Archive for the ‘Data Protection’ Category

« Older Entries

South London Trust loss of 630 patient details

Tuesday, April 17th, 2012

South London Healthcare Trust has admitted to two separate incidents in which unencrypted memory sticks containing patient information were lost by employees.

The first incident was the loss of a device containing the details of 600 maternity patients, and the second contained the names and dates of birth of 30 children along with a number of full audiology reports.

The Trust asset that the events can be attributed to staff not receiving up to date information governance training. They state that therefore their employees were unaware that an encrypted device issued by the data controller should have been used.

The Information Commissioner’s Office (ICO) stated that whilst both were eventually recovered and external access to the information was unlikely, the incidents put patient information at “unnecessary risk”.

According to the ICO, there were also a further two incidents at the trust, but these related to data breaches involving paper files.

The Trust has now agreed to encrypt portable and mobile devices including laptops and other portable media used to store and transmit personal data. It has also pledged to make sure that staff are appropriately trained and made aware of the data controller’s policy for the retention, storage and use of personal data.

In order to comply with ICO standards, Trusts must ensure they have the correct systems in place to assist clinicians in capturing and sharing information to a high level without compromising safety. Therapy Manager is an Electronic Patient Record (EPR) system which captures every element of the patient journey from Referral through to Discharge. Access is password controlled and gives managers the ability to restrict access rights to different data and functions within the EPR. Furthermore, every intervention is time and date stamped against the clinician who performed each action, ensuring a fully audit-able trail of who is responsible for the printing or downloading of patient information.

Original Source The Register

About Pathway Software

Pathway Software (www.pathwaysoftware.com) specialises in the design and development of patient information systems for Allied Health professionals.

Its flagship product, Therapy Manager, is an Electronic Patient Record (EPR) system specifically designed for Therapy Services to provide decision makers with the ability to track and manage clinical activity and analyse cost of care by patient, episode or service. The system also demonstrably reduces administration time and the costs of managing Therapy Services.

Tags: ,
Posted in Data Protection | No Comments »

Further loss of 160 unencrypted patient details

Friday, January 20th, 2012

A care provider is reported to have lost a memory stick that held sensitive personal information about patients from Northern Ireland and the Isle of Man.

It has been revealed that the material contained within the memory stick was unencrypted, but contained sensitive information relating to patients’ care and their mental health.

Praxis Care Limited is thought to have lost the material in August 2010 but the details have only just publicly emerged. The memory stick was lost on the Isle of Man which contained information about 107 residents and 53 patients in Northern island. All of those whose information was on the memory stick have now been informed.

The Information Commissioners Office (ICO) has warned the provider that the incident has breached the Data Protection Act, and has ordered them as a consequence to improve their procedures.

Since the loss, the company assert that they now ensure that all portable devices are encrypted, and has reportedly updateded its method of disposing of sensitive material.

Christopher Graham, the UK Information Commissioner, labelled the incident “unacceptable”, adding that the memory stick was surplus to requirements as some of the patient details stored on the device were out of date. He asserts that the ICO will continue to work closely with other data protection regulators where it is clear that a data breach extends across national boundaries.

Commenting on the incident, Praxis Care said they were confident that by increasing security and encrypting information, the risk of future information loss will be greatly reduced.

In order to comply with ICO standards, Trusts must ensure they have the correct systems in place to assist clinicians in capturing and sharing information to a high level without compromising safety. Therapy Manager is an Electronic Patient Record (EPR) system which captures every element of the patient journey from Referral through to Discharge. Access is password controlled and gives managers the ability to restrict access rights to different data and functions within the EPR. Furthermore, every intervention is time and date stamped against the clinician who performed each action, ensuring a fully audit-able trail of who is responsible for the printing or downloading of patient information.

Original Source BBC News

About Pathway Software

Pathway Software (www.pathwaysoftware.com) specialises in the design and development of patient information systems for Allied Health professionals.

Its flagship product, Therapy Manager, is an Electronic Patient Record (EPR) system specifically designed for Therapy Services to provide decision makers with the ability to track and manage clinical activity and analyse cost of care by patient, episode or service. The system also demonstrably reduces administration time and the costs of managing Therapy Services.

Tags: , ,
Posted in Data Protection | No Comments »

ICO request compulsory audit powers

Friday, December 16th, 2011

The Information Commissioner’s Office (ICO) has submitted an official request to the Ministry of Justice (MoJ) for the right to carry out compulsory data audits of NHS and local government authorities in order to help prevent data breaches.

The announcement comes as the government released data revealing that over 1,000 security breaches had occurred from local authorities since 2008. The document highlighted a number of instances where the ICO had issued fines or made authorities sign undertakings after it was made aware of data breaches, stating this as “proof the current system isn’t working”.

The ICO states that there are “significant and widespread data protection compliance concerns” in the NHS and local government. The nature of these organisations means that data controllers in these sectors are managing huge quantities of complex and sensitive personal data which is often shared on a wide scale and between numerous systems. It is because of this that the likeliness of data breaches is vastly increased.

Due to the high probability of data breaches in the NHS, the ICO states that it is “vital” that they are given the power to carry out audits before any incidents occur. They state that simply relying on Trusts to agree to an audit is insufficient.

“The value of the audit process is clearly illustrated and the extension of the assessment notice power will provide a clear basis for the information commissioner to improve data protection compliance in these areas of significant risk” the ICO states.

The ICO has simultaneously issued an update to its cookie guidance and warned businesses that they must do more to prepare for the new law or risk possible fines in 2012. The amendment to the ePrivacy Directive requires Trusts using cookies that gather data on visitors’ behaviour and remember their preferences to achieve “prior consent” before installing and running the technology.

Stewart Room, a Data Protection Lawyer, said “The ICO’s case for compulsory audit powers for the NHS and local authorities makes sense because these organisations have been regular offenders in cases of data mishandling”. In order to be truly effective however, he states that the ICO will need to obtain the Trust and confidence of data controllers.

In order to comply with ICO standards, Trusts must ensure they have the correct systems in place to assist clinicians in capturing and sharing information to a high level without compromising safety. Therapy Manager is an Electronic Patient Record (EPR) system which captured every element of the patient journey from Referral through to Discharge. Access is password restricted and gives managers the ability to restrict access rights to different aspects of patient EPRs. Furthermore, every intervention is time and date stamped against the clinician who performed each action, ensuring a fully audi-table trail of who is responsible for the printing or downloading of patient information.

Original Source V3

About Pathway Software

Pathway Software (www.pathwaysoftware.com) specialises in the design and development of patient information systems for Allied Health professionals.

Its flagship product, Therapy Manager, is an Electronic Patient Record (EPR) system specifically designed for Therapy Services to provide decision makers with the ability to track and manage clinical activity and analyse cost of care by patient, episode or service. The system also demonstrably reduces administration time and the costs of managing Therapy Services.

Tags: ,
Posted in Data Protection | No Comments »

NHS staff breach data confidentiality daily

Friday, November 4th, 2011
A recent report has revealed that NHS staff breached data protection policies five times a week on average over the past three years, with some posting patient information on Facebook.

The privacy campaign group Big Brother Watch used Freedom of Information Act requests to  reveal at least 806 separate incidents at 152 NHS Trusts in which patient medical records were compromised over this three year period.

44 Trusts did not respond to the information request and 55 provided a partial response or refused to release the information, with some citing data protection issues. The writers said that this was “unacceptable”, citing that “it is questionable at best for trusts to use the Data Protection Act to withhold details of data breaches when those NHS employees involved have failed to show the same respect for the privacy of patients or the law.”

Patient information was posted on social networking sites in 23 incidents, including one at Nottingham University Hospital NHS Trust in which a medical staff member posted a picture of a patient on Facebook. In 129 cases, NHS staff were found to be accessing or disclosing the medical details of a colleague or family member. Another 57 incidents involved confidential information being stolen, lost or left behind by staff where paper records, laptops and memory sticks were involved.

Many of the problems involved paper records, which were not adequately concealed or secured, implying that they were not protected from access by those with insufficient permissions. In February, records relating to the treatment of 18 patients of the  Coventry and Warwickshire NHS Trust were found in a communal waste bin at a residential apartment block. In May, a member of the public found details of a patient’s sensitive medical procedures and test results in a bin outside Coventry University Hospital.

102 NHS staff members were dismissed as a result of the breaches.

Big Brother Watch Director Nick Pickles said the research highlighted that the NHS was failing  to ensure confidential patient information is protected. “The information held in medical records is of huge personal significance and these cases represent serious infringements on patient privacy,” he said.

An Information Commissioner’s Office (ICO) spokesman said the ICO recently issued a joint letter with NHS chief executive, Sir David Nicholson, warning the health service about the importance of complying with the Act.

“We continue to work with organisations from across the NHS to improve the security of patients’ information and will consider taking action where it is clear that an organisation has failed to meet its legal obligations,” he said.
In order to ensure that security breaches do not occur, Trusts must ensure they have the correct systems in place to assist clinicians in capturing and sharing information to a high level without compromising safety. Therapy Manager is an Electronic Patient Record (EPR) system which captured every element of the patient journey from Referral through to Discharge. Access is password restricted and gives managers the ability to restrict access rights to different aspects of the patient EPR. Furthermore, every intervention is time and date stamped against the clinician who performed each action, ensuring a fully audit-able trail of who is responsible for the printing or downloading of patient information.

In order to ensure that security breaches do not occur, Trusts must ensure they have the correct systems in place to assist clinicians in capturing and sharing information to a high level without compromising safety. Therapy Manager is an Electronic Patient Record (EPR) system which captured every element of the patient journey from Referral through to Discharge. Access is password restricted and gives managers the ability to restrict access rights to different aspects of the patient EPR. Furthermore, every intervention is time and date stamped against the clinician who performed each action, ensuring a fully audit-able trail of who is responsible for the printing or downloading of patient information.

Original Source eHealth Insider

About Pathway Software

Pathway Software (www.pathwaysoftware.com) specialises in the design and development of patient information systems for Allied Health professionals.

Its flagship product, Therapy Manager, is an Electronic Patient Record (EPR) system specifically designed for Therapy Services to provide decision makers with the ability to track and manage clinical activity and analyse cost of care by patient, episode or service. The system also demonstrably reduces administration time and the costs of managing Therapy Services.

Tags: , ,
Posted in Data Protection | No Comments »

Reducing Security Breaches of NHS Information

Monday, October 31st, 2011

Examples of security breaches of protected NHS information are rarely far from the news, whether they concern electronic or paper patient records. The Information Commissioner’s Office (ICO) recently criticised the NHS over the latest round of data losses, which saw misplaced, unencrypted memory sticks attributed to the loss of 887 patient details across two Trusts, and the accidental destruction of 10,000 paper health records at another.

The ICO have stated that to reduce the number of unintentional data infractions, standards must be adhered to which promote the use of:

  • Secure, password protected accounts
  • Full accountability and audit-ability of notes
  • Restricted access to sensitive information

Secure, password protected accounts

Whilst the increasing digitisation of patient information is unavoidable in today’s increasingly efficiency-orientated NHS climate, Trusts must ensure they have the correct systems in place to assist clinicians in capturing and sharing information to a high level without compromising safety.

Alongside Trust accounts and secure NHS mail, it is imperative that all systems containing confidential patient information are password-protected, and that information cannot be directly loaded onto an external storage device.

Therapy Manager ensures that patient information is only accessible through secure, password protected accounts, and in accordance with NHS guidelines, passwords are changed every 6 weeks.

Full accountability and audit-ability of notes

Low staff awareness of the potential pitfalls of transferring patient data is thought to be a major contributing factor to data breaches, and despite Trust policies and training incentives, it can often be difficult to ensure staff are properly trained and held fully accountable.

The ICO attribute the use of “work arounds” to security breaches, such as generic logins or account sharing, meaning that there may be less emphasis placed on individual responsibility.

Using Therapy Manager, every aspect of the patient record is time and date stamped against the individual clinician that created them, ensuring that there is a fully audit-able trail. Heads of Service also have the ability to use Therapy Manager’s suite of robust reporting tools to determine exactly which patient records were printed and by whom.

Clinicians using Therapy Manager’s secure offline Laptop Download capacity to transport notes for community and domiciliary care are also recorded, along with exactly which records have been downloaded and how long they have been “checked out” for.

Restricted access to sensitive information

Some patient records may contain potentially sensitive information which only certain individuals may have the rights to access. This can also be used to facilitate patient choice, who may have specific requests about who is able to access their records, or in sensitive cases surrounding issues such as child protection.

Using Therapy Manager, Therapy Heads of Service have the ability to restrict rights to different aspects of patient EPR, granting access to only higher level clinicians who are directly involved in patient care.

About Pathway Software

Pathway Software (www.pathwaysoftware.com) specialises in the design and development of patient information systems for Allied Health professionals.

Its flagship product, Therapy Manager, is an Electronic Patient Record (EPR) system specifically designed for Therapy Services to provide decision makers with the ability to track and manage clinical activity and analyse cost of care by patient, episode or service. The system also demonstrably reduces administration time and the costs of managing Therapy Services.

Tags: , ,
Posted in Data Protection | No Comments »

« Older Entries
Copyright © 2011 Pathway Software. All rights reserved. Sitemap