
Planning for New HospitalNc Das
 

Viewers also liked (8)

How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 
Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...
Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...
Joanna Smith, Chief Information Officer, The Royal Brompton & Harefield NHS F...
 
Quick visual guide to basic brompton maintenance
Quick visual guide to basic brompton maintenanceQuick visual guide to basic brompton maintenance
Quick visual guide to basic brompton maintenance
 
Management skills in difficult times by Ed Sweeney
Management skills in difficult times by Ed SweeneyManagement skills in difficult times by Ed Sweeney
Management skills in difficult times by Ed Sweeney
 
Mediation at Guy’s and St Thomas’ NHS Foundation Trust
Mediation at Guy’s and St Thomas’ NHS Foundation TrustMediation at Guy’s and St Thomas’ NHS Foundation Trust
Mediation at Guy’s and St Thomas’ NHS Foundation Trust
 
History of public health in malaysia
History of public health in malaysiaHistory of public health in malaysia
History of public health in malaysia
 
Planning for New Hospital
Planning for New HospitalPlanning for New Hospital
Planning for New Hospital
 
Islamic leadership and the JKKK
Islamic leadership and the JKKKIslamic leadership and the JKKK
Islamic leadership and the JKKK
 

Similar to The Challenging and Changing Face of NHS Information Governance - Paper Delivered at the Information and Risk Management Society Conference, Brighton, May 2016

Review of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-OutsReview of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-OutsMohammad Al-Ubaydli
 
Care.data 17 09-13
Care.data 17 09-13Care.data 17 09-13
Care.data 17 09-13howch1961
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Hybrid Cloud
 
The challenges to clinical system adoption
The challenges to clinical system adoptionThe challenges to clinical system adoption
The challenges to clinical system adoptionrain2bow
 
ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:Mirasolmanginyog
 
Data report v 0.2 Press Release
Data report v 0.2 Press ReleaseData report v 0.2 Press Release
Data report v 0.2 Press ReleaseRosalyn Moran
 
Confidentiality power point
Confidentiality power pointConfidentiality power point
Confidentiality power pointDoug Miller
 
Implementation of Data Privacy and Security in an Online Student Health Recor...
Implementation of Data Privacy and Security in an Online Student Health Recor...Implementation of Data Privacy and Security in an Online Student Health Recor...
Implementation of Data Privacy and Security in an Online Student Health Recor...Kato Mivule
 
Insight Seminar 2015 - #2
Insight Seminar 2015 - #2Insight Seminar 2015 - #2
Insight Seminar 2015 - #2Leisure-net
 
Health Data Sharing Scene Setting
Health Data Sharing Scene Setting Health Data Sharing Scene Setting
Health Data Sharing Scene Setting ipposi
 
Apa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoApa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoaman341480
 
Storetec nhs-document-scanning-white paper
Storetec nhs-document-scanning-white paperStoretec nhs-document-scanning-white paper
Storetec nhs-document-scanning-white paperStoretecServices
 
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...Health IT Conference – iHT2
 

Similar to The Challenging and Changing Face of NHS Information Governance - Paper Delivered at the Information and Risk Management Society Conference, Brighton, May 2016 (20)

Review of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-OutsReview of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-Outs
 
Care.data 17 09-13
Care.data 17 09-13Care.data 17 09-13
Care.data 17 09-13
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
 
The challenges to clinical system adoption
The challenges to clinical system adoptionThe challenges to clinical system adoption
The challenges to clinical system adoption
 
CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717
 
CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717
 
CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717
 
Providing Information to Support Better Care
Providing Information to Support Better CareProviding Information to Support Better Care
Providing Information to Support Better Care
 
ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:
 
Data report v 0.2 Press Release
Data report v 0.2 Press ReleaseData report v 0.2 Press Release
Data report v 0.2 Press Release
 
Vision 2020 FINAL
Vision 2020 FINALVision 2020 FINAL
Vision 2020 FINAL
 
Confidentiality power point
Confidentiality power pointConfidentiality power point
Confidentiality power point
 
Implementation of Data Privacy and Security in an Online Student Health Recor...
Implementation of Data Privacy and Security in an Online Student Health Recor...Implementation of Data Privacy and Security in an Online Student Health Recor...
Implementation of Data Privacy and Security in an Online Student Health Recor...
 
Insight Seminar 2015 - #2
Insight Seminar 2015 - #2Insight Seminar 2015 - #2
Insight Seminar 2015 - #2
 
Health Data Sharing Scene Setting
Health Data Sharing Scene Setting Health Data Sharing Scene Setting
Health Data Sharing Scene Setting
 
2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit
 
HSCIC draft five-year strategy: for consultation
HSCIC draft five-year strategy: for consultationHSCIC draft five-year strategy: for consultation
HSCIC draft five-year strategy: for consultation
 
Apa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoApa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes ago
 
Storetec nhs-document-scanning-white paper
Storetec nhs-document-scanning-white paperStoretec nhs-document-scanning-white paper
Storetec nhs-document-scanning-white paper
 
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...
Health IT Summit Austin 2013 - Keynote Presentation "The Innovation, Data & H...
 

Recently uploaded

The Events of Cardiac Cycle - Wigger's Diagram
The Events of Cardiac Cycle - Wigger's DiagramThe Events of Cardiac Cycle - Wigger's Diagram
The Events of Cardiac Cycle - Wigger's DiagramMedicoseAcademics
 
TIME FOR ACTION: MAY 2024 Securing A Strong Nursing Workforce for North Carolina
TIME FOR ACTION: MAY 2024 Securing A Strong Nursing Workforce for North CarolinaTIME FOR ACTION: MAY 2024 Securing A Strong Nursing Workforce for North Carolina
TIME FOR ACTION: MAY 2024 Securing A Strong Nursing Workforce for North CarolinaMebane Rash
 
Test bank for community public health nursing evidence for practice 4TH editi...
Test bank for community public health nursing evidence for practice 4TH editi...Test bank for community public health nursing evidence for practice 4TH editi...
Test bank for community public health nursing evidence for practice 4TH editi...robinsonayot
 
Cash Payment 😋 +9316020077 Goa Call Girl No Advance *Full Service
Cash Payment 😋 +9316020077 Goa Call Girl No Advance *Full ServiceCash Payment 😋 +9316020077 Goa Call Girl No Advance *Full Service
Cash Payment 😋 +9316020077 Goa Call Girl No Advance *Full ServiceReal Sex Provide In Goa
 
Goa Call Girl 931~602~0077 Call ✂️ Girl Service Vip Top Model Safe
Goa Call Girl 931~602~0077 Call ✂️ Girl Service Vip Top Model SafeGoa Call Girl 931~602~0077 Call ✂️ Girl Service Vip Top Model Safe
Goa Call Girl 931~602~0077 Call ✂️ Girl Service Vip Top Model SafeReal Sex Provide In Goa
 
ACNE VULGARIS , ALLERGIES, ECZEMA, PEMPHIGUS.pdf
ACNE VULGARIS , ALLERGIES, ECZEMA, PEMPHIGUS.pdfACNE VULGARIS , ALLERGIES, ECZEMA, PEMPHIGUS.pdf
ACNE VULGARIS , ALLERGIES, ECZEMA, PEMPHIGUS.pdfDolisha Warbi
 
Independent Call Girl in 😋 Goa +9316020077 Goa Call Girl
Independent Call Girl in 😋 Goa +9316020077 Goa Call GirlIndependent Call Girl in 😋 Goa +9316020077 Goa Call Girl
Independent Call Girl in 😋 Goa +9316020077 Goa Call GirlReal Sex Provide In Goa
 
Leading large scale change: a life at the interface between theory and practice
Leading large scale change: a life at the interface between theory and practiceLeading large scale change: a life at the interface between theory and practice
Leading large scale change: a life at the interface between theory and practiceHelenBevan4
 
Spauldings classification ppt by Dr C P PRINCE
Spauldings classification ppt by Dr C P PRINCESpauldings classification ppt by Dr C P PRINCE
Spauldings classification ppt by Dr C P PRINCEDR.PRINCE C P
 
VIP Just Call 9548273370 Lucknow Top Class Call Girls Number | 8630512678 Esc...
VIP Just Call 9548273370 Lucknow Top Class Call Girls Number | 8630512678 Esc...VIP Just Call 9548273370 Lucknow Top Class Call Girls Number | 8630512678 Esc...
VIP Just Call 9548273370 Lucknow Top Class Call Girls Number | 8630512678 Esc...meghakumariji156
 
No Advance 931~602~0077 Goa ✂️ Call Girl , Indian Call Girl Goa For Full nig...
No Advance 931~602~0077 Goa ✂️ Call Girl , Indian Call Girl Goa For Full nig...No Advance 931~602~0077 Goa ✂️ Call Girl , Indian Call Girl Goa For Full nig...
No Advance 931~602~0077 Goa ✂️ Call Girl , Indian Call Girl Goa For Full nig...Real Sex Provide In Goa
 
CALCIUM - ELECTROLYTE IMBALANCE (HYPERCALCEMIA & HYPOCALCEMIA).pdf
CALCIUM - ELECTROLYTE IMBALANCE (HYPERCALCEMIA & HYPOCALCEMIA).pdfCALCIUM - ELECTROLYTE IMBALANCE (HYPERCALCEMIA & HYPOCALCEMIA).pdf
CALCIUM - ELECTROLYTE IMBALANCE (HYPERCALCEMIA & HYPOCALCEMIA).pdfDolisha Warbi
 
Nursing Care Plan for Surgery (Risk for Infection)
Nursing Care Plan for Surgery (Risk for Infection)Nursing Care Plan for Surgery (Risk for Infection)
Nursing Care Plan for Surgery (Risk for Infection)RoieteMillena3
 
Test Bank -Medical-Surgical Nursing Concepts for Interprofessional Collaborat...
Test Bank -Medical-Surgical Nursing Concepts for Interprofessional Collaborat...Test Bank -Medical-Surgical Nursing Concepts for Interprofessional Collaborat...
Test Bank -Medical-Surgical Nursing Concepts for Interprofessional Collaborat...rightmanforbloodline
 
TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...
TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...
TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...rightmanforbloodline
 
MAGNESIUM - ELECTROLYTE IMBALANCE (HYPERMAGNESEMIA & HYPOMAGNESEMIA).pdf
MAGNESIUM - ELECTROLYTE IMBALANCE (HYPERMAGNESEMIA & HYPOMAGNESEMIA).pdfMAGNESIUM - ELECTROLYTE IMBALANCE (HYPERMAGNESEMIA & HYPOMAGNESEMIA).pdf
MAGNESIUM - ELECTROLYTE IMBALANCE (HYPERMAGNESEMIA & HYPOMAGNESEMIA).pdfDolisha Warbi
 

Recently uploaded (20)

The Events of Cardiac Cycle - Wigger's Diagram
The Events of Cardiac Cycle - Wigger's DiagramThe Events of Cardiac Cycle - Wigger's Diagram
The Events of Cardiac Cycle - Wigger's Diagram
 
TIME FOR ACTION: MAY 2024 Securing A Strong Nursing Workforce for North Carolina
TIME FOR ACTION: MAY 2024 Securing A Strong Nursing Workforce for North CarolinaTIME FOR ACTION: MAY 2024 Securing A Strong Nursing Workforce for North Carolina
TIME FOR ACTION: MAY 2024 Securing A Strong Nursing Workforce for North Carolina
 
OBAT PENGGUGUR KANDUNGAN 081466799220 PIL ABORSI CYTOTEC PELUNTUR JANIN
OBAT PENGGUGUR KANDUNGAN 081466799220 PIL ABORSI CYTOTEC PELUNTUR JANINOBAT PENGGUGUR KANDUNGAN 081466799220 PIL ABORSI CYTOTEC PELUNTUR JANIN
OBAT PENGGUGUR KANDUNGAN 081466799220 PIL ABORSI CYTOTEC PELUNTUR JANIN
 
Test bank for community public health nursing evidence for practice 4TH editi...
Test bank for community public health nursing evidence for practice 4TH editi...Test bank for community public health nursing evidence for practice 4TH editi...
Test bank for community public health nursing evidence for practice 4TH editi...
 
@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah
@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah
@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah
 
Cash Payment 😋 +9316020077 Goa Call Girl No Advance *Full Service
Cash Payment 😋 +9316020077 Goa Call Girl No Advance *Full ServiceCash Payment 😋 +9316020077 Goa Call Girl No Advance *Full Service
Cash Payment 😋 +9316020077 Goa Call Girl No Advance *Full Service
 
Goa Call Girl 931~602~0077 Call ✂️ Girl Service Vip Top Model Safe
Goa Call Girl 931~602~0077 Call ✂️ Girl Service Vip Top Model SafeGoa Call Girl 931~602~0077 Call ✂️ Girl Service Vip Top Model Safe
Goa Call Girl 931~602~0077 Call ✂️ Girl Service Vip Top Model Safe
 
ACNE VULGARIS , ALLERGIES, ECZEMA, PEMPHIGUS.pdf
ACNE VULGARIS , ALLERGIES, ECZEMA, PEMPHIGUS.pdfACNE VULGARIS , ALLERGIES, ECZEMA, PEMPHIGUS.pdf
ACNE VULGARIS , ALLERGIES, ECZEMA, PEMPHIGUS.pdf
 
Independent Call Girl in 😋 Goa +9316020077 Goa Call Girl
Independent Call Girl in 😋 Goa +9316020077 Goa Call GirlIndependent Call Girl in 😋 Goa +9316020077 Goa Call Girl
Independent Call Girl in 😋 Goa +9316020077 Goa Call Girl
 
Abortion pills Buy Farwaniya (+918133066128) Cytotec 200mg tablets Al AHMEDI
Abortion pills Buy Farwaniya (+918133066128) Cytotec 200mg tablets Al AHMEDIAbortion pills Buy Farwaniya (+918133066128) Cytotec 200mg tablets Al AHMEDI
Abortion pills Buy Farwaniya (+918133066128) Cytotec 200mg tablets Al AHMEDI
 
Leading large scale change: a life at the interface between theory and practice
Leading large scale change: a life at the interface between theory and practiceLeading large scale change: a life at the interface between theory and practice
Leading large scale change: a life at the interface between theory and practice
 
Spauldings classification ppt by Dr C P PRINCE
Spauldings classification ppt by Dr C P PRINCESpauldings classification ppt by Dr C P PRINCE
Spauldings classification ppt by Dr C P PRINCE
 
Obat Penggugur Kandungan Cytotec Dan Gastrul Harga Indomaret
Obat Penggugur Kandungan Cytotec Dan Gastrul Harga IndomaretObat Penggugur Kandungan Cytotec Dan Gastrul Harga Indomaret
Obat Penggugur Kandungan Cytotec Dan Gastrul Harga Indomaret
 
VIP Just Call 9548273370 Lucknow Top Class Call Girls Number | 8630512678 Esc...
VIP Just Call 9548273370 Lucknow Top Class Call Girls Number | 8630512678 Esc...VIP Just Call 9548273370 Lucknow Top Class Call Girls Number | 8630512678 Esc...
VIP Just Call 9548273370 Lucknow Top Class Call Girls Number | 8630512678 Esc...
 
No Advance 931~602~0077 Goa ✂️ Call Girl , Indian Call Girl Goa For Full nig...
No Advance 931~602~0077 Goa ✂️ Call Girl , Indian Call Girl Goa For Full nig...No Advance 931~602~0077 Goa ✂️ Call Girl , Indian Call Girl Goa For Full nig...
No Advance 931~602~0077 Goa ✂️ Call Girl , Indian Call Girl Goa For Full nig...
 
CALCIUM - ELECTROLYTE IMBALANCE (HYPERCALCEMIA & HYPOCALCEMIA).pdf
CALCIUM - ELECTROLYTE IMBALANCE (HYPERCALCEMIA & HYPOCALCEMIA).pdfCALCIUM - ELECTROLYTE IMBALANCE (HYPERCALCEMIA & HYPOCALCEMIA).pdf
CALCIUM - ELECTROLYTE IMBALANCE (HYPERCALCEMIA & HYPOCALCEMIA).pdf
 
Nursing Care Plan for Surgery (Risk for Infection)
Nursing Care Plan for Surgery (Risk for Infection)Nursing Care Plan for Surgery (Risk for Infection)
Nursing Care Plan for Surgery (Risk for Infection)
 
Test Bank -Medical-Surgical Nursing Concepts for Interprofessional Collaborat...
Test Bank -Medical-Surgical Nursing Concepts for Interprofessional Collaborat...Test Bank -Medical-Surgical Nursing Concepts for Interprofessional Collaborat...
Test Bank -Medical-Surgical Nursing Concepts for Interprofessional Collaborat...
 
TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...
TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...
TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...
 
MAGNESIUM - ELECTROLYTE IMBALANCE (HYPERMAGNESEMIA & HYPOMAGNESEMIA).pdf
MAGNESIUM - ELECTROLYTE IMBALANCE (HYPERMAGNESEMIA & HYPOMAGNESEMIA).pdfMAGNESIUM - ELECTROLYTE IMBALANCE (HYPERMAGNESEMIA & HYPOMAGNESEMIA).pdf
MAGNESIUM - ELECTROLYTE IMBALANCE (HYPERMAGNESEMIA & HYPOMAGNESEMIA).pdf
 

The Challenging and Changing Face of NHS Information Governance - Paper Delivered at the Information and Risk Management Society Conference, Brighton, May 2016

  • 1. Western Sussex Hospitals NHS Foundation Trust The Challenging and Changing Face of NHS Information Governance Andrew Harvey Information Governance Lead Western Sussex Hospitals NHS FT Chair Sussex-Wide Information Governance Group IRMS Conference The Metropole Hotel, Brighton, 17 May 2016
  • 2. Introduction… Achieving an acceptable definition Achieving an acceptable definition The macro environment – now and in the future The macro environment – now and in the future The micro environmentThe micro environment Somewhere in betweenSomewhere in between Prioritising the top 2 Prioritising the top 2 Methodology Methodology About me About me
  • 3. PART 1: Achieving a Definition
  • 4. Existing definitions (1/2)… “Allows organisations and individuals to ensure that personal information is handled legally, securely, efficiently and effectively, in order to deliver the best possible care. It additionally enables organisations to put in place procedures and processes for their corporate information that support the efficient location and retrieval of corporate records where and when needed, in particular to meet requests for information and assist compliance with Corporate Governance standards.” Health and Social Care Staff Members: What You Should Know About Information Governance, NHS Connecting for Health (2008) “Allows organisations and individuals to ensure that personal information is handled legally, securely, efficiently and effectively, in order to deliver the best possible care. It additionally enables organisations to put in place procedures and processes for their corporate information that support the efficient location and retrieval of corporate records where and when needed, in particular to meet requests for information and assist compliance with Corporate Governance standards.” Health and Social Care Staff Members: What You Should Know About Information Governance, NHS Connecting for Health (2008)
  • 5. Existing definitions (2/2)… “The management discipline that exploits an organisation’s data whilst associated risks and costs are minimised.” David Stone, former Head of Information Governance, NHS South East CSU (2014) “The management discipline that exploits an organisation’s data whilst associated risks and costs are minimised.” David Stone, former Head of Information Governance, NHS South East CSU (2014) “[P]reservation of confidentiality, integrity and availability of information; in addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.” ISO 27000 (2009), Information Technology - Security Techniques - Information Security Management Systems “[P]reservation of confidentiality, integrity and availability of information; in addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.” ISO 27000 (2009), Information Technology - Security Techniques - Information Security Management Systems
  • 6. Getting an acceptable definition… “Ensuring that the Trust and its staff have a person-centred approach to managing the personal and sensitive information of its patients and staff, treating it and the organisation’s corporate information in a similar manner to which they would expect their own Medical Records or banking information to be treated.” Andrew Harvey 02/2015, Western Sussex Hospitals FT’s Information Governance Mission Statement “Ensuring that the Trust and its staff have a person-centred approach to managing the personal and sensitive information of its patients and staff, treating it and the organisation’s corporate information in a similar manner to which they would expect their own Medical Records or banking information to be treated.” Andrew Harvey 02/2015, Western Sussex Hospitals FT’s Information Governance Mission Statement
  • 7. Getting an acceptable definition… “An enabling discipline to ensure that the Trust and its staff have a person- centred approach to managing the personal and sensitive information of its patients and staff, treating it and the organisation’s corporate information in a similar manner to which they would expect their own Medical Records or banking information to be treated.” “An enabling discipline to ensure that the Trust and its staff have a person- centred approach to managing the personal and sensitive information of its patients and staff, treating it and the organisation’s corporate information in a similar manner to which they would expect their own Medical Records or banking information to be treated.”
  • 8. PART 2: The Macro Environment
  • 9. The Macro environment 2013-16 (1/4)… Despite IG safeguards in place, “The history of the past 15 years does not inspire confidence”. Dr Paul Hodgkin, CEO, Patient Opinion [Source: The Guardian, 10/04/2014] Despite IG safeguards in place, “The history of the past 15 years does not inspire confidence”. Dr Paul Hodgkin, CEO, Patient Opinion [Source: The Guardian, 10/04/2014] “The presumption we had a few years ago [that we have consent to] share data can no longer be presumed upon. We have to earn that trust again. We shouldn’t underestimate the concerns both from extremely vocal groups and the public as a whole.” Kingsley Manning, Chair, HSCIC [Source: e-Health Insider, 25/06/2014] “The presumption we had a few years ago [that we have consent to] share data can no longer be presumed upon. We have to earn that trust again. We shouldn’t underestimate the concerns both from extremely vocal groups and the public as a whole.” Kingsley Manning, Chair, HSCIC [Source: e-Health Insider, 25/06/2014]
  • 10. The Macro environment 2013-16 (2/4)… Legislation (1/2): Health & Social Care Act 2012, disallowing CCGs to access PCD for commissioning purposes: DSCRO, ASH, CEfF [Source: www.legislation.gov.uk] Legislation (1/2): Health & Social Care Act 2012, disallowing CCGs to access PCD for commissioning purposes: DSCRO, ASH, CEfF [Source: www.legislation.gov.uk] Legislation (2/2): Health & Social Care (Safety & Quality) Act 2015: •Single identifier (NHS #) •Statutory basis for new Caldicott principle [Source: www.legislation.gov.uk] Legislation (2/2): Health & Social Care (Safety & Quality) Act 2015: •Single identifier (NHS #) •Statutory basis for new Caldicott principle [Source: www.legislation.gov.uk] “The duty to share information can be as important as the duty to protect patient confidentiality” Delayed guidance: e.g. Caldicott 3 Report on NHS InfoSec and Data Sharing stalled by EU referendum [Source: Digital Health Website, 20/04/2016] Delayed guidance: e.g. Caldicott 3 Report on NHS InfoSec and Data Sharing stalled by EU referendum [Source: Digital Health Website, 20/04/2016]
  • 11. The Macro environment 2013-16 (3/4)… Compulsory ICO DP audits: From 02/2015, aimed at cutting number of breaches; intended as collaborative / voluntary, but… [Source: V3 website, 02/02/2015] Compulsory ICO DP audits: From 02/2015, aimed at cutting number of breaches; intended as collaborative / voluntary, but… [Source: V3 website, 02/02/2015] Poor programme management and PR: e.g. IIGOP advising Care.Data not fit-for- purpose but NHS England going ahead, wasting £1m [Source: Computing website, 07/01/2015] Poor programme management and PR: e.g. IIGOP advising Care.Data not fit-for- purpose but NHS England going ahead, wasting £1m [Source: Computing website, 07/01/2015] Process issues, e.g. 11/2014, HSCIC reviewing processes for releasing en masse non-clinical to police: 2.7k releases in financial year 2013-14 [Source: e-Health Insider, 09/12/2014] Process issues, e.g. 11/2014, HSCIC reviewing processes for releasing en masse non-clinical to police: 2.7k releases in financial year 2013-14 [Source: e-Health Insider, 09/12/2014] Outsourcing, e.g. 06/2013 Birmingham-based Diagnostic Health knowingly breaching basic IG rules: password sharing, not encrypting, use of Google drive [Source: BBC News website, 16/06/2014] Outsourcing, e.g. 06/2013 Birmingham-based Diagnostic Health knowingly breaching basic IG rules: password sharing, not encrypting, use of Google drive [Source: BBC News website, 16/06/2014] Programme to combine data from GPs and hospitals to identify areas where more work or investment might be needed.
  • 12. The Macro environment 2013-16 (4/4)… Leaking data: NHS England-approved apps flout privacy standards [Source: BBC News website, 25/09/2015] Leaking data: NHS England-approved apps flout privacy standards [Source: BBC News website, 25/09/2015] More lack of consistency: •NHS England moving Medical Records without consent •ICO advising not sharing when needed is a breach [Sources: BBC News website, 04/09/2015; Digital Health website, 15/10/2015] More lack of consistency: •NHS England moving Medical Records without consent •ICO advising not sharing when needed is a breach [Sources: BBC News website, 04/09/2015; Digital Health website, 15/10/2015] Lack of consistency, e.g. ICO fines 2 HIV clinic email breaches differently: £250 v £180k [Sources: Computing website, 21/12/2015; BBC News website, 09/05/2016] Lack of consistency, e.g. ICO fines 2 HIV clinic email breaches differently: £250 v £180k [Sources: Computing website, 21/12/2015; BBC News website, 09/05/2016] Not all challenges: Positives for IT : •Carter: Meaningful use •Government promises >£4bn over 5 years [Sources: Digital Health website, 08/02/2016 and 09/02/2016] Not all challenges: Positives for IT : •Carter: Meaningful use •Government promises >£4bn over 5 years [Sources: Digital Health website, 08/02/2016 and 09/02/2016]
  • 13. A big Macro problem: conflict re DoH push for digitalisation… CareCERT, new HSCIC cyber security service from 01/2016 [Source: Digital Health website, 03/09/2015] CareCERT, new HSCIC cyber security service from 01/2016 [Source: Digital Health website, 03/09/2015] Push for digitalisation, e.g. The Power of Information strategy, 05/2012 [Source: www.gov.uk] Push for digitalisation, e.g. The Power of Information strategy, 05/2012 [Source: www.gov.uk] 02/2015, Dawn Monaghan, former ICO Public Sector Group Manager: cyber attacks and ID theft will increase as more patient data online [Source: V3 website, 10/02/2015] 02/2015, Dawn Monaghan, former ICO Public Sector Group Manager: cyber attacks and ID theft will increase as more patient data online [Source: V3 website, 10/02/2015] NHS England promises full records access by 2018 – GPs largely achieved it with DCR by 03/2016 [Sources: Digital Health website, 17/06/2015 and 22/03/2016] NHS England promises full records access by 2018 – GPs largely achieved it with DCR by 03/2016 [Sources: Digital Health website, 17/06/2015 and 22/03/2016] Patients able to add data from wearable devices, e.g. Fitbit, to their electronic patient record by 2018 [Source: Digital Health website, 24/06/2015] Patients able to add data from wearable devices, e.g. Fitbit, to their electronic patient record by 2018 [Source: Digital Health website, 24/06/2015]
  • 14. The Macro environment: unhelpful publicity… Secretary of State for Health: Jeremy Hunt, publishes photo on Twitter including patients’ names [Source: The Telegraph,18/07/2015] Secretary of State for Health: Jeremy Hunt, publishes photo on Twitter including patients’ names [Source: The Telegraph,18/07/2015] Unfortunate (or deliberate?) timing: HSCIC receives ICO Undertaking for failing to comply with patient opt outs… same day change name to ‘NHS Digital’ [Sources: ICO Website, 20/04/2016; www.gov.uk Website 20/04/2016] Unfortunate (or deliberate?) timing: HSCIC receives ICO Undertaking for failing to comply with patient opt outs… same day change name to ‘NHS Digital’ [Sources: ICO Website, 20/04/2016; www.gov.uk Website 20/04/2016]
  • 15. The Macro environment looking forward: GDPR • Content agreed • 2 year run in to 05/2018 • 13 changes impacting NHS • Content agreed • 2 year run in to 05/2018 • 13 changes impacting NHS [Sources: ICO 12 Steps (2016); PDP Compliance (05/04/2016); Dilys Jones Associates Ltd (18/01/2016) and Silicone Republic (04/04/2016)] 1. Accountability to the DP principles 1. Accountability to the DP principles 2. Consent 2. Consent 3. Data breaches 3. Data breaches 4. Data portability 4. Data portability 5. Data processors 5. Data processors 6. DP by design 6. DP by design 7. DP Officer 7. DP Officer 8. Erasure of information 8. Erasure of information 9. Higher fines 9. Higher fines 10. Information asset management 10. Information asset management11. Privacy notices 11. Privacy notices12. Sensitive personal data12. Sensitive personal data 13. Subject access 13. Subject access2. Consent •Stronger rights to delete •Freely given, informed •Not implied •Verifying ages of children •Joined up work: IG and clinical 2. Consent •Stronger rights to delete •Freely given, informed •Not implied •Verifying ages of children •Joined up work: IG and clinical 4. Data Portability •Transferring data between services •Recognisable format •Joined up work: IG and IT 4. Data Portability •Transferring data between services •Recognisable format •Joined up work: IG and IT 5. Data Processors •Notifying DCs of breaches •Will it happen? •Write into contracts •Joined up work: IG, Contracting and Procurement 5. Data Processors •Notifying DCs of breaches •Will it happen? •Write into contracts •Joined up work: IG, Contracting and Procurement 8. Erasure of information •Totally clear what it means? •What can we delete? •Records Management CoP •Technicalities •Joined up work: IG and IT 8. Erasure of information •Totally clear what it means? •What can we delete? •Records Management CoP •Technicalities •Joined up work: IG and IT 9. Higher fines •2 tiers •Highest up to €20m / 4% previous year’s turnover – Trust of £400m = £16m! •Review IG Toolkit controls and undertake gap analysis 9. Higher fines •2 tiers •Highest up to €20m / 4% previous year’s turnover – Trust of £400m = £16m! •Review IG Toolkit controls and undertake gap analysis 13. Subject access •Shorter response times •Free – no backfill •Possibility to refuse •Cost benefit analysis of accessing Medical Records online – promoted anyway 13. Subject access •Shorter response times •Free – no backfill •Possibility to refuse •Cost benefit analysis of accessing Medical Records online – promoted anyway • Clarification for NHS needed: ICO, HSCIC, IGA, NDG • Huge amounts of work! • DPIA should be happening – Cabinet Office • Positive: creating more joined up working ! • Clarification for NHS needed: ICO, HSCIC, IGA, NDG • Huge amounts of work! • DPIA should be happening – Cabinet Office • Positive: creating more joined up working ! My mortgage keeps getting paid!  My mortgage keeps getting paid! 
  • 16. PART 3: The Micro Environment
  • 17. Overview of the Micro environment… Big Brother Watch, 2014 2011-2014: 7,255 NHS incidents. •3.46% (251) = inappropriate sharing with third party •3.25% (236) = data shared by email, letter or fax •1.42% (103) = lost or stolen •0.69% (50) = social media [Source: BBC News website, 14/11/2014] Big Brother Watch, 2014 2011-2014: 7,255 NHS incidents. •3.46% (251) = inappropriate sharing with third party •3.25% (236) = data shared by email, letter or fax •1.42% (103) = lost or stolen •0.69% (50) = social media [Source: BBC News website, 14/11/2014] www.cable.co.uk FOI, 2014 2013-14 financial year: 701 NHS incidents •21% (147) = erroneous disclosure •20% (137) = theft / loss •12% (83) = posted or faxed to wrong person [Source: Wired website, 25/11/2014] www.cable.co.uk FOI, 2014 2013-14 financial year: 701 NHS incidents •21% (147) = erroneous disclosure •20% (137) = theft / loss •12% (83) = posted or faxed to wrong person [Source: Wired website, 25/11/2014] Increase in Data Security Concerns Healthcare highest industry for data security breaches: •Criminal attacks ↑ 125% since 2010 •734 breaches in 2014 •ICO 517 healthcare investigations in 2015 [Source: Information Age website, 20/01/2016] Increase in Data Security Concerns Healthcare highest industry for data security breaches: •Criminal attacks ↑ 125% since 2010 •734 breaches in 2014 •ICO 517 healthcare investigations in 2015 [Source: Information Age website, 20/01/2016] Sophos Study, c.2015 250 NHS employed senior IT professionals: •76% cybercrime protection good •72% data loss is biggest concern •10% encryption well established •42% use of mobile devices ↑ [Source: Information Age website, 22/01/2016] Sophos Study, c.2015 250 NHS employed senior IT professionals: •76% cybercrime protection good •72% data loss is biggest concern •10% encryption well established •42% use of mobile devices ↑ [Source: Information Age website, 22/01/2016]
  • 18. Problems within the Micro environment… Lack of knowledge, e.g. British Pregnancy Advisory Service 03/2012: £200k fine for hacker threatening to leak 10k patients PCD [Source: BBC News website, 07/03/2014] Lack of knowledge, e.g. British Pregnancy Advisory Service 03/2012: £200k fine for hacker threatening to leak 10k patients PCD [Source: BBC News website, 07/03/2014] Carelessness, e.g. Chelsea & Westminster NHS Trust 09/2015: 56 Dean Street) sending email to 800 users of HIV services: £180k fine [Sources: Sky News website, 02/09/2015; BBC News website, 09/05/2016] Carelessness, e.g. Chelsea & Westminster NHS Trust 09/2015: 56 Dean Street) sending email to 800 users of HIV services: £180k fine [Sources: Sky News website, 02/09/2015; BBC News website, 09/05/2016] Process issues, e.g. Blackpool Teaching Hospitals not checking details published on website, 03/2014: £185k fine [Source: Digital Health Website, 05/05/2016] Process issues, e.g. Blackpool Teaching Hospitals not checking details published on website, 03/2014: £185k fine [Source: Digital Health Website, 05/05/2016] Accidents, e.g. Brighton & Sussex University Hospitals Trust, 09/2015: ward handover sheet of 37 patients found in street [Source: The Argus, 30/09/2015] Accidents, e.g. Brighton & Sussex University Hospitals Trust, 09/2015: ward handover sheet of 37 patients found in street [Source: The Argus, 30/09/2015] Malicious intent, e.g. former Medical Centre Director accessing colleagues’ and family Medical Records, c. 2015: £435 (!) fine [Source: ICO Website, 10/12/2015] Malicious intent, e.g. former Medical Centre Director accessing colleagues’ and family Medical Records, c. 2015: £435 (!) fine [Source: ICO Website, 10/12/2015] Bizarre decisions, e.g. •Pharmacy2U selling data •Royal Free Trust sharing with Google [Sources: The Independent, 20/10/2015; BBC News Website, 03/05/2016; Business Insider Website, 12/05/2016] Bizarre decisions, e.g. •Pharmacy2U selling data •Royal Free Trust sharing with Google [Sources: The Independent, 20/10/2015; BBC News Website, 03/05/2016; Business Insider Website, 12/05/2016]
  • 19. PART 4: ‘The Inbetweener’
  • 20. A Replete IG Toolkit Concern…
  • 22. The Top Challenges… Macro: Lack of central coordination, resulting in wasted finances and a poor reputation for the IG discipline Macro: Lack of central coordination, resulting in wasted finances and a poor reputation for the IG discipline Locally: Listen to and research the best advice that is available on any situation at any given time and apply best practice compassionately Locally: Listen to and research the best advice that is available on any situation at any given time and apply best practice compassionately Micro: Accidental breaches and carelessness: PEOPLE Micro: Accidental breaches and carelessness: PEOPLE Locally: Ensuring an effective training, awareness and assurance programme, using IG and the IGT in the best possible way – not just ‘tick boxing’ Locally: Ensuring an effective training, awareness and assurance programme, using IG and the IGT in the best possible way – not just ‘tick boxing’
  • 23. Summary… Achieving an acceptable definition Achieving an acceptable definition The macro environment – now and in the future The macro environment – now and in the future The micro environmentThe micro environment Somewhere in betweenSomewhere in between Prioritising the top 2 Prioritising the top 2