NHS organisations rightly place a high level of importance on maintaining the security and integrity of the data within their systems. As a supplier of systems to NHS organisations we take a similar view of the importance of data security.
Within the context of the NHS, and those working on behalf of it, the framework for handling information securely and confidentially is known as Information Governance (IG). IG allows organisations and individuals to manage patient, personal and sensitive information legally, securely, efficiently and effectively in order to deliver the best possible healthcare and services. We tend to think of data security as relating to electronic information but with so much NHS information still paper-based, any IG practices must also consider the safety and security of paper records.
Information Governance covers system and process management, records management, data quality and data protection. It also should encompass the controls needed to ensure that if information is shared either internally or externally to the organisation then that is done securely while maintaining confidentiality and that any sharing observes the needs of both the organisation providing services and the people it serves.
We put the work in
The legal framework governing the use of personal confidential data in healthcare is complex. It includes:
- NHS Act 2006
- Health and Social Care Act 2012
- UK Data Protection Act 2018
- UK General Data Protection Regulation 2016 (GDPR)
- Human Rights Act.
To verify our awareness of, and compliance with NHS Information Governance standards the Infotex Systems team annually completes the Data Security and Protection (DSP) Toolkit, formerly known as the Information Governance toolkit. This is an online self-assessment tool that any organisation with access to NHS patient data and systems must complete. In fact, we exceeded the standards required for our 2022/23 assessment. (2023-24 is due to start very soon). The DSP Toolkit is similar to the Cyber Essentials Plus accreditation also held by Infotex, but has a specific focus on requirements for NHS organisations.
The DSP Toolkit measures an organisation against 10 data security standards defined by the National Data Guardian. The standards cover a wide range of data security topics including the importance of ensuring that personal confidential data is handled, stored and transmitted securely, enforcing regular staff training and ensuring that staff have the appropriate level of access to data for their role based on the principle of least privilege. At the end of the self-assessment process, an organisation then has its compliance data published on the DSP Toolkit website to show how they are complying with the 10 standards.
Our Credentials
As well as maintaining our processes and procedures to comply with NHS requirements the Infotex Systems team ensures that any systems that we build and deliver also follow these same standards. We apply the same standards to systems we build for both NHS and non-NHS customers to ensure the highest standards of information security for all of our customers.