1 / 25

DJA – Consultancy, Bespoke & Open Courses

DJA – Consultancy, Bespoke & Open Courses . SIRO. Records Management. Privacy Impact Assessments. QoF. Data Flow Mapping.

Anita
Télécharger la présentation

DJA – Consultancy, Bespoke & Open Courses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DJA – Consultancy, Bespoke & Open Courses SIRO Records Management Privacy Impact Assessments QoF Data Flow Mapping Our courses can be tailored to your exact needs using a multitude of mediums as: bespoke, one to one coaching, consultancy, lecture based training, open courses, Desktop Drivers and e-Learning - we offer an all round solution that is second to none - none of our competitors offer a combination of these mediums. We can fulfill any training requirements providing a 'one-stop' service for different training solutions, therefore saving time resources, and money Please ask a member of the team for details and special offer.

  2. SIRO Update: further advice and guidance Dr Dilys Jones BM FRCPsych DRCOG Cert Coaching JCHPT GP Cert MBA MIoD

  3. SIRO • We are providing introductory and refresher training for Senior Information Risk Owners which we are pleased to say is: “sufficient to meet the criteria for training set out in the NHS Information Governance Toolkit” Connecting for Health • In 2009/10, this will be in conjunction with the CfH on-line SIRO assessment

  4. The three new roles in healthcare Information Asset Owner Information Asset Assistant Operating Staff

  5. Information Risk Management (IRM) Structural Model (Source:Connecting for Health)

  6. Threat and Risk

  7. Information Asset Register (CfH version)

  8. Information Asset Register: Further example in use in NHS Trust

  9. WHAT IS FORENSIC READINESS (Rowlingson)? • “Forensic readiness is a key component in the management of NHS information risk. This document explains what forensic readiness is and how it can assist information risk management within NHS organisations. It then provides guidance on what NHS organisations should use forensic readiness for and how to go about it.”

  10. Ten Steps (Rowlingson) The following ten steps describe the key activities in implementing a forensic readiness programme. 1. Define the business scenarios that require digital evidence. 2. Identify available sources and different types of potential evidence. 3. Determine the evidence collection requirement. 4. Establish a capability for securely gathering legally admissible evidence to meet the requirement. 5. Establish a policy for secure storage and handling of potential evidence. 6. Ensure monitoring is targeted to detect and deter major incidents. 7. Specify circumstances when escalation to a full formal investigation (which may use the digital evidence) should be launched. 8. Train staff in incident awareness, so that all those involved understand their role in the digital evidence process and the legal sensitivities of evidence. 9. Document an evidence-based case describing the incident and its impact. 10. Ensure legal review to facilitate action in response to the incident.

  11. Business Scenarios (Rowlingson) 1. Threats and extortion; 2. Accidents and negligence; 3. Stalking and harassment; 4. Commercial disputes; 5. Disagreements, deceptions, and malpractice; 6. Property rights infringement; 7. Economic crime e.g. fraud, money laundering; 8. Content abuse; 9. Privacy invasion and identity theft; 10. Employee disciplinary issues

  12. Forensic Readiness • One organisation was investigating an employee suspected of stealing software, customer databases, and marketing and business plans. • Employee on “gardening” leave for six weeks • No evidence to support the company suspicions. • But errors had eliminated the chance of finding any incriminating evidence. • Suspect had been allowed to keep his laptop, PDA and mobile phone. • He reformatted his desktop PC • His files on the fileserver had been removed • E-mails on the mail-server had been deleted en masse. • Back-up tapes potentially containing the files had been re-cycled. • Email could not be retrieved. • Remote access accounts were kept active. His desk had been cleared. • Forensic readiness would allow an organisation to avoid these (Wilding 2003) Question: How would you secure information that may be needed for an investigation or enquiry?

  13. Privacy Impact Assessment (PIA) • Screen all new projects to decide whether they need: • a full scale • small scale PIA • privacy law compliance check • data protection

  14. FULL SCALE PRIVACY IMPACT BRIEFING NOTE AND ASSESSMENT TEMPLATE • The template is divided into sections on: • Preliminary work, • Preparation and consultation with stakeholders, • An Annex on the consultation report • Review and Audit • Woven in is SIRO accreditation approach for new projects/services • Contact Louise Wilder

  15. Mental Capacity Act 2005 • Affects whole adult population • Responsibilities affect ALL health and social care settings • Includes financial, personal welfare and healthcare decisions • People can make decisions about their future care in advance of mental incapacity

  16. Mental Capacity Act 2005 • Arose because of the Bournewood situation • Patient was ‘deprived of liberty’ because he was under continuous supervision and control and he was not free to leave • He was also not on a section of the MHA 1983 so he was deprived of any protection under this

  17. Mental Capacity • IMCA • Protection for carers and professionals • Clarity and safeguards • Codes of Practice (s42 and s43) http://www.dca.gov.uk/legal-policy/mental-capacity/mca-cp.pdf

  18. Mental Capacity Act 2005 • Lacking capacity • If at the material time unable to make a decision for himself in relation to the matter because of an impairment of , or a disturbance in the functioning of the mind or brain • Variable: e.g. alcohol/dementia • Test

  19. Test of capacity • Understand the information • Retain the information • Process and weigh the information • Communicate the decision

  20. Capacity • Acting in the best interests • Deprivation of liberty • Advance Decisions

  21. Capacity • Deprivation of Liberty • Lasting Power of Attorney • Court of Protection • Deputies • The Public Guardian • Independent Mental Capacity Advocates • Offence • Research

  22. Why does this come within the SIRO ambit? • Also Caldicott Guardian ambit • Involves making decisions about disclosure of information when individual doesn’t have capacity • The decisions can be challenged • Also issues in relation to recording information about processes

  23. SIRO • Information about all these aspects on our web pages from next week • Also launch of the e-mail forum for IG4U at beginning of June 2009 • Further information to follow

  24. DJA – Consultancy, Bespoke & Open Courses SIRO Records Management Privacy Impact Assessments QoF Data Flow Mapping Our courses can be tailored to your exact needs using a multitude of mediums as: bespoke, one to one coaching, consultancy, lecture based training, open courses, Desktop Drivers and e-Learning - we offer an all round solution that is second to none - none of our competitors offer a combination of these mediums. We can fulfill any training requirements providing a 'one-stop' service for different training solutions, therefore saving time resources, and money Please ask a member of the team for details and special offer.

More Related