ICO reports on community healthcare providers’ data handling

Summary

  • 5 Tips Issued.
  • More than 250,000 people are employed to deliver community healthcare services in England.

Original Author: ICO
Original Link: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2015/01/ico-reports-on-community-healthcare-providers-data-handling/

Content

The Information Commissioner’s Office (ICO) has today published a report looking at how community healthcare providers approach data protection.

Community providers are an increasingly important part of the NHS, providing cradle to grave services worth over £11 billion a year. But they often involve staff working at remote locations or off-site entirely. This brings particular data protection challenges.

The report provides an analysis of data breaches in the sector that shows a trend of information being ‘disclosed in error’ – a problem that can be addressed by following the tips in the report.

The ICO good practice team’s programme of audit and information risk reviews from October 2013 to date included four audits and three information risk reviews of community health providers. That experience informed the top five tips included in the report:

  1. Know what you hold and where: be aware of what personal data you hold, and map where it goes.
  2. Ensure staff awareness of basic security: this is key to reducing the number of serious data breaches.
  3. Don’t forget training: the off-site nature of work of a large number of community healthcare roles means there can be a low uptake of training.
  4. Develop guidelines for taking patient information off site: this is clearly an area of information risk, and it is key that staff are thinking about how information is looked after when it leaves the office.
  5. Ensure central oversight of the records management process: the wide geographic area covered by many providers means records management can be fragmented and inconsistent.

Extract from Report:

We [ICO] analysed reports made by community healthcare providers between June 2013 and June 2014. We excluded mental health trusts, as these are not always solely community healthcare providers, and can face different information governance challenges.

The most striking – and reassuring – finding was that only 8 per cent (34) of all of the reports the ICO saw related to community health providers. We also found:

  • 24 of these related to paper based information
  • Only 5 of these related to deliberate or reckless disclosure or
    unauthorised access. Most related to information lost, disclosed or mislaid in error.
  • 10 related to digital information, of which 9 were categorised as
    disclosed in error
  • In cases where electronic information was involved, more
    information was generally disclosed per breach reported.