Free Newsletter
Register for our Free Newsletters
Analysis, Inspection and Laboratory
Assisted/Independent Living
Clinical and Nursing Equipment
Design and Manufacture of Medical Equipment
Diagnostics Equipment, Monitoring and Test
Education, Training and Professional Services
Health Education and Patient Management
Health Estates Management
Healthcare Support and Information Services
Hygiene and Infection Control
IT and Communications in Healthcare
Medical Device Technology
Research and Development
Safety and Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Health Zone
Pro Security Zone
Web Lec
Pro Engineering Zone

IT and Communications in Healthcare - Managing Information

Iron Mountain : 21 April, 2011  (Special Report)
FOCUS ZONE REPORT - ICO issues health warning to care sector for data breaches: Fewer things are more private and personal than medical records suggests Christian Toon, Head of Information Risk at Iron Mountain, so it is not surprising that the Information Commissioner's Office (ICO) is putting its foot down when it comes to health care data breaches.

Following changes to the law, the ICO is able to issue monetary penalties of up to £500,000 to organisations found to be in breach of the Data Protection Act 1998. Although the health sector has so far escaped financial punishment, a press release issued by the ICO on 11 April 2011 publicly named two health care organisations that were found to be in breach of the act.

In the first case, NHS Liverpool Community Health had lost the medical histories of 31 children and their mothers during a premises move. In the second, the Council for Healthcare Regulatory Excellence could not find sensitive files and did not know if they had been received, lost or destroyed. The ICO took this opportunity to remind heath care organisations of the importance of having secure document management processes in place. The ICO annual Data Protection Conference on the 8th March 2011 also hinted that a Healthcare organisation is due to receive a monetary penalty notice shortly.

All public sector organisations handle sensitive data, but the health service in particular needs to ensure that it has robust policies and processes in place for managing, storing and tracking information, and that its staff is trained to use these processes. This is not just good practice; patients have a right to expect that information about them is handled with care and security, and that someone knows where data is kept and why, as well as how to get the data back when it is needed.

The health service faces similar information-management challenges to other public sector organisations, but the sensitivity of the data within the health service means that the spotlight is being turned on them more harshly. At the same time it is becoming increasingly difficult for large health care organisations to keep track of where and how data is being stored, and with whom it is being shared.

Information is particularly vulnerable when it changes hands. Therefore, the difficulties for the information and risk managers are heightened when multiple suppliers are used to service the different stages of the information cycle, such as using one supplier for transportation, another for storage and yet a third for destruction. It is therefore important to implement a system that combines the security and traceability of digital information with the resilience of paper records. An effective way to do this would be to use one single platform so that, regardless of format, every document is visible, from creation and classification through to compliant destruction. This gives the organisation improved chain of custody and greatly reduces the need for coordination between services, delivering significant savings in time and cost.

In order to remain compliant with the latest legislation, it is important that the health service has measures in place to protect its - and our - data. This may not be the most glamorous of fields, but sound records management: data entry, cataloguing, tracking, retrieval and indexing systems are the lifeblood of a trusted, effective health service.

Even by taking this approach, the weakest link lies with human involvement. There have been plenty of examples this year within the public sector where USB sticks containing confidential information have gone missing or emails have been sent with little regard for the sensitivity of the content. While no data management system is fool proof, public authorities must take action to reduce these risks as far as possible - and to ensure they can manage the fall out of a crisis should it occur. This type of breach would be especially dangerous if it occurred within the health service, and it must be seen to be protecting its data against such risks.

It is vital for the health service to meet the standards being enforced by the Information Commissioner. The ICO has sent a clear message: get it wrong and you will be held accountable. As a trusted government body, the NHS has a responsibility for millions of patients’ data, and due to the fact that so many people rely on the NHS as a service, it must demonstrate that it is doing everything that it can to protect this sensitive data. The price of failure may well include reputational damage to the entire sector, and this could prove far more costly than any ICO monetary penalty.

The NHS really has an opportunity here in the light of the planned reform to radically address the way it manages its information, making it more agile, more secure whilst reducing costs. It’s important to look to industry professionals, who can help realise potential savings and innovation for Information Management allowing more time to focus on patient care.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo