Patient safety is perhaps the single most important principle which binds together everyone working in healthcare, whether that be under the NHS, or as a private entity. Patient safety extends beyond the lay definition of preventing errors and adverse effects to patients associated with their healthcare. Whilst developments in making healthcare more effective continue, the need for greater safety with technological advancements cannot be ignored. Assuring patient safety means organisations and employees must make sure that information is accessible, it is protected from loss or any damage, and its confidentiality is maintained. The Data Security Awareness programme which has been developed by NHS Digital forms the basis of ensuring all NHS staff are aware of the guidance relating to data security.
Data breaches: a thing of the past?
With data breaches on the increase, organisations must make it a priority to follow the General Data Protection Regulation (GDPR). Data breaches and attacks, in general, tend to target financial, not patient, data. NHS organisations must, however, take steps to understand their exposure to risk and take relevant measures to avoid any complacency. Instances of paper-based patient records going missing were often heard of, but technological advancements haven’t stopped errors from occurring leading to data breaches, neither has it stopped cybercriminals in attempting to steal information.
Parliament Street, a research-based think tank, ran a study, looking at data breaches in the NHS. It found some hospital trusts had lost over 3,000 patient records in one year alone.
The 2007 WannaCry attack led to more than 19,000 appointment cancellations, whilst it cost the NHS around £90 million.
These are just two examples of data breaches and threats to patient safety which have occurred within the NHS lately. The principle of accountability and safety is key to the GDPR, especially with those organisations that handle personal data. Demonstrating compliance of the requirements of the regulation is another important aspect of the GDPR.
The National Data Guardian Review
The National Data Guardian (NDG) Review of data security looks at whether there are adequate measures in place to prevent personal information falling into the wrong hands. It also looks at the governance surrounding patients opting in and out of information regarding them being shared.
The NDG data standards requirements relating to staff state that all personal data being held must be handled, stored, and processed safely and securely. The personal data must also be used for lawful and legitimate purposes. All staff must also ensure that they understand their responsibilities under the NDG standards, whilst also completing appropriate annual data security training and pass a mandatory test. Good data security awareness results in fewer data breaches, with most data breaches being caused by either people, processes, or technology.
How to access the Data Security Awareness training
To meet the standards relating to data security, 95% of all staff including new starters, locums and students have to access annual Data Security Awareness training.
The training covers a general introduction to Data Security Awareness, introduction to the law governing data security, protecting and handling information safely, and examples of breaches and threats to data security with lessons learnt from them.
At the end of the training pack, there is an assessment which has an 80% pass mark across all four modules.
To register and access the relevant training material, click the following link:
https://nhsdigital.e-lfh.org.uk/
Recommendations for good Data Security Awareness
- Strong leadership and senior management are essential in implementing an environment where good people, processes, and technology co-exist. Leadership has a right to ensure that they are leading from the top, the responsibility ultimately lies with them. So good data security has to be streamlined across the board. Caldicott Guardians who are responsible for protecting the confidentiality of people’s health and care information are making positive impacts on NHS organisations.
- All staff should be given the right information, training, and support allowing them to do their jobs effectively whilst at the same time understanding their responsibilities regarding data security.
- IT systems should be designed around the needs of the patient and those who are engaging with the patient, ensuring no compromises in data security.
- Exemplar organisations should be commended and looked at to see where they have exercised good data security awareness.
- Technology must be kept up-to-date and be made secure, preventing it from any cyber-attacks.
Wanting more ways to get the best from your workforce?
Join Mediapharm, and get unlimited access to our training courses, accredited by the GPhC.
This article was written on behalf of Mediapharm by Hassan Riaz from Pharmacy Mentor.