The document discusses challenges with information sharing across health and social care systems in the UK, including different data formats, lack of integration, and lack of trust. It describes a project by Symphonic Software to deliver a governance layer for the London Digital Programme, which aims to allow the 7,000 organizations involved in patient care in London to access patient records while meeting data controller agreements and patient consent preferences. The governance layer will provide policy translation, identity management, and automated generation of information sharing policies to improve integrated care.
1. Trust and Governance in
Health and Social Care
Prof William J Buchanan
Twitter: @billatnapier
Web: http://asecuritysite.com
http://thecyberacademy.org
3. Barriers to Information Sharing
Records are
often static
Different
systems/
formatting
used for data
Limited/
difficult access
methods …
lack of trust
Lack of
integration
between health
and social
care
Lack of
integration with
carers, trusted
people and
families
Requirements
for 24/7 support
with real-time
response
Data often
aggregated
and context is
often lost
Strong demand
to consume
health/social
care data
Lack of
information
sharing across the
public sector
Poor access
control to data
Societal
Technical
5. Risk Assessors
Health Care
Data
Social Care
Data
Education
Data
Police
Data
Child at
Risk
Records:
Child’s Action Plan
Risk Assessors:
Posted Concerns
Attendance Records
Health Problems
Crime Trace
Named Person
Trust Access to Action Plan
for the Required Time Limit
Health Care
Data
Social Care
Data
Education
Data
Police
Data
Strong Governance
Infrastructure
Health/
Social Care
Records:
Personal Health Record
Risk Assessors:
Frailty Index
Early Warning Score
Appointments Missed
Named Person (GP)
Possible Trust Access to parts of
the Electronic Health Record
Rights granted
6. Information Sharing
Human
Trust
Digital
Trust
Identity
Rights Health/Social
Services
Strong
Governance
Education
Health Care
Police/Law
Enforcement
Social Care
Translation of rights
Translation of identities
Strong Governance Policy
Infinite
possiblities
Primary
Health Care
(role-based)
Secondary
Health Care
(role-based)
Assisted Living (Circle of
Trust)
Family might ask: Who are the
people responsible the action plan?
GP might ask: How often does the team
meet to discuss the child?
Social Care might ask: When is the
next formal review of the case?
9. Translation Gateway
Governance Policy
Health and Social Car
Domain
Governance
Policy
Translation
Gateway
Domain Ontology,
Roles, and Well-
managed Services
Exposed
Data eleme
Law Enforcement
Domain
Domain
Ontology, Roles,
and Services
Exposed
Data elements
Human Readable Policy
defined for access
(based on role,
relationship and identity)
Roles
Federated Identity Attribute,
and Relationship
Management
[Unit]
[Dept]
Domain Ontology
11. Governance and Trust
Police/Law
Enforcement
Social Care
Governance Policy
Translation
Gateway
Governance
model
Translator of roles,
services, and rights
Governance Policy
Translation
Gateway
Automated generation
Information
Sharing Policy
Document
Real-time
implementation
15. London Data Sharing
Prof William J Buchanan
Twitter: @billatnapier
Web: http://asecuritysite.com
http://thecyberacademy.org
16. London Digital Programme
• London Digital Programme – As part of Healthy
London initiative, the Health and Social Care
ecosystem in London is piloting new ways to
provide a data sharing environment to allow the
7,000 diverse organisation involved in patient care
to access patient records. Symphonic Software is
delivering the key governance layer to this
important programme to ensure that any data
access meets with data controller agreements,
which codify the inter-organisational rules for
patient data access, and also allowing citizens to
express their own data sharing preferences.
23. Background
• Five years academic research motivated by Caldicott
Report
• Software to improve patient care through
trusted data sharing:
• Across organisation & application boundaries
• Using trust-based access models
• Protecting patient information
• With built-in information governance
• Patient consent and preference
• Aligning IT and service delivery in data security
25. Implementing Data Sharing
• Capture landscape
• Who – “users” of the ecosystem
• What – to-be-shared data and resources
• Policies – Data Sharing Agreements
• Define Policies & Data Ownership
• Organisation
• Patient Consent
• Management Reporting
• Rights
• Usage
• Policy Change
26. Define who has access
• Different domains
• Different organisational structures
• Capture End points and synchronisation
27. Define data and services
• Different domains
• Different technologies
• Define endpoints and access methods
32. Define basic policy
• Business User driven (Data Controller)
• API suite for policy management by user apps
33. Define advanced policy
• Capture advanced policy requirements
• Time, Geo, device type, IP Address etc
34. Management Reporting
• Full set of management reports
• User Entitlements
• Access reporting
• Permits
• Denies
• Policy Changes
• Information “obligations” on access; SMS, email,
etc
• Meets compliance and regulatory needs
• Aligned to Data Sharing Agreements
35. Trust and Governance in
Health and Social Care
Prof William J Buchanan
Twitter: @billatnapier
Web: http://asecuritysite.com
http://thecyberacademy.org