All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form.These are the 10 data standards recommended by the National Data Guardian for Health and Care that all health and care organisations are now required to follow. They must also report data security incidents and near misses to CareCERT, the document says. Practices will be required to maintain a business continuity plan that includes details of how it plans to respond to data and cyber security incidents. Practices will be required to comply with the agreed action plans ‘to meet their responsibilities described in the CCG-Practice Agreement’.ĬCGs are also expected to identify any ‘unsupported systems’ in practices, which includes software, hardware and applications, and have a plan in place to ‘replace or actively mitigate and actively manage the risks associated’ with these. The DH guidance also says that CCGs will have ensure that IT suppliers undertake ‘on-site cyber and data security’ assessments in all supported practices. As part of this, practices will need to appoint a data protection officer.
Practices will also have to complete a checklist, due to be published by NHS Digital, to ensure that they are correctly implementing the new EU-wide General Data Protection Regulation, which comes into effect in May 2018 and replaces the Data Protection Act. GP information governance services will be commissioned and made available to support practices in this, the new advice says. The CQC will assess whether practices are following the standards when it considers data security during its inspections.įrom 2018/19 the Information Governance Toolkit, which lists governance standards that practices currently are required to meet, will be replaced by a ‘new approach to measure progress against the 10 data security standards’. However, it adds that some of the requirements will be implemented by their commissioning organisation. The guidance says that practices must comply as ‘part of the data security and protection requirements’ set out in their contracts.
Guidance published this week set out steps practices should take to meet the standards. Practices have until the end of the 2017/18 financial year to meet 10 data security standards recommended by national data guardian Dame Fiona Caldicott in July last year.
0 kommentar(er)
