Information Governance - Supporting National Systems ASSIST North West Branch Event Wrightington Conference Centre, Wigan 24 th June 2008 Charles Yeomanson.
Post on 14-Dec-2015
220 Views
Preview:
Transcript
Information Governance - Supporting National Systems
ASSIST North West Branch EventWrightington Conference Centre, Wigan
24th June 2008
Charles YeomansonActing Director of ITcharles.yeomanson@uhcw.nhs.uk
Agenda
Information Governance requirements
NPfIT Information Governance controls
Systems/products • Review of IG controls• Future implementations
Q & A
NPfIT Information Governance Requirements
OBS
NPfIT Contract Schedule 1.7 (730.)
Care Record Guarantee (CRG)
(www.connectingforhealth.nhs.uk/crdb/docs/crs_guarantee )
Statutory/legal – DPA, Access to Health records
NPfIT IG controls
• Registration and Authentication • Role-Based Access Control (RBAC)• Legitimate Relationships and Workgroups
• Patient Consent/Dissent• Sealed Envelopes
• Audit• Alerts
NPfIT IG controls – in contextAm I who I say I am? Registration and Authentication
(Smartcard)
What types of clinical data may I access and can I update it?
RBAC
Can I access Mrs Smith’s clinical data? Legitimate Relationships and Workgroups
Can Mrs Smith prevent her clinical data being shared outside her local GP?
Consent and Dissent to data sharing
Can Mrs Smith not have a Summary Care Record?
Consent to Store (have a Summary Care Record)
Can Mrs Smith protect parts of her clinical data?
Patient “sealed envelope”
Can I find out if someone has accessed Mrs Smith’s records inappropriately?
Audit and Alerts
RBAC
• NHS Care Record Guarantee:“Show only those parts of your record needed for your care”
• Governs which functions are accessible and indirectly what type of data can be accessed
• 3 attributesJob Roles, Areas of Work, Activities
• Users must be granted relevant attributes by a trust nominated Sponsor
• Activities may be granted automatically as a result of a user’s Job Role (and Area of Work)
• Issue: Over-complexity
RBAC vision
• RBAC rationalisation (V.23, V24)• Post-based allocation of access rights • Integration of HR/RA processes/technology
Further info:-http://nww.connectingforhealth.nhs.uk/implementation/
registrationauthorities/access-control/rbac
RBAC rationalisation
Before After Reduction
Activities 340 104 236
Areas of Work 290 7 283
Job Roles 175 15 160
Patient Consent/Dissent to Share
Information sharing across organisational boundaries
NHS Care Record Guarantee: “allow you to control whether the information recorded about you by an
organisation providing you with NHS care can be seen by other organisations that are also providing you with care”
The patient consent status can have 3 values:- Consented- Dissented (implied dissent, if no NHS No.)- Not stated (implied consent)
Patient Consent/Dissent to Store
• Following promises made by Lord Warner, and the recommendations of the Ministerial Taskforce a patient may choose not to have a Summary Care record
• NHS Care Record Guarantee: “Before we create your Summary Care Record, you can decide not to have a
Summary Care Record at all.”
• If there already was one, it will no longer be visible using the CSA • Further information:
http://www.nhscarerecords.nhs.uk/patients/what-do-i-need-to-do-now/how-can-i-find-out-more/nhs-crs-summary-leaflets/summary_leaflet_online.pdf
Legitimate Relationships
• Control who has access to a patient’s clinical record • NHS Care Record Guarantee:
“allow only those involved in your care to have access torecords about you from which you can be identified, unlessyou give your permission or the law allows”
• A user cannot access a patient's clinical record without an LR• There can be more than one LR per patient• LRs have lifecycles
(creation -> status change -> expiry)• Determined by Workgroup membership• Mostly “under the bonnet”
Legitimate Relationships
Types:-• patient referral• patient self-referral• patient registration• subject access request• patient complaint or litigation• expressed Patient Consent to access • Court Order or other legal demand• GP registration
Two types of LR enable a user working in a specific context(defined by their profile) to gain access to a patient clinical record:
• Self-Claimed• Colleague-Granted.
Work Groups and LRs
Clinician permitted access as has valid LR via the
Workgroup to the patient
Patient has “Self-referral” LR with Workgroup
Clinicians may also self-claim a direct relationship not related to any Workgroups but raising an alert
WorkgroupClinician is a member of Workgroup
Receptionist may also be member of Workgroup
Parent WG
WG-2 WG-3WG-1
‘Child’ Workgroups
User permitted access as has a valid LR inherited via the Parent
Workgroup to the patient
Patient has LR with WG-1
User is member of Parent WG
Workgroup Hierarchies
• LR granularity is a local Information Governance policy issue• Keep simple initially and expand with experience
Seal and Seal and Lock
• NHS Care Record Guarantee:“Usually you can choose to limit how we share theinformation in your electronic care record which identifiesyou.”
• Enable patient to restrict access to sensitive information• Access controlled by Workgroups• A patient has two levels of dissent to share:
- Seal- Seal and Lock
• Exceptional use• Alert sent to privacy officer, if someone accesses information that
has been sealed by another Workgroup
Seal and Seal and Lock
Seal and Seal and Lock
• Smallest unit that can be sealed is - a Clinical Statement- a document (Summary Care Record)- PACS study
• Can be done at the time, or retrospectively• Acknowledged in Clinical Decision Support (CDS) and transfers
between systems• RBAC controls are required for the management of sealing • Sealed data can be accessed with patient consent or with legal
justification • Refusals carry a reason and a free text note (sent to PSIS)
Clinician Sealing
• A clinician may feel that there is some information that they should seal from the patient
• On sealing, information - is visible to all clinicians- should not be passed to PSIS- is not included in Subject Access Request/HealthSpace
• Clinician seals do not expire on the death of a patient
Use of Clinician Sealing
Clinician seals can be used when:-• the disclosure of information is likely to cause serious harm• a child or person lacking competence has requested that the
information is not disclosed to their guardian• confidential 3rd party information is present• a patient has explicitly asks not to know about it• Information needs to be temporarily withheld, which might
otherwise alarm the patientTest results will be automatically withheld for a standard period of
time
Audit
• NHS Care Record Guarantee:“keep a note of everyone who accesses the records about you”“Every time someone accesses your record, we keep a record of who they
were and what entries they may have made.”
• Who has done what, when and to whose record• Audit of creation, viewing, updates and soft deletions of records• Outputs and configuration changes• Contractual requirement, but different degrees of implementation• Current systems mainly lack user reporting capability • Comprehensive audit functionality in Lorenzo Rel. 1 • Currently work being undertaken with suppliers on national audit
Alerts• NHS Care Record Guarantee:
- “There may be times when someone will need to look at- information about you without having been given- permission to do so beforehand. This may be justifiable, for- example, if you need emergency care. We will tell you if the- action cannot be justified.”
• Privacy Officer alerted when anyone accesses sealed information without (electronic) permission, with or without patient consent
• Patients must be alerted (via HealthSpace) of any:- change in sealing status- access that triggers an alert
• Alerts are through TES (Transaction Event Service)• Generated now for Self-claimed LRs with Clinical Spine Application (for
accessing PSIS with Spine release 2006-B)
IG Controls – Some NW SystemsSystem RBAC Consent to
ShareConsent to
StoreLegitimate
RelationshipsSealing
iPM √ √ - - -
LE2.2 √ √ - √(local - Trust level)
-
Lorenzo Release 1
√ √ * - √(National)
-
Lorenzo Release 2
√ √ √ √(National)
√
Theatres(ORMIS)
√(local)
- - - -
Maternity (Evolution)
√(local)
- - - -
Child Health (CH2000)
√(National from
Q3 08)
-(local, not
shared)
- √(local – Q1 09)
-
PACS/RIS R1 (GE/HSS)
√(Local)
- - - -
PACS/RIS R2/3
√ √ ? √(Security Rel – 09)
-
Data Sharing with Lorenzo
• NME single database instance• Data sharing from Release 2 onwards• Require LRs to control access• LRs require PDS-traced NHS number• Must acknowledge Consent to Share• Access to untraced patients in the MPI restricted
to the organisation that created them
Lorenzo Releases – Functional Summary
Releae 4
GP
Mobility
Commissioning
Device Integration
Protocols
Integrated Care Pathways
Interactive Charting
Tray/Instrument Management
Surveillance & Screening
Document Mgmnt Integration
Stock Management
Non -Patient Requests
Requests & Results
Task Management
EPR Views
Clinical Documentation
Clinical Coding (inc SNOMED)
Core LORENZO Framework
LRS
Multi -Campus
Inbound ADT Messages
Emergency Care
Daycare Management
Patient Confidentiality
Referrals
Access Planning
Inpatients
Coding and Grouping
Contact Management
Patient Identity including PDS
Outpatients
Contract Management
Document Tracking
Caseload Management
Care Plans
TTO/OPD Prescribing
Mental Health Administration Act
Mental Health Reviews & Tribunals
PSIS View & Initial PoC
Consent to Treatment
Inpatient Prescribing
Theatres
Maternity
Medication Administration
Multi -Resource Scheduling
Advanced Bed Management
Social Care Messaging
Enhanced PSIS
Inbound ADT Messages
Release 1
Release 2
Release 3
Release 4
GP
Mobility
Commissioning
Device Integration
Protocols
Integrated Care Pathways
Interactive Charting
Tray/Instrument Management
Surveillance & Screening
Document Mgt Integration
Stock Management
Non -Patient Requests
Requests & Results
Task Management
EPR Views
Clinical Documentation
Clinical Coding (inc. SNOMED)
Core LORENZO Framework
LRs
Multi -Campus
Inbound ADT Messages
Emergency Care
Daycare Management
Patient Confidentiality
Referrals
Access Planning
Inpatients
Coding and Grouping
Contact Management
Patient Identity including PDS
Outpatients
Contract Management
Document Tracking
Caseload Management
Care Plans
TTO/OPD Prescribing
Mental Health Administration Act
Mental Health Reviews & Tribunals
PSIS View & Initial PoC
Consent to Treatment
Inpatient Prescribing
Theatres
Maternity
Medication Administration
Multi -Resource Scheduling
Advanced Bed Management
Social Care Messaging
Enhanced PSIS
Inbound ADT Messages
SystmOne Integration
Workgroups and LRC Artefacts
NHS Trust
NHS Trust
Clinics
Specialties
Oncology
Antenatal
Dermatology
Seafield
LandscaleOncology
Cardiology
Dermatology
SF1
SF2
SF3
SDS Workgroup Hierarchy
NT1
NT2
NT3
OncologyNT1
SeafieldOncology
ClinicSF3CL1
Oncology
Oncology
Clinics
Registered Users
1st Wednesday Team
3rd Wednesday Team
Users can be grouped into teams and associated with
artefacts
LorenzoOperational
Artefact
Associating an Artefact with a Workgroup
enables record access control in the
application workflow
SF3 SF3
Deployment of Legitimate Relationships
• Can be enabled on a Trust by Trust basis subject to the consent of each individual Trust.
• The design of LORENZO allows a CSC administrator to turn on LR creation and update separately to
• Turning on LR confirmation for each NHS Trust that is going to support use of legitimate Relationships at Release 1.
Q&A ?
Update on SHA-Hosted PCT Events
• Pilot consultation January• 10 events February• Follow-up March
Attendees:-Heads of IG, IM&T, Information Security, Compliance & Governance, Performance & Information, RA Managers, Auditors, Data Quality, Primary Care Facilitators, … and a Caldicott Guardian
Update on SHA-Hosted PCT Events
SHA No. of PCTsNo. of PCTs
attendedNo. of
delegates
East Midlands 9 8 12
East of England 15 14 22
London 31 19 30
North East 12 12 8
North West 24 21 39
South Central 9 9 17
South East Coast 7 6 16
South West 14 13 14
West Midlands 17 14 28
Yorkshire and the Humber 13 13 21
TOTAL 151 129 207
SHA-Hosted PCT Events – Issues Raised
Operating Model/Implementation Support:• Mis-alignment of IM&T DES and IGT
• Lack of resources• Lack of skills/vacancies• Lack of importance given to IG • Variety of job roles/fragmentation of IG• Lack of national direction• Inaccuracy/lack of clarity around IGT• Lack of IG training• Lack of Tracking Database training
SHA-Hosted PCT Events – Issues Raised
Communications:• Lack of internal comm’s to PCT and via SHA• Lack of mandate to communicate to GPs
SHA-Hosted PCT Events – Suggestions
Materials:• SoC in a Box• Checklist of actions for PCTs• Timeline of activities for PCTs
SHA-Hosted PCT Events – Suggestions
Events:• IGSoC team to attend IG forums • Hold National IG forum• IGSoC team to attend regional PRIMIS forums to make
facilitators aware of latest developments • Include rep from DIPU in future events • Include someone who has successfully tested things out to share
lessons learnt in future events• Hold workshops for PCTs to share best practice
SHA-Hosted PCT Events – Suggestions
Communications:• More regular comms (mailing lists)• Sharepoint site for SHA• Membership and contribution to eSpace• Be more interactive with GPs / give them more info of IGSoC
requirements• Contact IGT administrators directly • Establish communication links with PCTs
SHA-Hosted PCT Events – Contacts
David Stone – Communications Managerdavid.stone@nhs.net
Jan Birley - Migration Managerjan.birley@nhs.net
IGSoC Team0113 397 3646IGSoC@nhs.net
top related