BB
Uploaded byBen B
64 views

Encrypting User Data in the NHS 2016

This document provides a summary of a survey conducted by iGov Survey in collaboration with Druva regarding data security and encryption strategies across the NHS. Some key findings include: - Over half of respondents were confident in securing sensitive data, but less than a quarter were confident in end-user compliance. - Around 40% of staff had access to mobile devices, but only 69% had mobile device management solutions. - Three-quarters were unaware of cloud application usage and most couldn't monitor sensitive data access through them. - Only 25% were fully aware of upcoming EU GDPR data laws, though over half recognized a need to better understand compliance risks.

Embed presentation

Download to read offline
Encrypting User Data in the NHS Survey Report 2016 Survey Partners
Contents The Survey 3 Survey Methodology and Respondents Profile 4 Key Findings 5 Conclusion 10 Appendix 1: Full Survey Questions 11 Appendix 2: Participating Organisations 15 Page of2 15 Encrypting User Data in the NHS 2016 Acknowledgements The survey team at iGov Survey would like to take this opportunity to thank all of those who were kind enough to take part - and especially to those who found the time to offer additional insight through their extra comments. We would also like to thank our partner, Druva, for their assistance in compiling the survey questions, scrutinising the responses and analysing the results. Encrypting User Data in the NHS 2016 © copyright Unless explicitly stated otherwise, all rights including those in copyright in the content of this publication are owned by or controlled for these purposes by iGov Survey. Except as otherwise expressly permitted under copyright law or iGov Survey’s Terms of Use, the content of this publication are owned by or controlled may not be copied, reproduced, republished, downloaded, posted, broadcast or transmitted in any way without first obtaining iGov Survey’s written permission or that of the copyright owner. To contact the iGov or Exec Survey team: Email: dcross@ingenium-ids.org Tel: 0845 094 8567 Address: FAO David Cross, Ingenium IDS Ltd, Mansion House, Wellington Road South, Stockport, Cheshire, SK1 3UA
The Survey Mass amounts of sensitive data are collected, updated and stored across the NHS every day, and much of this data often concerns patient information, including demographic data and health records. This means that while organisations face pressure within the public sector to follow government legislation, they also face the growing concerns of the public as data transparency and connectivity becomes more commonplace. In late 2015, the Information Commissioner’s Office (ICO) published the findings of a study entitled ‘Data security incident trends’ that reported a brief analysis of their most1 recent cases (559). It found that almost half of reported cases (278) in the second quarter of the 2015/16 year (July to September 2015) originated in the health sector. Worryingly, this showed a 44% rise from the previous quarter (193), though the ICO do note that this is in-line with the overall increase in data security incidents when compared to the previous quarter. It also notes that the increase could in part be attributed to a change in the way the NHS handles data security incidents, as it is now mandatory to report them. The analysis highlighted two distinct issues regarding data security within the health sector; the loss and theft of paperwork (27% of health sector incidents) and data being posted or faxed to the incorrect recipient (23%). As the connectivity of data grows more commonplace across the public sector and organisations begin to adopt new technologies such as mobile and cloud, the threat of data breaches increases. While the NHS battles against tough budget constraints, their patients expect a consistently high-level of security. To meet this challenge, strategies put in place must balance the need to create more efficient ways of working with effective security. With this in mind, iGov Survey have now teamed with the fastest growing cloud-based data protection provider, Druva, to further understand the barriers that NHS organisations face, and benefits meeting this challenge brings to the sector. With large amounts of data now being stored in a variety of locations such as endpoints and the Cloud, Druva and iGov launched a research project to examine the data security and encryption strategies currently in place across the sector. It looked at the use of mobile devices, along with online and cloud applications, and the security concerns that were realised due to the use of these technologies. Finally, it also considered the impact of data legislation put in place by government, and the bearing it has on the strategies currently being used. https://ico.org.uk/action-weve-taken/data-security-incident-trends/1 Page of3 15 Encrypting User Data in the NHS 2016
Survey Methodology and Respondents Profile This survey was conducted by iGov Survey in collaboration with Druva, and ran from 3rd November 2015 to 21st December 2015. iGov Survey, a research body comprising of an independent team of public sector experts, partnered with Druva on the project and all views and results expressed within this report are from iGov’s impartial view point unless explicitly stated otherwise. Survey respondents represent a broad cross-section of seniority levels across NHS organisations, and job roles include those working with IT departments, Corporate Services, and at a Chief Executive/Deputy level. 67 individuals participated from 61 unique organisations across the NHS, each of whom will have received a complimentary copy of the findings report. There was no inducement to take part, and Druva was not introduced as the survey partner. The results displayed throughout this report are based on those who fully completed the questionnaire and are displayed as a percentage unless otherwise stated. Page of4 15 Encrypting User Data in the NHS 2016 Acute Community Health Mental Health Clinical Commissioning Groups Other 0 6 12 18 24 Sector Breakdown: Trust Types
Key Findings Whilst 54% state they are ‘very confident’ that their sensitive data is secure, confidence drops when asked whether participants believed their end-users comply with data protection rules (63%) Less than a quarter (21%) felt ‘very confident’ that end-users comply with their data protection rules. Moreover, 13% told us they were ‘not very confident’ in this area. 
 Page of5 15 Encrypting User Data in the NHS 2016 0 25 50 75 100 Very confident Somewhat confident Not very confident Not at all confident Our organisation is able to secure sensitive data on end-user devices Our end-users fully comply with data security policies Question: How confident are you in the following:
40% of survey respondents state that more than half of their staff currently have access to a mobile device for work purposes In addition, half of this group (20% overall) reported that this applied to more than 75% of their staff members. Almost all participants claimed that they had staff members who had access to a mobile device for work purposes (13% told us they did not know). Despite almost all of our survey participants stating that at least a small portion of their staff had access to mobile devices for work purposes, just 69% cited they had a Mobile Device Management solution in place. Page of6 15 Encrypting User Data in the NHS 2016 More than 75% 51 - 75% 26 - 50% 11 - 25% 1 - 10% 0% Don't know 0 5 10 15 20 Question: What percentage of your staff currently uses or has access to a mobile device for work purposes? 11% 20% 69% Yes No Don't know Question: Do you currently have a Mobile Device Management solution deployed for mobile devices across your organisation?
Over three-quarters (77%) were not aware of the use of Cloud applications such as Office 365 or Dropbox in their organisation However, of those who told us they use Cloud applications, just 30% reported that they were able to monitor the sensitive data that is accessed by end-users through these applications. 
 Page of7 15 Encrypting User Data in the NHS 2016 7% 23% 70% Yes No Don't know Question: Currently, does your organisation use cloud applications such as Office 365 or Dropbox? 36% 41% 23% Yes No Don't know Question: Are you able to monitor the sensitive data accessed by end-users through these applications?
Only 25% of survey respondents told us they had a full awareness of new data laws soon to be introduced by the EU under the General Data Protection Regulation (GDPR) A further 54% reported having a limited awareness of the new data laws, whilst almost a quarter (21%) told us they were not at all aware of them. Despite this, 28% reported that their organisation was planning further development of their data security and data protection measures to meet these new requirements. More than half (51%) claimed they needed to do more research into what this entails, whilst just 6% stated they were not planning any developments at all. Page of8 15 Encrypting User Data in the NHS 2016 21% 54% 25% Yes - I am fully aware of this Yes - I have a limited awareness of this No Question: Are you aware of the new data laws soon to be introduced by the European Union under the General Data Protection Regulation (GDPR)? 15% 6% 51% 28% Yes We need to do more research into what this entails No Don't know Question: Is your organisation planning any development within your data security and data protection to meet these new requirements?
Over half (54%) also believe that further understanding of compliance risks would be beneficial to their organisation A quarter (25%) of surveyed participants felt that their organisation didn’t need any further knowledge of data protection at this time, whilst 13% told us they felt they needed a better understanding of how to secure sensitive data to update our strategy in line with new technologies. 
 Page of9 15 Encrypting User Data in the NHS 2016 0 12 24 36 48 60 Question: To what extent do you think having a clearer understanding of compliance risk on end- user systems would benefit your organisation? I feel our organisation needs a better understanding of how to secure sensitive data to update our strategy in line with new technologies Further understanding would be beneficial to us as we review our data protection strategy We don’t feel any further knowledge of data protection is required at this time Other - please specify Don’t know
Conclusion by Rick Powles, Senior Vice President at Druva EMEA The NHS collects and stores massive amounts of sensitive data, much of which contains patient information such as health records and demographic data. As the connectivity of data grows more commonplace across the public sector and organisations begin to adopt mobile and Cloud technologies, NHS organisations must consider the impact that these challenges, along with data legislations put in place by the government, have on their current data protection strategies in order to ensure a high-level of security. This survey examined the data security and encryption strategies currently in place across the sector and how these growing challenges impact their security posture. It revealed that organisations have limited knowledge of new data privacy laws, but that they also recognise the need to better understand compliance issues and the resulting impact upon existing data protection strategies. Protecting sensitive information must remain a top priority for NHS organisations as well as staying informed of not only changes in legislation but tools that can better equip them for the future. Page of10 15 Encrypting User Data in the NHS 2016
Appendix 1: Full Survey Questions Page of11 15 Encrypting User Data in the NHS 2016 Grid Question: How confident are you in the following: Our organisation is able to secure sensitive data (such as patient records, medical data, etc) on end-user devices Answer Percent Very confident 54% Somewhat confident 41% Not very confident 2% Not at all confident 3% Our end-users fully comply with data security policies Answer Percent Very confident 21% Somewhat confident 63% Not very confident 13% Not at all confident 3% Question: What percentage of your staff currently uses or has access to a mobile device for work purposes? Answer Percent 0% 0% 1 - 10% 11% 11 - 25% 18% 26 - 50% 18% 51 - 75% 20% More than 75% 20% Don’t know 13% Question: Do you currently have a Mobile Device Management solution deployed for mobile devices across your organisation? Answer Percent Yes 69% No 20% Don’t know 11%
Page of12 15 Encrypting User Data in the NHS 2016 Question: In terms of a percentage, how many of your organisation’s mobile devices are encrypted? Answer Percent 0% 2% 1 - 10% 3% 11 - 25% 2% 26 - 50% 0% 51 - 75% 8% More than 75% 74% Don’t know 11% Question: On average, how many devices are damaged or lost in your organisation per year? Answer Percent 1 - 10 46% 11 - 20 5% 21 - 30 5% More than 30 10% Don’t know 34% Question: Are there any groups in your organisation most prone to losing mobile devices or subject to theft? Answer Percent Frontline staff, such as administration 3% Nurses 12% Doctors 8% Executives 3% Other - please specify 18% Don’t know 56% Question: Currently, does your organisation use Cloud applications such as Office 365 or Dropbox? Answer Percent Yes 23% No 70% Don’t know 7%
Page of13 15 Encrypting User Data in the NHS 2016 Question: Are you able to monitor the sensitive data accessed by end-users through these applications? Answer Percent Yes 23% No 41% Don’t know 36% Question: Are you aware of the new data laws soon to be introduced by the European Union under the General Data Protection Regulation (GDPR)? Answer Percent Yes - I am fully aware of this 25% Yes - I have limited awareness of this 54% No 21% Question: Is your organisation planning any development within your data security and data protection to meet these new requirements? Answer Percent Yes 28% We need to do more research into what this entails 51% No 6% Don’t know 15% Question: Are you looking to implement a new solution as part of these plans? Answer Percent Yes - within the next 6 months 18% Yes - within the next 12 months 23% Yes - post 12 months 0% Yes - when the GDPR comes into effect 18% We have no plans at this time 18% Don’t know 23%
Page of14 15 Encrypting User Data in the NHS 2016 Question: To what extent do you think having a clearer understanding of compliance risk on end-user systems would benefit your organisation? Answer Percent I feel our organisation needs a better understanding of how to secure sensitive data to update our strategy in line with new technologies 13% Further understanding would be beneficial as we review our data protection strategy 54% We don’t feel any further knowledge of data protection is required at this time 25% Other - please specify 3% Don’t know 5%
Appendix 2: Participating Organisations Page of15 15 Encrypting User Data in the NHS 2016 Bedford Hospital NHS Trust
 Belfast Health and Social Care Trust
 Bristol Community Health CIC
 Cardiff and Vale University Health Board
 Central and North West London NHS Foundation Trust Coventry and Warwickshire NHS Partnership Trust
 Dorset HealthCare University NHS Foundation Trust Gloucestershire Hospitals NHS Foundation Trust
 Health Education Yorkshire and the Humber
 Isle of Wight NHS Trust
 Kings College Hospital NHS Foundation Trust
 Lewisham and Greenwich NHS Trust
 Lincolnshire Partnership NHS Foundation Trust
 Liverpool Heart and Chest Hospital NHS Foundation Trust Locala Community Partnerships
 NEL Commissioning Support Unit
 NHS Coastal West Sussex CCG
 NHS England
 NHS Fareham and Gosport CCG
 NHS Guildford and Waverley Clinical Commissioning Group NHS Kingston CCG
 NHS Lanarkshire
 NHS Liverpool Clinical Commissioning Group
 NHS Newbury and District CCG
 NHS Newcastle Gateshead Clinical Commissioning Group NHS North East Hampshire and Farnham CCG
 NHS Northumberland Clinical Commissioning Group
 NHS Portsmouth CCG
 NHS Sheffield CCG
 NHS Somerset CCG NHS South Devon and Torbay CCG NHS South Eastern Hampshire CCG
 NHS West Essex Clinical Commissioning Group
 NHS West Lancashire CCG
 North of England Commercial Procurement Collaborative North Somerset Community Partnership
 North Staffordshire Combined Healthcare NHS Trust Nottingham University Hospitals NHS Trust
 Oxford University Hospitals NHS Foundation Trust
 Poole Hospital NHS Foundation Trust
 Provide
 Public Health Wales
 Sheffield Teaching Hospitals NHS Foundation Trust Somerset Partnership NHS Foundation Trust
 South Tyneside NHS Foundation Trust
 South West London and St George's Mental Health NHS Trust
 South,Central and West Commissioning Support Unit Southern Health NHS Foundation Trust
 Southport and Ormskirk Hospital NHS Trust
 Sussex Partnership NHS Foundation Trust
 The Dudley Group NHS Foundation Trust
 The Health Informatics Service NHS
 The Royal Liverpool and Broadgreen University Hospitals NHS Trust
 The Royal Surrey County Hospital NHS Foundation Trust UCL Partners Academic Health Science Network University College London Hospitals NHS Foundation Trust University Hospitals Birmingham NHS Foundation Trust Velindre NHS Trust
 West London Mental Health NHS Trust
 Yeovil District Hospital NHS Foundation Trust

More Related Content

PPTX
Part 2 social networking and online searches for screening job candidates final
byshrm
 
PPTX
Part 2 social networking and online searches for screening job candidates final
byshrm
 
PDF
Route Fifty: 2016 Top Management Challenges for State & Local Government - Co...
byGov BizCouncil
 
PDF
Duty of Care in Federal Agencies
byGov BizCouncil
 
PDF
COVID-19: How Businesses Are Handling the Crisis
bySarah Jackson
 
PDF
2015 Atlanta CHIME Lead Forum
byHealth IT Conference – iHT2
 
PDF
Connected Patient Report
byTrustRobin
 
PDF
PA Data Sharing Survey 2016 POSTED.final
byDyan Tufts-Conrad @dyanconrad
 
Part 2 social networking and online searches for screening job candidates final
byshrm
 
Part 2 social networking and online searches for screening job candidates final
byshrm
 
Route Fifty: 2016 Top Management Challenges for State & Local Government - Co...
byGov BizCouncil
 
Duty of Care in Federal Agencies
byGov BizCouncil
 
COVID-19: How Businesses Are Handling the Crisis
bySarah Jackson
 
2015 Atlanta CHIME Lead Forum
byHealth IT Conference – iHT2
 
Connected Patient Report
byTrustRobin
 
PA Data Sharing Survey 2016 POSTED.final
byDyan Tufts-Conrad @dyanconrad
 

What's hot

PDF
Ponemon Institute Data Breaches and Sensitive Data Risk
byFiona Lew
 
PDF
Social Media Marketing: India Trends Study 2013
byVikrant Mudaliar
 
PDF
Fourth Annual Benchmark Study on Patient Privacy & Data Security
by- Mark - Fullbright
 
PDF
Fourth Annual Benchmark Study on Patient Privacy & Data Security
by- Mark - Fullbright
 
PDF
Making the Leap: Exploring the Push for Cloud Adoption
byGov BizCouncil
 
PPT
IDC Government Insights - Open Government Initiative Survey
byAri Herzog
 
PPT
“Your Web Site is Their First Impression” Handout
byMichele Affronte
 
PDF
Third Annual Study on Patient Privacy
by- Mark - Fullbright
 
PPTX
Regulatory Concerns When Running Virtual/Paperless Clinical Trials
byTarget Health, Inc.
 
PDF
COVID-19: How Businesses are Handling the Crisis
byPaul Merchan
 
PDF
Vanson Bourne Infographic: Big Data
byVanson Bourne
 
PDF
Study: Employee Expectations Are Changing Due to COVID-19
bySarah Jackson
 
PDF
Report: How Engaged Are Employees During COVID-19?
bySarah Jackson
 
PDF
How eSource Solutions are Impacting Clinical Research Sites, Patients, Regula...
byTarget Health, Inc.
 
PPTX
Idge dell reignite2014 qp #2
byjmariani14
 
PDF
How Big Data Analysis Can Protect You From Fraud
byTrendwise Analytics
 
PDF
Insightful Research: The State of Mobile Application Insecurity
byCasey Lucas
 
PPT
The Security of Electronic Health Information Survey
byloglogic
 
PDF
COVID-19 Patient Confidence Study
byHealthgrades
 
Ponemon Institute Data Breaches and Sensitive Data Risk
byFiona Lew
 
Social Media Marketing: India Trends Study 2013
byVikrant Mudaliar
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
by- Mark - Fullbright
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
by- Mark - Fullbright
 
Making the Leap: Exploring the Push for Cloud Adoption
byGov BizCouncil
 
IDC Government Insights - Open Government Initiative Survey
byAri Herzog
 
“Your Web Site is Their First Impression” Handout
byMichele Affronte
 
Third Annual Study on Patient Privacy
by- Mark - Fullbright
 
Regulatory Concerns When Running Virtual/Paperless Clinical Trials
byTarget Health, Inc.
 
COVID-19: How Businesses are Handling the Crisis
byPaul Merchan
 
Vanson Bourne Infographic: Big Data
byVanson Bourne
 
Study: Employee Expectations Are Changing Due to COVID-19
bySarah Jackson
 
Report: How Engaged Are Employees During COVID-19?
bySarah Jackson
 
How eSource Solutions are Impacting Clinical Research Sites, Patients, Regula...
byTarget Health, Inc.
 
Idge dell reignite2014 qp #2
byjmariani14
 
How Big Data Analysis Can Protect You From Fraud
byTrendwise Analytics
 
Insightful Research: The State of Mobile Application Insecurity
byCasey Lucas
 
The Security of Electronic Health Information Survey
byloglogic
 
COVID-19 Patient Confidence Study
byHealthgrades
 

Viewers also liked

PDF
Dr Shahin Malik Reference
byBen B
 
PPTX
Mi Dormitorio
byedeespino
 
PDF
Encrypting User Data in Local Government 2016
byBen B
 
PDF
CV-Stefan Kulas
byStefan Kulaš
 
PPT
Printing services from YC pen
byYuanyuan Chai
 
PPTX
Baird linked Gen Psy opnr
byDavid Katakalos
 
PDF
Meaghan_Crain_Portfolio
byMeaghan Crain
 
PDF
afin_2016_1_10_40014
byHanin Almutairi
 
PPTX
Chapter 1 Introsduction
byEric Aguilar
 
PDF
Looloo fashion-llp
byLooloo Fashion LLP
 
PPTX
How to Sign up with Udyomitra
byUdyomitra
 
PDF
triciity resume 040216 (3)
byLisa Henry
 
PPTX
Review kuliah tamu
byazzanda abdul
 
PPTX
Virtual learning environment (vle) training
byDarren Sibley
 
PDF
56022_Avocent_BookletA5_GB
byBen B
 
PPTX
Vacante promotor de ventas - Guadalajara
byAlejandra Castaño
 
PPTX
Teachers (3)
byAnna Petrova
 
PPTX
Reading and critical thinking
byAnna Petrova
 
PPTX
Положення про щоденник
byAnna Petrova
 
PPTX
VW engineer pleads guilty in emissions cheating scandal
byRachel Zwiener
 
Dr Shahin Malik Reference
byBen B
 
Mi Dormitorio
byedeespino
 
Encrypting User Data in Local Government 2016
byBen B
 
CV-Stefan Kulas
byStefan Kulaš
 
Printing services from YC pen
byYuanyuan Chai
 
Baird linked Gen Psy opnr
byDavid Katakalos
 
Meaghan_Crain_Portfolio
byMeaghan Crain
 
afin_2016_1_10_40014
byHanin Almutairi
 
Chapter 1 Introsduction
byEric Aguilar
 
Looloo fashion-llp
byLooloo Fashion LLP
 
How to Sign up with Udyomitra
byUdyomitra
 
triciity resume 040216 (3)
byLisa Henry
 
Review kuliah tamu
byazzanda abdul
 
Virtual learning environment (vle) training
byDarren Sibley
 
56022_Avocent_BookletA5_GB
byBen B
 
Vacante promotor de ventas - Guadalajara
byAlejandra Castaño
 
Teachers (3)
byAnna Petrova
 
Reading and critical thinking
byAnna Petrova
 
Положення про щоденник
byAnna Petrova
 
VW engineer pleads guilty in emissions cheating scandal
byRachel Zwiener
 

Similar to Encrypting User Data in the NHS 2016

PDF
Health data - Is it safe?
byAlex Beisser MBCS
 
PDF
Review of Data Security, Consent and Opt-Outs
byMohammad Al-Ubaydli
 
PDF
Things you need to know about info governance to sell healthtech products int...
by3GDR
 
PDF
WAY To JOIN REAL ILLUMINATI AGENT IN KAMPALA UGANDA CALL ON 0782561496/075666...
byfikfameicailluminati
 
PDF
Real illuminati agent in Kampala Uganda call WhatsApp number on0782561496/075...
byfikfameicailluminati
 
PDF
how to join real 666 illuminati agent in Kampala Uganda call+256756664682/078...
byfikfameicailluminati
 
PDF
ILLUMINATI UGANDA+256782561496/0756664682
byfikfameicailluminati
 
PDF
REAL ILLUMINATI AGENT IN KAMPALA CALL+256782561496/0756664682
byfikfameicailluminati
 
PDF
Real illuminati agent in Kampala Uganda call WhatsApp number on0782561496/075...
byfikfameicailluminati
 
PDF
Real illuminati agent in Kampala Uganda call WhatsApp number on0782561496/075...
byfikfameicailluminati
 
PDF
JOINING ILLUMINATI AGENT IN KAMPALA UGANDA CALL ON WHATSAPP+256782561496/0756...
byfikfameicailluminati
 
PDF
REAL ILLUMINATI AGENT CALL ON+256782561496/0756664682
byfikfameicailluminati
 
PDF
Dave Taylor
byLucia Garcia
 
PPT
Electronic Health Records - Privacy Concerns, by Phil Booth (National Coordin...
byColin Mitchell
 
PDF
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016
byAndi Robinson
 
PDF
TPP Finance Seminar 6th October 2016
byTPP Recruitment
 
PDF
Data Privacy Program – a customized solution for the new EU General Regulatio...
byIAB Bulgaria
 
PPTX
Providing support and services for researchers in good data governance
byRobin Rice
 
DOCX
ScienceDirectAvailable online at www.sciencedirect.com
bydaniatrappit
 
PDF
Natalie banner
byHIQAHIS
 
Health data - Is it safe?
byAlex Beisser MBCS
 
Review of Data Security, Consent and Opt-Outs
byMohammad Al-Ubaydli
 
Things you need to know about info governance to sell healthtech products int...
by3GDR
 
WAY To JOIN REAL ILLUMINATI AGENT IN KAMPALA UGANDA CALL ON 0782561496/075666...
byfikfameicailluminati
 
Real illuminati agent in Kampala Uganda call WhatsApp number on0782561496/075...
byfikfameicailluminati
 
how to join real 666 illuminati agent in Kampala Uganda call+256756664682/078...
byfikfameicailluminati
 
ILLUMINATI UGANDA+256782561496/0756664682
byfikfameicailluminati
 
REAL ILLUMINATI AGENT IN KAMPALA CALL+256782561496/0756664682
byfikfameicailluminati
 
Real illuminati agent in Kampala Uganda call WhatsApp number on0782561496/075...
byfikfameicailluminati
 
Real illuminati agent in Kampala Uganda call WhatsApp number on0782561496/075...
byfikfameicailluminati
 
JOINING ILLUMINATI AGENT IN KAMPALA UGANDA CALL ON WHATSAPP+256782561496/0756...
byfikfameicailluminati
 
REAL ILLUMINATI AGENT CALL ON+256782561496/0756664682
byfikfameicailluminati
 
Dave Taylor
byLucia Garcia
 
Electronic Health Records - Privacy Concerns, by Phil Booth (National Coordin...
byColin Mitchell
 
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016
byAndi Robinson
 
TPP Finance Seminar 6th October 2016
byTPP Recruitment
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
byIAB Bulgaria
 
Providing support and services for researchers in good data governance
byRobin Rice
 
ScienceDirectAvailable online at www.sciencedirect.com
bydaniatrappit
 
Natalie banner
byHIQAHIS
 

Encrypting User Data in the NHS 2016

  • 1.
    Encrypting User Datain the NHS Survey Report 2016 Survey Partners
  • 2.
    Contents The Survey 3 SurveyMethodology and Respondents Profile 4 Key Findings 5 Conclusion 10 Appendix 1: Full Survey Questions 11 Appendix 2: Participating Organisations 15 Page of2 15 Encrypting User Data in the NHS 2016 Acknowledgements The survey team at iGov Survey would like to take this opportunity to thank all of those who were kind enough to take part - and especially to those who found the time to offer additional insight through their extra comments. We would also like to thank our partner, Druva, for their assistance in compiling the survey questions, scrutinising the responses and analysing the results. Encrypting User Data in the NHS 2016 © copyright Unless explicitly stated otherwise, all rights including those in copyright in the content of this publication are owned by or controlled for these purposes by iGov Survey. Except as otherwise expressly permitted under copyright law or iGov Survey’s Terms of Use, the content of this publication are owned by or controlled may not be copied, reproduced, republished, downloaded, posted, broadcast or transmitted in any way without first obtaining iGov Survey’s written permission or that of the copyright owner. To contact the iGov or Exec Survey team: Email: dcross@ingenium-ids.org Tel: 0845 094 8567 Address: FAO David Cross, Ingenium IDS Ltd, Mansion House, Wellington Road South, Stockport, Cheshire, SK1 3UA
  • 3.
    The Survey Mass amountsof sensitive data are collected, updated and stored across the NHS every day, and much of this data often concerns patient information, including demographic data and health records. This means that while organisations face pressure within the public sector to follow government legislation, they also face the growing concerns of the public as data transparency and connectivity becomes more commonplace. In late 2015, the Information Commissioner’s Office (ICO) published the findings of a study entitled ‘Data security incident trends’ that reported a brief analysis of their most1 recent cases (559). It found that almost half of reported cases (278) in the second quarter of the 2015/16 year (July to September 2015) originated in the health sector. Worryingly, this showed a 44% rise from the previous quarter (193), though the ICO do note that this is in-line with the overall increase in data security incidents when compared to the previous quarter. It also notes that the increase could in part be attributed to a change in the way the NHS handles data security incidents, as it is now mandatory to report them. The analysis highlighted two distinct issues regarding data security within the health sector; the loss and theft of paperwork (27% of health sector incidents) and data being posted or faxed to the incorrect recipient (23%). As the connectivity of data grows more commonplace across the public sector and organisations begin to adopt new technologies such as mobile and cloud, the threat of data breaches increases. While the NHS battles against tough budget constraints, their patients expect a consistently high-level of security. To meet this challenge, strategies put in place must balance the need to create more efficient ways of working with effective security. With this in mind, iGov Survey have now teamed with the fastest growing cloud-based data protection provider, Druva, to further understand the barriers that NHS organisations face, and benefits meeting this challenge brings to the sector. With large amounts of data now being stored in a variety of locations such as endpoints and the Cloud, Druva and iGov launched a research project to examine the data security and encryption strategies currently in place across the sector. It looked at the use of mobile devices, along with online and cloud applications, and the security concerns that were realised due to the use of these technologies. Finally, it also considered the impact of data legislation put in place by government, and the bearing it has on the strategies currently being used. https://ico.org.uk/action-weve-taken/data-security-incident-trends/1 Page of3 15 Encrypting User Data in the NHS 2016
  • 4.
    Survey Methodology and RespondentsProfile This survey was conducted by iGov Survey in collaboration with Druva, and ran from 3rd November 2015 to 21st December 2015. iGov Survey, a research body comprising of an independent team of public sector experts, partnered with Druva on the project and all views and results expressed within this report are from iGov’s impartial view point unless explicitly stated otherwise. Survey respondents represent a broad cross-section of seniority levels across NHS organisations, and job roles include those working with IT departments, Corporate Services, and at a Chief Executive/Deputy level. 67 individuals participated from 61 unique organisations across the NHS, each of whom will have received a complimentary copy of the findings report. There was no inducement to take part, and Druva was not introduced as the survey partner. The results displayed throughout this report are based on those who fully completed the questionnaire and are displayed as a percentage unless otherwise stated. Page of4 15 Encrypting User Data in the NHS 2016 Acute Community Health Mental Health Clinical Commissioning Groups Other 0 6 12 18 24 Sector Breakdown: Trust Types
  • 5.
    Key Findings Whilst 54%state they are ‘very confident’ that their sensitive data is secure, confidence drops when asked whether participants believed their end-users comply with data protection rules (63%) Less than a quarter (21%) felt ‘very confident’ that end-users comply with their data protection rules. Moreover, 13% told us they were ‘not very confident’ in this area. 
 Page of5 15 Encrypting User Data in the NHS 2016 0 25 50 75 100 Very confident Somewhat confident Not very confident Not at all confident Our organisation is able to secure sensitive data on end-user devices Our end-users fully comply with data security policies Question: How confident are you in the following:
  • 6.
    40% of surveyrespondents state that more than half of their staff currently have access to a mobile device for work purposes In addition, half of this group (20% overall) reported that this applied to more than 75% of their staff members. Almost all participants claimed that they had staff members who had access to a mobile device for work purposes (13% told us they did not know). Despite almost all of our survey participants stating that at least a small portion of their staff had access to mobile devices for work purposes, just 69% cited they had a Mobile Device Management solution in place. Page of6 15 Encrypting User Data in the NHS 2016 More than 75% 51 - 75% 26 - 50% 11 - 25% 1 - 10% 0% Don't know 0 5 10 15 20 Question: What percentage of your staff currently uses or has access to a mobile device for work purposes? 11% 20% 69% Yes No Don't know Question: Do you currently have a Mobile Device Management solution deployed for mobile devices across your organisation?
  • 7.
    Over three-quarters (77%)were not aware of the use of Cloud applications such as Office 365 or Dropbox in their organisation However, of those who told us they use Cloud applications, just 30% reported that they were able to monitor the sensitive data that is accessed by end-users through these applications. 
 Page of7 15 Encrypting User Data in the NHS 2016 7% 23% 70% Yes No Don't know Question: Currently, does your organisation use cloud applications such as Office 365 or Dropbox? 36% 41% 23% Yes No Don't know Question: Are you able to monitor the sensitive data accessed by end-users through these applications?
  • 8.
    Only 25% ofsurvey respondents told us they had a full awareness of new data laws soon to be introduced by the EU under the General Data Protection Regulation (GDPR) A further 54% reported having a limited awareness of the new data laws, whilst almost a quarter (21%) told us they were not at all aware of them. Despite this, 28% reported that their organisation was planning further development of their data security and data protection measures to meet these new requirements. More than half (51%) claimed they needed to do more research into what this entails, whilst just 6% stated they were not planning any developments at all. Page of8 15 Encrypting User Data in the NHS 2016 21% 54% 25% Yes - I am fully aware of this Yes - I have a limited awareness of this No Question: Are you aware of the new data laws soon to be introduced by the European Union under the General Data Protection Regulation (GDPR)? 15% 6% 51% 28% Yes We need to do more research into what this entails No Don't know Question: Is your organisation planning any development within your data security and data protection to meet these new requirements?
  • 9.
    Over half (54%)also believe that further understanding of compliance risks would be beneficial to their organisation A quarter (25%) of surveyed participants felt that their organisation didn’t need any further knowledge of data protection at this time, whilst 13% told us they felt they needed a better understanding of how to secure sensitive data to update our strategy in line with new technologies. 
 Page of9 15 Encrypting User Data in the NHS 2016 0 12 24 36 48 60 Question: To what extent do you think having a clearer understanding of compliance risk on end- user systems would benefit your organisation? I feel our organisation needs a better understanding of how to secure sensitive data to update our strategy in line with new technologies Further understanding would be beneficial to us as we review our data protection strategy We don’t feel any further knowledge of data protection is required at this time Other - please specify Don’t know
  • 10.
    Conclusion by Rick Powles,Senior Vice President at Druva EMEA The NHS collects and stores massive amounts of sensitive data, much of which contains patient information such as health records and demographic data. As the connectivity of data grows more commonplace across the public sector and organisations begin to adopt mobile and Cloud technologies, NHS organisations must consider the impact that these challenges, along with data legislations put in place by the government, have on their current data protection strategies in order to ensure a high-level of security. This survey examined the data security and encryption strategies currently in place across the sector and how these growing challenges impact their security posture. It revealed that organisations have limited knowledge of new data privacy laws, but that they also recognise the need to better understand compliance issues and the resulting impact upon existing data protection strategies. Protecting sensitive information must remain a top priority for NHS organisations as well as staying informed of not only changes in legislation but tools that can better equip them for the future. Page of10 15 Encrypting User Data in the NHS 2016
  • 11.
    Appendix 1: FullSurvey Questions Page of11 15 Encrypting User Data in the NHS 2016 Grid Question: How confident are you in the following: Our organisation is able to secure sensitive data (such as patient records, medical data, etc) on end-user devices Answer Percent Very confident 54% Somewhat confident 41% Not very confident 2% Not at all confident 3% Our end-users fully comply with data security policies Answer Percent Very confident 21% Somewhat confident 63% Not very confident 13% Not at all confident 3% Question: What percentage of your staff currently uses or has access to a mobile device for work purposes? Answer Percent 0% 0% 1 - 10% 11% 11 - 25% 18% 26 - 50% 18% 51 - 75% 20% More than 75% 20% Don’t know 13% Question: Do you currently have a Mobile Device Management solution deployed for mobile devices across your organisation? Answer Percent Yes 69% No 20% Don’t know 11%
  • 12.
    Page of12 15Encrypting User Data in the NHS 2016 Question: In terms of a percentage, how many of your organisation’s mobile devices are encrypted? Answer Percent 0% 2% 1 - 10% 3% 11 - 25% 2% 26 - 50% 0% 51 - 75% 8% More than 75% 74% Don’t know 11% Question: On average, how many devices are damaged or lost in your organisation per year? Answer Percent 1 - 10 46% 11 - 20 5% 21 - 30 5% More than 30 10% Don’t know 34% Question: Are there any groups in your organisation most prone to losing mobile devices or subject to theft? Answer Percent Frontline staff, such as administration 3% Nurses 12% Doctors 8% Executives 3% Other - please specify 18% Don’t know 56% Question: Currently, does your organisation use Cloud applications such as Office 365 or Dropbox? Answer Percent Yes 23% No 70% Don’t know 7%
  • 13.
    Page of13 15Encrypting User Data in the NHS 2016 Question: Are you able to monitor the sensitive data accessed by end-users through these applications? Answer Percent Yes 23% No 41% Don’t know 36% Question: Are you aware of the new data laws soon to be introduced by the European Union under the General Data Protection Regulation (GDPR)? Answer Percent Yes - I am fully aware of this 25% Yes - I have limited awareness of this 54% No 21% Question: Is your organisation planning any development within your data security and data protection to meet these new requirements? Answer Percent Yes 28% We need to do more research into what this entails 51% No 6% Don’t know 15% Question: Are you looking to implement a new solution as part of these plans? Answer Percent Yes - within the next 6 months 18% Yes - within the next 12 months 23% Yes - post 12 months 0% Yes - when the GDPR comes into effect 18% We have no plans at this time 18% Don’t know 23%
  • 14.
    Page of14 15Encrypting User Data in the NHS 2016 Question: To what extent do you think having a clearer understanding of compliance risk on end-user systems would benefit your organisation? Answer Percent I feel our organisation needs a better understanding of how to secure sensitive data to update our strategy in line with new technologies 13% Further understanding would be beneficial as we review our data protection strategy 54% We don’t feel any further knowledge of data protection is required at this time 25% Other - please specify 3% Don’t know 5%
  • 15.
    Appendix 2: ParticipatingOrganisations Page of15 15 Encrypting User Data in the NHS 2016 Bedford Hospital NHS Trust
 Belfast Health and Social Care Trust
 Bristol Community Health CIC
 Cardiff and Vale University Health Board
 Central and North West London NHS Foundation Trust Coventry and Warwickshire NHS Partnership Trust
 Dorset HealthCare University NHS Foundation Trust Gloucestershire Hospitals NHS Foundation Trust
 Health Education Yorkshire and the Humber
 Isle of Wight NHS Trust
 Kings College Hospital NHS Foundation Trust
 Lewisham and Greenwich NHS Trust
 Lincolnshire Partnership NHS Foundation Trust
 Liverpool Heart and Chest Hospital NHS Foundation Trust Locala Community Partnerships
 NEL Commissioning Support Unit
 NHS Coastal West Sussex CCG
 NHS England
 NHS Fareham and Gosport CCG
 NHS Guildford and Waverley Clinical Commissioning Group NHS Kingston CCG
 NHS Lanarkshire
 NHS Liverpool Clinical Commissioning Group
 NHS Newbury and District CCG
 NHS Newcastle Gateshead Clinical Commissioning Group NHS North East Hampshire and Farnham CCG
 NHS Northumberland Clinical Commissioning Group
 NHS Portsmouth CCG
 NHS Sheffield CCG
 NHS Somerset CCG NHS South Devon and Torbay CCG NHS South Eastern Hampshire CCG
 NHS West Essex Clinical Commissioning Group
 NHS West Lancashire CCG
 North of England Commercial Procurement Collaborative North Somerset Community Partnership
 North Staffordshire Combined Healthcare NHS Trust Nottingham University Hospitals NHS Trust
 Oxford University Hospitals NHS Foundation Trust
 Poole Hospital NHS Foundation Trust
 Provide
 Public Health Wales
 Sheffield Teaching Hospitals NHS Foundation Trust Somerset Partnership NHS Foundation Trust
 South Tyneside NHS Foundation Trust
 South West London and St George's Mental Health NHS Trust
 South,Central and West Commissioning Support Unit Southern Health NHS Foundation Trust
 Southport and Ormskirk Hospital NHS Trust
 Sussex Partnership NHS Foundation Trust
 The Dudley Group NHS Foundation Trust
 The Health Informatics Service NHS
 The Royal Liverpool and Broadgreen University Hospitals NHS Trust
 The Royal Surrey County Hospital NHS Foundation Trust UCL Partners Academic Health Science Network University College London Hospitals NHS Foundation Trust University Hospitals Birmingham NHS Foundation Trust Velindre NHS Trust
 West London Mental Health NHS Trust
 Yeovil District Hospital NHS Foundation Trust