1 / 40

IG Overview Workshop 1 st October 2009 CAF Demonstrator Information Governance Model

Learn about the CAF IG Model, which outlines the principles for sharing information between health and social care providers in a secure and confidential manner. Find out the specific information sets, consent requirements, and training and guidance for staff.

mcalpine
Download Presentation

IG Overview Workshop 1 st October 2009 CAF Demonstrator Information Governance Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IG Overview Workshop 1st October 2009CAF Demonstrator Information Governance Model Jan Hoogewerf Projects Manager, Health & Social Care Integration Programme Jan.hoogewerf@nhs.net

  2. CAF Consultation From responses to the consultation it was clear that: Vast majority want assessment and care and support plan information to be shared between health and social care providing conditions are met: Only those directly involved in care Information relevant to care being provided (e.g. NHS don’t need to know about individual’s finances) Training for staff in confidentiality, consent, etc. Comparable IG standards across agencies

  3. CAF Consultation Differing views on wider community services: Need similar conditions to health/social care information sharing Concerns about staff skills and adequacy of security Only sharing essential information, e.g. support plan More concerns about sharing with financial/ employment services, and need for further investigation?

  4. Status Of CAF IG Model • IG model for CAF developed with CAF demonstrators and influenced by CAF consultation • Provides a model for the way in which information will be shared using NHS CFH services • Comprises general information sharing principles and how they will be implemented using existing NHS CFH technology • Model taken to National IG Board (NIGB) on 10th September • NIGB approved approach, with requirement for progress reports and evaluation. Particular interest in training, guidance and lessons learned in implementing the approach

  5. CAF IG requirements NHS Care Record Guarantee Social Care Record Guarantee Standard IG framework (policies, procedures, tools) - IG Statement of Compliance Standard set of IG controls (NHS CFH) Individual explicit consent

  6. Consent • Sharing between health & social care subject to: • Informed consent, i.e. what information shared with whom for what purposes and knowledge of the implications of different choices • What: health & social care assessments and integrated care and support plans • With whom: NHS and social care organisations involved with an individual in assessing and arranging care and support • What purposes: integrated assessment and care and support planning process • Consent obtained and recorded as part of assessment & care planning process, where need to share information

  7. What Information? Specific information set: Demographics Contact/initial assessments Holistic/overview assessments Outcomes of specialist assessments Integrated care and support plans Delayed discharge notifications Continuing care assessments Need to review in light of personalisation and new assessment types, e.g. SAQs Individual can place limitations on explicit consent: Time limits, e.g. review at each assessment Sensitive information – what and with whom it is shared And regular review of consent is good practice

  8. With Whom? Only individuals with: Direct care relationship with individual (e.g. part of team involved in assessment and care planning or emergency service) Role requiring recording and access to clinical and care information Registered users, authenticated, using smartcards to access Responsibilities in contract and/or code of practice regarding data handling practice Adequate IG controls in place on systems

  9. Training & Guidance Training and guidance for staff in explaining and seeking consent and in regular review of consent, e.g. The need to seek consent and consequences of not doing so When and how to seek consent, what information will be shared, for what purposes, with whom What to do if a person lacks capacity and who is able to take a decision on behalf of another person The procedures for recording and storing consent to share information The procedures for recording limitations of consent to share and procedures to be followed when consent is limited The circumstances under which information may be disclosed without consent, who can authorise this and what records must be kept Communications for public, explaining the above Need to be developed early to test out practicalities Do once and share?

  10. Information Sharing Statement Clear statement of information sharing needs to be developed, e.g.: Are you happy for me to see your health and social care assessments and care plans on the NHS Summary Care Record? This means not the whole record, just those documents that you have agreed social care can see. You can time limit this if you would like to do so. Options are: just this once, until your next assessment/review, until you no longer need social care or you can leave it open-ended? Are you happy for me to add the record of this health and social care assessment or care plan to the NHS Summary Care Record? Needs developing early to test whether people understand Do once and share?

  11. Information Sharing Protocols Existing protocols may need updating 3 tier model, and examples of good practice available Contents include, e.g.: Principles for sharing and handling information confidentially and effectively Governance arrangements for managing protocol Purposes for which information will be shared Processes by which information will be shared: what information, how it will be shared and how the sharing will be managed Agencies signed up to protocol Do once and share?

  12. Areas For Further Investigation 3rd party information (i.e. information provided by 3rd party and individual providing information about 3rd party). How to obtain and record consent, what to do if consent cannot be obtained or if 3rd party dissents Individual access to own records: registration, authentication, access controls, delegating access to others. Healthspace model may provide basis? Mental capacity: recording MC assessments, seeking consent from others (IMCA, power of attorney, etc.) and sharing information in best interests. Record retention policies: differences in length of time social care and health records are held. NIGB working group may be set up to review.

  13. Questions From Networking Survey How do we preserve ownership of and accountability for information as it is shared between systems through messaging? Answer: The assessment or care plan message will identify the author of the assessment or care plan. When the message is received into another organisation, that organisation becomes accountable for the handling of the message and the data in their system.

  14. Questions From Networking Survey Why is there an additional layer of consent for Social Care applications accessing the PDS? Answer: Original requirement from NIGB that consent should be sought before accessing any NHS Care Record Service, incl. PDS. Practical issues around recording consent prior to accessing PDS were taken to NIGB. NIGB agreed that consent does not need to be sought prior to social care accessing PDS, providing only demographic data is obtained.

  15. Questions From Networking Survey How do demonstrators propose to deal with patients who do not wish their information to be shared electronically? Answer: Need to print out and share on paper. Record in messages who information is being copied to and whether electronic or paper.

  16. Information Governance Specification for Social Care Systems Danny Solomondanny.solomon@nhs.net Technical Architect

  17. Objectives • Recap relationship between system requirements and organisational requirements • Provide clarity on IG requirements • Across the board, but focussing on C------ • Given NIGB position • Re-jigging of requirement baselines • Response to specific questions raised “It depends”

  18. Ensuring the provenance, confidentiality, integrity and availability of sensitive personal information • Driven by • The Law (Data Protection Act and others) • The Care Record Guarantee – hence patients’ expectations • The need to deliver a service that issecure, useful, and usable • Management of Risk

  19. Clinical acceptance Public confidence A balancing act… Security Confidentiality Patient empowerment Individual autonomy Informed care Clinical safety Public interest Cost NHS efficiency Simplicity Pragmatism Law

  20. Threats and vulnerabilities Building Hardware OS Internet N3 Web Tier Application Tier Mr A.N. Other 15 Acacia Avenue Sometown DOB: … NHS No: 123 456 7890 Allergies: … Medications: … History: … HIV status: … InfrastructureSupport ApplicationSupport

  21. Organisational vs. System • Organisations need to operate appropriately • IG Statement of Compliance (IGSoC) • NHS orgs, LAs, Software suppliers • NHS CFH procured/assured systems • Subject to specific IG requirements • Verified as part of CAP through NIC assurance process

  22. Overview of ESP IG Requirements Protect, Detect, Respond • Controls limiting access • Application level – who gets access, who can do what? • Controls protecting against attack • Infrastructure and process • Monitoring • What’s happening, what’s happened?

  23. Alerts Sealed Envelopes Audit Legitimate Rel. Security/Pen Testing Consent Secure Storage RBAC Secure Comms Authentication Workstation Access Registration Network Access Content Commitment IGSoC System Requirements

  24. This is me • Users are issued with Smartcards • eGif Level 3 Registration • with “role profiles” that define the posts that they occupy • this is a process – no system requirements Registration

  25. I am using this system • Systems integrate with Spine Security Broker (SSB) • Identity Agent software deployed at client workstations Authentication Registration

  26. User URP 1 Registration URP 2 Authentication SPINE SAML Spine User Directory (SUD) • Smartcard is inserted Spine SecurityBroker (SSB) URP 1 session • Session is created on SSB, IA has token ID URP 2 • Application starts – requests token ID from IA • Token validity verified with SSB • User information retrieved as a SAML assertion LOCAL SYSTEM Client app Applicationserver • Register a Token Listener RBAC IdentityAgent (IA) • Use SAML assertion to define application rights … AuthenticationArchitecture

  27. What can I do? • Controls which system functions a user can access • not “which records a user can see” • Driven by user information set up at registration • Suppliers need to map a national standard model of role and activities to local access rights RBAC Authentication Registration

  28. Id Job Role Job Role Baseline Policy from NRD Activity Area of Work Area of Work + Activity Additional Activities Additional Activities Activity Organisation Workgroups(s) URP NRDActivities Local system rights/permissions RBAC Architecture

  29. Whose records can I see? • Given access to a particular system function, which specific records can be accessed • Only permit access to records if there’s a business reason for doing so Legitimate Rel. Consent RBAC Authentication Registration

  30. Extra protection Sealed Envelopes • Allow patient control over who sees particular parts of their record Legitimate Rel. Consent RBAC Authentication Registration

  31. Consent • It can be confusing, so how to ensure that informed consent is gained? • Needs to be explainable, and explained • Backed up by other comms mechanisms • Goes hand in hand with reasonable expectations Smaller Q Smaller Q One Big Question Smaller Q Smaller Question

  32. Consent-to-share • Patient can express whether information can be shared across organisational boundaries within the NHS • outside of normal clinical communications Consent 1 2 3 RBAC Authentication Registration

  33. SCR preference • Patient can choose not to have a Summary Care Record • upload under implied consent after a public consultation • default is “ask-before-view” Consent 1 2 3 RBAC Authentication Registration

  34. Social Care consent • Express consent is required from Social Care settings prior to access to any NHS information services • Other than demographic info • Consent needed prior to sending individual documents outside an organisation Consent 1 2 3 RBAC Authentication Registration

  35. “Consent-to-share” across (legal) organisational boundaries within the NHS • SCR consent choice • Local consent to access NHS information sources for non-demographic data • Per-message consent Spine Local GP System 1 PDS ! Local System 1 2 2 ACF 4 3 2 Local System PSIS / SCR 4 3 4 3

  36. Where is it documented? • Previously, as part of the IG Baseline • Specifically, section 3.16 of the ESP IG Requirements • Now, part of HSCI Requirements Catalogue

  37. IT Security Health Check(ITSHC) Application is secure Specific Deployment Shared Infrastructure Application Security/Pen Testing Secure Storage Secure Comms Workstation Access Shared components are securely deployed Network Access Deployment is secure: under contractual obligations and/or IGSoC Content Commitment

  38. ITSHC (“penetration testing”) • Testing performed by an approved third-party, at supplier cost • NHS CFH involved at two stages: • Testing scope • Agreement of any work-off plan • It’s not a “pass” or “fail” • Understand the environment, managing any risk

  39. Check your inputs! www.xkcd.com/327

  40. Contact danny.solomon@nhs.net esp.ig@nhs.net

More Related