Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Clare Sanderon, IG Solutions
1. How to ensure that Information Security &
Governance are facilitators not blockers
What can be learnt from other jurisdictions?
Clare Sanderson
IG Solutions Liverpool
2. I know what you’re all thinking…….
……..IG is always used to stop us sharing
data
……..IG staff don’t realise the importance of
my work
…….IG isn’t my problem so I’ll ignore it
3. 1.Early IG Assessment
Engage with the Public
& Inform Patients
Explicit Consent or
Right to Object
Cyber Security
New EU Data Regulation
4. Early IG Assessment
Engage with your IG advisors
early in the project
Consider the business need
and identify what type of
information you really need:
• Anonymised
• De-identified /
Pseudonymised
• Identifiable
Ensure IG issues are
identified at the start
What is the lawful basis for
sharing / accessing the data?
What protection / security is
needed?
Designing IG controls is
better than retro fitting!
Access controls – who can see
what?
Audit arrangements – who has
accessed / updated what?
5. PRIVACY IMPACT ASSESSMENT
• Protects the individual’s right to
privacy and confidentiality in the
collection, use, storage and disclosure
of their information
• Ensures controls and practices are
embedded in the design of the project
• Raises awareness of privacy issues
with staff and creates a culture where
privacy matters
6. Engage with the Public & Inform Patients
• Required for the Privacy Impact
Assessment
• Understand the concerns of patients &
the public
• Provide assurance about safeguards
• Remember this is sensitive data about
7. WELLCOME TRUST REPORT
• People were largely unaware of the use of data.
• Confused by definitions: identifiable, anonymised
etc
• Adopted 4 key tests about whether data should be
shared.
• They were uncomfortable about commercial access
• Wary of insurance and marketing companies in
particular
• Those that were well informed were more likely to
approve.
• http://www.wellcome.ac.uk/stellent/groups/cor
8. CITIZENS JURIES
• Widespread support for NHS bodies to use
patient information for other purposes
such as research
• Most wanted ability to be able to opt-out
some wanted opt-in
• Opinions changed in favour of wider access
over the three days
• Public Benefit was necessary to justify
access
• One of the juries was mote cautious than
the other, wanting greater patient control
• http://www.herc.ac.uk/get-
involved/citizens-jury/
9. Explicit Consent and Right to Object
• We need to look at how we can allow patients to control what
happens to information about them
• We need a dynamic patient consent model that covers all the
potential uses of data
• Even where consent is not required patients have the right to
object to (opt-out of) data sharing.
10. Read
Code
Version
(Clinical System)
Description
XaJDp CTV3 (SystmOne) Personal risk assessment declined
XaJDs CTV3 (SystmOne) Multi professional risk assessment
declined
XaKII CTV3 (SystmOne) No consent for electronic record
sharing
XaKRW CTV3 (SystmOne) Refused consent for upload to local
shared electronic record
XaQVo CTV3 (SystmOne) Refused consent for electronic record
sharing
93C1. CTV3 (SystmOne) Refused consent for upload to local
shared electronic record
9Nd1. CTV3 (SystmOne) No consent for electronic record
sharing
9Oh5. CTV3 (SystmOne) Multi professional risk assessment
declined
9Oh8. CTV3 (SystmOne) Personal risk assessment declined
93C1. RCV2 (EMIS) Refused consent for upload to local
shared electronic record
9Nd1. RCV2 (EMIS) No consent for electronic record
sharing
Read code description V2 Read
code
(EMIS)
CTV Read
code
(SystmOne)
*Dissent from disclosure of
personal confidential data by
Health and Social Care
Information Centre
9Nu4 XaaVL
*Dissent from secondary use of GP
patient identifiable data
9Nu0. XaZ89
Code Term EMIS /
Vision
(READ V2)
SystmOne
(CTV3)
Refused consent for upload to
national shared electronic record
93C3. XaKRy
Express dissent for Summary Care
Record dataset upload
XaXj6
13. • Will replace the existing Data Protection Acts in Ireland (1988 &
2003)
• Adopted on 27 April 2016 must be implemented by May 2018
• Regulation not Directive means less scope for interpretation at
national level
• http://www.nhsconfed.org/resources/2016/05/protecting-
and-managing-personal-data
New EU Data Protection Regulation
14. •New definitions: pseudonymisation; genetic & biometric
data
Rules / principles largely unchanged
Bar raised for consent
Data Subjects Rights strengthened
Data Portability
Privacy by Design
Data Protection Officer
Breaches reported within 72 hours
Sanctions up to 4% global turnover / 20m €
HEADLINES AND KEY POINTS
15. AND IN THE WORDS OF OTIS REDDING….
I want security, yeah
Without it I had a great loss, oh now
Security, yeah
And I want it at any cost, oh now