The Go-Between Issue 119 August 2014 Information for Information Users

http://www.bcs.org/server.php?show=ConWebDoc.13667
The Go-Between
Information for Information Users
The Go-Between would like to hear from potential
contributors. Articles should be on health informatics
related matters and around 250-400 words in length. Copy
deadline for Issue 120 is 20 September 2014.
For contributions etc. please write to the Editor
(address on back page).
____________________________________________________
In This Issue
Diary
Federation for Health Informatics
GS1 Standards
News in Brief
NHSmail 2
Protecting Information On-line
Protecting Personal Health &
Care Data
______________________________________________
Protecting Personal
Health & Care Data
The Department of Health recently ran a consultation on
proposals to introduce tighter controls and safeguards on
the use of personal health and care data.
Appropriate data sharing offers many opportunities to
improve the quality and safety of services, but people have
to trust that their information is properly safeguarded. The
failure to share information is often cited as a factor in
failures of care.
Issue 119 August 2014
consent will be used more widely as the means to share
information.
Sharing information is fundamental to the delivery of
modern care services but without a clear statutory basis
many organisations would be concerned about the risk of
breaching confidentiality law and might be reluctant to
share data. The 2002 Regulations have provided a
statutory basis for sharing information relating to the
health of individuals for certain medical purposes, and
each purpose has been considered by the Health
Research Authority appointed Confidentiality Advisory
Group (CAG). CAG provides independent expert advice
and each purpose has been agreed by CAG to be
necessary, in the public interest and for a care related
purpose. On this statutory basis, local commissioners of
care are able to access information about individuals in
order to identify care needs, analyse care provision and where the information is confidential patient information to ensure that the access is lawful, despite the duty of
confidentiality which applies to the information.
However, whilst this has enabled key activity to be carried
out, the existing Regulations do not provide either the
coverage that is required or the strong controls that should
be in place to protect information. The Information
Governance Review recommended that data sets
containing confidential personal data, or data that could
potentially identify individuals and that need to be linked –
for purposes other than patient care – should only be
brought together in secure environments known as
‘accredited safe havens’ (ASHs).
The vision is that ASHs will provide a secure environment
within which data that could potentially identify individuals
can be lawfully processed for a limited range of approved
purposes, under controls that minimise reliance upon
identifiable data and constrain how the data is processed
in the ASH.
Continued on page 2.
______________________________________________
The Department of Health’s proposed Regulations are
intended to cover purposes other than direct care:

the minimum necessary level of identifiable information
is used to support any particular purpose;

there is a clear lawful basis for all uses; and

there are robust controls in place to prevent security
breaches or misuse of information.
As technology develops and information quality improves,
the need for staff to access identifiable information will
reduce and opportunities for individuals to exercise control
over how information about them is used will increase.
Access to data will be more automated so that routine
functions, including many commissioning functions, will not
require access to identifiable data itself.
The Health and Social Care Information Centre (HSCIC)
will be the environment for holding identifiable data at the
national level with a number of other smaller safe havens
able to access identifiable data for these purposes; and
GS1 Standards come to the NHS – see page 4
Continued from page 1.
The data that will be used by ASH will be person-level data
but the risk of individuals being identified must be
minimised; any identifiers not necessary in processing will
have been removed (for example names and addresses).
In the wrong hands, the individuals could be re-identified.
The proposed controls seek to minimise this risk.
The proposed Regulations would set out the broad
purposes for which data could be disclosed to an ASH, and
for which that data could be used within an ASH. ASHs
would be able to link information from more than one
source and use it for purposes related to the
commissioning and provision of health, public health and
social care, but would be limited to the following purposes:
•
making the patient in question less readily identifiable
from that information;
•
conducting geographical analysis;
•
analysing differences between population groups;
•
validating and improving the quality or completeness
of information, or data derived from such information;
•
auditing, monitoring and analysing the provision made
for patient care and treatment, including outcomes,
costs and patient satisfaction;
•
understanding and analysing risks to individuals and
informing those responsible for their care of the results
of that analysis (risk stratification and predictive risk
modelling);
•
providing those responsible for providing care to an
individual with information that might inform or support
that care; and
•
ensuring that the correct payment is made for care
provided (invoice validation).
More Information:
https://www.gov.uk/government/consultations/protecti
ng-personal-health-and-care-data
______________________________________________
Protecting Info On-line
The Information Commissioner’s Office (ICO) recently
issued guidance: Protecting personal data in online
services: learning from the mistakes of other.
The ICO has identified eight important areas of computer
security that have frequently arisen during investigations of
data breaches, which are the focus of this report. The
eight areas are:
•
Software updates
•
SQL injection
•
Unnecessary services
•
Decommissioning of software or services
•
Password storage
•
Configuration of SSL and TLS
•
Inappropriate locations for processing data.
•
Default credentials
For each, this guidance provides tips on good practice,
which is summarised below.
Software Updates
A software updates policy should in place for all software
used for processing personal data. When there is no
compelling reason to delay, security updates should be
applied as soon as is practical.
SQL Injection
SQL injection can affect applications that pass user input
into a database. This includes many modern websites and
web applications. SQL injection presents a high risk of
compromising significant amounts of personal data. SQL
injection results from coding flaws; organisations should
know who is responsible for developing and maintaining
code, and to prevent SQL injection or fix SQL injection
flaws if they are found. Independent security testing
(penetration testing, vulnerability assessment, or code
review, as appropriate) of the relevant sites or applications
can provide external assurance.
When remediating an SQL injection flaw, use
parameterised queries where possible, and ensure that all
similar input locations are also checked and remediated
where applicable.
Unnecessary services
Completely decommission any service that is not
necessary. Avoid high risk services such as telnet.
Ensure that services intended for local use only are not
made publicly-available. Use periodic port-scanning to
check for unnecessary services which have been
inadvertently enabled.
Decommissioning of software or services
Be aware of all the components of a service to ensure that
they are all decommissioned. Make a record of any
temporary services that will eventually need to be
disabled. Thoroughly check that the decommissioning
procedure has actually succeeded. Arrange for proper
disposal of any hardware, as appropriate.
Password storage
Don’t store passwords in plain text, nor in decryptable
form. Use a hash function, and only store the hashed
values.
The hash function should have appropriate
strength to make offline brute-force attacks extremely
impractical. Use salting to make offline brute-force attacks
less effective.
Use a combination of password strength requirements and
user-education to ensure that attackers can't simply guess
common passwords. Have a plan of action in case of a
password breach. This should include how to reset users'
passwords in bulk and how to notify them of what has
happened and what they need to do about it.
Configuration of SSL and TLS
Ensure that personal data (and sensitive information
generally) is transferred using SSL or TLS where
appropriate. Consider using SSL or TLS for all data
transfer in order to reduce complexity. Ensure that SSL or
TLS is set up to provide encryption of adequate strength
uses valid certificates. Consider obtaining an Extended
Validation (EV) certificate if assurance of identity is of
particular importance.
Inappropriate locations for processing data.
Ensure testing or staging environments are segregated
from the production environment. Consider segmenting
your network according to function and in accordance with
your data protection policies.
Ensure your network
architecture accounts for functions such as backups and
business continuity in general.
Have policies for how, when and where personal data will
be processed. In particular, ensure any web servers are
exposing only the intended content. Where necessary,
apply specific access restrictions.
Default credentials
Change any default credentials as soon as possible,
following good practice on password choice. Ensure that
credentials are not hard-coded into any software, or
transmitted in plain text.
More information:
http://ico.org.uk/for_organisations/data_protection/top
ic_guides/protecting-personal-data-in-online-services
______________________________________________
Federation for Health
Informatics (Fed-HI)
Individuals are personally accountable for their own
professional practice and must always be prepared to
justify decisions and actions.
A professional looks to a professional body for registration,
a means of developing skills, a means of recording skills, a
means of proving skills, validation, and regulation of that
profession.
In addition the role of a Professional Body is to:
•
provide leadership
•
act Independently
•
be represent the profession
•
enhance reputation
•
provide a knowledge base
•
provide professional standards
•
support personal development
•
provide a code of ethics
•
provide a publicly open register
•
regulate bad practice.
The existing landscape of national organisations
representing Informatics Professionals is characterised by
duplication of functions, overlapping roles and
responsibilities organisational rivalries and fragmented
leadership. It is estimated that there are approximately
20,000 – 60,000 health informatics professionals but only
4,000 are actively registered. It could be because the
purpose and benefits of professional membership are
unclear and the lack of clear policy position in respect of
professional registration.
There are gaps - the most important being the absence of
a voluntary regulatory framework that will ensure not only
that the highest professional standards and codes exist but
that they are also adhered to in practice
Federation for Health Informatics
National health informatics professional organisations are
working together to ensure consistency in professionalism
across all health informatics areas of health.
The
professional bodies involved are: BCS (Health & ASSIST),
IHRIM, UKCHIP, UK Tele-Health & Care, SOCITM, CILIP
and the Academy of Medical Royal Colleges. It is also
supported by NHS England, HSCIC and the Northern
Ireland, Scottish, and Welsh governments.
What is proposed?
The HI-Fed aims to provide clear value propositions for all,
a ‘front door’ that supports the individual to join and
participate, with simplified membership & fee structure. It is
proposed to develop a national public register to provide
assurance for employers and patients. It would continue to
and enhance professional development linked to personal
career plans.
Informatics professionals have been let down by the lack of
collective national professional leadership.
Health
Informatics has moved from the back room to mission
critical – almost without anyone noticing!
Patient data is crucial to safe and effective care, and
should, therefore be looked after by professionals who
have signed up to a Code of Ethics and Good Practice.
Qualified staff maintaining patient data reduces risk of poor
patient care.
The HI-Fed would be free to set standards that best serve
patients and the public in collaboration with interested
parties. It would provide the single coherent platform and
voice to represent the collective views of all health
informatics professionals to the public, government, and
employers. It would provide objective assurance that
contributes to maintaining public trust in the delivery of
public services.
The HI-Fed immediate objectives would be to grow the
membership, increase Influence and build reputation.
HI professionals are being encouraged to join the
Federation
to
demonstrate
commitment
to
HI
professionalism by placing their name on the National
Public HI Register, and to become an active Member of a
Professional Body
More information:
http://www.bcs.org/upload/pdf/assist-federationconsultation.pdf
______________________________________________
NHSmail 2
The Health & Social Care Information Centre has written
to Trusts to confirm whether the organisation “intends to
use NHSmail to meet the secure email standard for Health
and Social Care which will come into force in June 2016”.
It’s important that you confirm this information so that we
can include your requirements in our plans for the
transition to the replacement NHSmail service.
This email is to:
By June 2016, 100% of email communications made by
health and social care organisations will have to meet the
secure email standard.
HSCIC has suggested that
organisations have the following options to meet this
requirement:

Use NHSmail – it already meets the standard and is
centrally funded for all organisations that deliver a
service to the NHS.

Upgrade your local email service to meet the secure
email standard. This must be done using local budget
and resourcing.

Purchase a hosted email service that meets the
required email standard.
Planned improvements to NHSmail include significantly
larger mailbox sizes and the ability to use a sub-domain to
create an organisational identity will be addressed with the
new NHSmail service.
HSCIC has stated that when the new NHSmail service is
delivered (in 2015) organisations will be required to use
either NHSmail or their own local system (run to secure
email standards), but not both.
Organisations that choose to use their own local email
service to meet the secure email standard will not receive
free NHSmail accounts for their staff. In parallel with the
development of local e-mail systems to meet the secure
email standard, there will be a need to manage the
migration of e-mail accounts off the current NHSmail
service before it is closed in June 2016.
Each organisation is urged by HSCIC to put in place a
clear plan to meet the secure email standard by June
2016 when the current NHSmail platform will be turned off.
Organisations will need time to consider options for
meeting the secure email standard, and need confirmation
of what the new NHSmail service will be. Additional
guidance on the secure email standard is expected soon.
HSCIC have allocated NHSmail Implementation Support
Manager (ISM) to each organisation to provide support
and guidance.
The ISM can provide guidance around new NHSmail
features such as:

Automating emails such as referrals, discharge notes
or out of hours reports

Integrating applications such as SharePoint, Office
Communicator or locally developed applications with
NHSmail.
Contact: [email protected]
More information:
http://systems.hscic.gov.uk/nhsmail/future
http://systems.hscic.gov.uk/nhsmail/emailstandards
______________________________________________
GS1 Standards
organisation to synchronise asset tracking and stock
management throughout the supply chain process.
Trusts will be required to appoint a GS1 Lead and
Executive Sponsor, to oversee the adoption plans and
implementation. The scale of the task will depend on the
level of awareness and understanding of GS1 within trusts
and general enablement in the areas such as P2P, patient
information and records management.
More information:
http://www.gs1uk.org/what-we-do/GS1standards/Pages/default.aspx
______________________________________________
News in Brief
GS1 standards are global standards to make it easy to do
business globally using a unique set of identification
numbers for products, companies, locations, services,
assets, logistics units or customers at any point in the
supply chain.
NHS Spine
No matter where in the world a business is based or what
language you use, trading partners can always understand
one another using GS1 standards. The GS1 standards
work for all industries, from food services and retail to
healthcare and music, and can increase business
efficiency by reducing costs, saving time, and preventing
errors.
Legal Issues in IT
Every acute NHS trust is required to develop and
commence implementation of a trust board-approved GS1
adoption plan. For a large number of trusts implementation
of GS1 standards may require significant process redesign,
technological investment and cross-functional stakeholder
groups and could take a number of years before benefits
are realised.
The important concepts of GS1 can be summarised as:
Global Trade Identification Numbers (GTIN)
To be allocated to every product (and eventually service
line) purchased by the NHS. This will be completed by the
manufacturer to ensure that a consistent, unique identifier
exists and is supported by detailed information. Supplier
engagement will be the responsibility of the DoH and trusts
equally.
Unique Device Identification (UDI)
This key element will enable implantable medical device
data to be captured at the point of use, including production
information, and this to be recorded within the patient’s
records for traceability purposes.
It will require a
sophisticated inventory management solution, point-of-use
scanning in clinical areas as well as interoperability with
EPR/ PAS systems.
Automatic Identification Data Capture (AIDC)
This broad category of technologies includes but is not
limited to inventory and delivery management and asset
and document tracking. Through the use of barcode
technology, stock, assets and documents will be centrally
and consistently managed through the trust and into the
supply chain, with little need for manual data entry.
ISB1077 (AIDC for patient identification)
The requirement for NHS approved patient identifiers to be
encoded into a GS1 Data Matrix Symbol on wrist bands
has been in place since 2012.
Global Location Numbers (GLN)
All NHS trusts are registered members of GS1 through the
Department of Health and GLNs can be created by trusts
and assigned to all (delivery) locations within an
The upgrade of the NHS Spine – Spine 2 Core Transition
– took place on 22-25 August. The service will be hosted
on new infrastructure and is being re-developed to use
modern technologies.
Legal issues in IT are growing increasingly complex as we
approach a tipping point of unprecedented, ubiquitous
digital availability and accessibility. BCS, the Chartered
Institute for IT, has issued a final whitepaper in its next
wave of computing series examining the pervasive
connectivity that is making it harder to operate within the
law. http://www.bcs.org/category/18002/?src=hplead.
___________________________________________________
Diary
10 Sep 14
2014 Annual Conference, Southern
Institute for HI, Portsmouth
(http://sihi.port.ac.uk/sites/2014)
17 Sep 14
BCS North London: “The Internet of
Things”, London WC2E 7HA
(https://events.bcs.org/book/1183/)
7 Oct 14
BCS: “How to Get the Best of Both
Worlds by Combining PRINCE2 with
Agile!”, London WC2E 7HA
(https://events.bcs.org/book/1133/)
10 Oct 14
BCS “Real Artificial Intelligence”,
London WC2E 7HA
(https://events.bcs.org/book/1102/)
__________________________________________________________
Address for correspondence:
The Go-Between,
c/o David Green, Director of IM&T,
SW London & St George’s MH NHS Trust,
Springfield University Hospital, Tooting,
LONDON SW17 7DJ.
[email protected]
London & South East